Source: Dark Reading - Posted by Eckie Silapaswang
The United States is vulnerable to a "strategically crippling cyber attack" by enemies around the world, experts told Congress yesterday.
Testifying before the House Committee on Homeland Security, high-profile experts said the federal government's cyber defenses have become dated and may leave the country open to an attack -- "not by a conventional weapon, but by a cyber weapon."
A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government's network.
In the first public account revealing details about the intrusion and the government's hurried behind-the-scenes response, a senior State Department official described an elaborate ploy by sophisticated international hackers. They used a secret break-in technique that exploited a design flaw in Microsoft software.
Despite some improvements, the State Department still falls short in its information security efforts, according to a new report from Inspector General Howard J. Krongard.
Nearly half of the 34 departmental posts and bureaus audited by the inspector general from April to September 2006 displayed shortcomings in IT security, according to the report.
After an auditor found serious security problems in the way it handled sensitive data on laptops, the Internal Revenue Service said it will have all laptops encrypted within the next few weeks.
Speaking in an interview with National Public Radio over the weekend, Internal Revenue Service Commissioner Mark Everson said his organization was making the effort following a recently released audit that found unencrypted data on a large percentage of IRS laptop computers.
The government is taking some cautious steps toward what has been called Web 2.0, letting users contribute to rather than merely browse agency Web sites.
The Patent and Trademark Office is piloting a program to invite online comment on patent applications. And the Federal CIO Council's Semantic Interoperability Community of Practice uses wiki software so that attendees and presenters can post material about the group's monthly meetings.
Male. Between 30 and 50 years old. Residing in California, Texas, Florida or New York. That's the most likely profile for a 2006 victim of web-based crime, according to a report from the FBI and the National White Collar Crime Center.
The Internet Crime Complaint Center (IC3) processed 10 percent fewer cybercrime complaints last year than during 2005, according to the report. The amount of money lost, however, increased.
The total dollar loss from all referred cases was more than $198 million for 2006, a $15 million increase from the year before.
Supporters of the Spy Act hope that the bill's third time is a charm.
On Thursday, the anti-spyware bill--which has twice passed the U.S. House of Representatives only to be rejected by the Senate--got its third hearing in the House Subcommittee on Commerce, Trade and Consumer Protection.
The unwanted programs, in addition to stealing a victim's data, could also make an innocent PC user appear guilty of a crime. In Connecticut, a substitute teacher has been found guilty of four counts of risk of injury to a minor after her classroom PC started displaying pornographic pop-up ads. A forensic investigator working for the defense found that the computer had been significantly compromised by spyware programs, and security researchers have criticized the prosecution for not adequately investigating the digital evidence. The teacher is scheduled to be sentenced at the end of March.
The Internet's key site identity system is in mounting danger from new techniques that could cause havoc by turning it into a free-for-all market, the World Intellectual Property Organization warned on Monday.
And the United Nations' agency said the latest trends in registering top-level domain names (TLDs) could undermine dispute procedures under which patent holders can pursue "cybersquatters."
As reports of cybersecurity incidents grow, U.S. Department of Homeland Security officials plan to improve their ability to work on the problem face to face with private-sector experts.
The DHS plans to collocate private-sector employees from the communications and IT industries with government workers at the U.S. Computer Emergency Readiness Team (US-CERT) facility here, said Gregory Garcia, assistant secretary of cybersecurity and telecommunications at the DHS.
The Health and Human Services Department needs to exert stronger leadership in determining how to apply privacy to health IT initiatives. The agency is only in the early stages of privacy efforts and its plans are unclear, the Government Accountability Office said.
HHS needs a comprehensive approach as part of its national strategy for health IT, including detailed plans, milestones and mechanisms to monitor the progress of privacy and other health IT developments, said David Powner, GAO’s director of IT Management Issues, in GAO’s report and before lawmakers.
