Cyber threats to federal computer systems and cyber-based critical infrastructures are evolving and growing. These threats can be unintentional and intentional, targeted or non-targeted, and can come from a variety of sources, such as foreign nations engaged in espionage and information warfare, criminals, hackers, virus writers, and disgruntled employees and contractors working within a targeted organization.
Moreover, these groups and individuals have a variety of attack techniques at their disposal, and cyber exploitation activity has grown more sophisticated, more targeted, and more serious. As government, private sector, and personal activities continue to move to networked operations, as digital systems add ever more capabilities, as wireless systems become more ubiquitous, and as the design, manufacture, and service of information technology have moved overseas, the threat will continue to grow.
In the absence of robust security programs, agencies have experienced a wide range of incidents involving data loss or theft, computer intrusions, and privacy breaches, underscoring the need for improved security practices. These developments have led government officials to become increasingly concerned about the potential for a cyber attack.
According to Government Accountability Office reports and annual security reporting, federal systems are not sufficiently protected to consistently thwart cyber threats.
Serious and widespread information security control deficiencies continue to place federal assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, sensitive information at risk of inappropriate disclosure, and critical operations at risk of disruption.
For example, over the last several years, most agencies have not implemented controls to sufficiently prevent, limit, or detect access to computer networks, systems, and information, and weaknesses were reported in such controls at 23 of 24 major agencies for fiscal year 2008.
Agencies also did not always configure network devices and service properly, segregate incompatible duties, or ensure that continuity of operations plans contained all essential information. An underlying cause for these weaknesses is that agencies have not yet fully or effectively implemented key elements of their agency-wide information security programs.
To improve information security, efforts have been initiated that are intended to strengthen the protection of federal information and information systems. For example, the Comprehensive National Cybersecurity Initiative was launched in January 2008 and is intended to improve federal efforts to protect against intrusion attempts and anticipate future threats.
Until such opportunities are seized and fully exploited and recommendations to mitigate identified control deficiencies and implement agencywide information security programs are fully and effectively implemented, federal information and systems will remain vulnerable, according to GAO analysts.
Jim Kouri, CPP, is founder and CEO of Kouri Associates, a homeland security, public safety and political consulting firm. He’s formerly Fifth Vice-President, now a Board Member of the National Association of Chiefs of Police, an editor for ConservativeBase.com, a columnist for Examiner.com, a contributor to KGAB radio news, and news director for NewswithViews.com.
He’s former chief at a New York City housing project in Washington Heights nicknamed “Crack City” by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at St. Peter’s University and director of security for several major organizations. He’s also served on the National Drug Task Force and trained police and security officers throughout the country.
Kouri appears regularly as on-air commentator for over 100 TV and radio news and talk shows including Fox News Channel, Oprah, McLaughlin Report, CNN Headline News, MTV, etc.
To subscribe to Kouri’s newsletter write to COPmagazine@aol.com and write “Subscription” on the subject line.
