|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Defense told to improve computer security coordination
From: InfoSec News (isn
C4I.ORG)
Date: Mon Apr 02 2001 - 16:27:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.govexec.com/dailyfed/0401/040201j1.htm
By Joshua Dean
jdeangovexec.com
April 2, 2001
The Defense Departments ability to prevent, detect and respond to
cyberattacks is getting better, but military officials still face
numerous security challenges, the General Accounting Office concludes
in a new report.
Defense has set up numerous computer emergency response teams and
communication methods for alerting systems administrators to security
problems and solutions. Every day, Defense identifies thousands of
intrusions into computer systems and other problems. In 1999, the Air
Force, Army and Navy reported a total of 600 attacks. That number grew
to 715 in 2000.
If successful, these attacks could result in the loss or corruption of
critical data, damage to information systems, or disruption of
military operations, said Robert Dacey, GAOs director for information
security issues, in the report, Information Security: Challenges to
Improving DoDs Incident Response Capabilities (GAO-01-341).
While the report recognized Defenses strides in protecting its more
than 2.5 million computer systems and 10,000 local area networks, it
recommended greater departmentwide coordination and cooperation on
information security.
GAO said that Defenses attempts at resource planning for security are
not yet adequately coordinated. Plus, data produced by intrusion
detection systems and firewalls are not shared departmentwide so that
potential intrusions can be better identified and tracked.
GAO also said that Defense has come up short when it comes to
systematically reviewing systems for security holes. Furthermore,
Defense does not adequately monitor specific units compliance with
information security procedures and vulnerability alerts.
Defense officials have reported that they are developing central
databases to track cyber intrusions and security holes. They are also
creating a set of common terms for reporting events, identifying
security gaps and prioritizing systems for vulnerability reviews.
GAO recommended that Defense speed its current activities and create a
systematic process for vulnerability assessments. GAO also counseled
Defense to pay attention to the result of such assessments to ensure
that recommended repairs have been made and have been applied to all
similar systems throughout the department.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]