BreachExchange mailing list archives
OT? US Gov cyber insecurity incidents
From: Al Mac <macwheel99 () sigecom net>
Date: Mon, 07 May 2007 23:07:53 -0500
Here's the report card (PDF) that The House Committee on Oversight and Government Reform issues each year on cyber security at various government agencies. http://republicans.oversight.house.gov/Media/PDFs/FY06FISMA.pdf In the wake of the VA incident, The House Committee on Oversight and Government Reform asked all federal agencies for details on any other incidents involving loss of personal sensitive information. They learned about 788 incidents Jan 2003-July 2006. By my math, that's more than one every other day on average. I saw an article about this & went hunting for original source (url below). Well looks like this data was gathered about a year ago, but then in some cases more info came out that showed the data was incomplete. Every federal angency has computer security breaches. They do not always know what data has been lost. The vast majority of the breaches are the loss of hardware, such as theft of laptops. Many of the breaches are by private contractors. Dept of Agriculture 8 incidents Dept of Commerce 297 incidents Dept of Defence 43 incidents Dept of Education 41 incidents Dept of Energy 7 incidents Dept of Health & Human Services 24 incidents Dept of Homeland Security 6 incidents but the committee continues to ask hard questions http://www.sans.org/newsletters/newsbites/newsbites.php?vol=9&issue=36&rss=Y#sID202 Dept of Housing and Urban Development 1 incident Dept of Interior 8 incidents Dept of Justice 2 incidents Dept of Labor 3 incidents Dept of State 1 incident but got grade F for cyber security from House Commitee on Oversight etc. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1251763,00.html Dept of Transportation 1 incident ... a subsequent FOIA inquiry found out a ton of other incidents Dept of Treasury 340 incidents Dept of Veteran Affairs ... hundreds of incidents Office of Personnel Management 3 incidents Social Security Administration 3 incidents example incidents are given on each agency http://209.85.165.104/search?q=cache:etHfNZnxgEUJ:oversight.house.gov/Documents/20061013145352-82231.pdf+Oversight+Reform+compromise+sensitive&hl=en&ct=clnk&cd=2&gl=us Systemic failure at the White House protecting classified information.. http://oversight.house.gov/story.asp?ID=1264 _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 207 million compromised records in 649 incidents over 7 years.
Current thread:
- OT? US Gov cyber insecurity incidents Al Mac (May 08)