OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] OT? US Gov cyber insecurity incidents

From: Al Mac (macwheel99sigecom.net)
Date: Mon May 07 2007 - 23:07:53 CDT


Here's the report card (PDF) that The House Committee on Oversight and
Government Reform issues each year on cyber security at various government
agencies.
http://republicans.oversight.house.gov/Media/PDFs/FY06FISMA.pdf

In the wake of the VA incident, The House Committee on Oversight and
Government Reform asked all federal agencies for details on any other
incidents involving loss of personal sensitive information. They learned
about 788 incidents Jan 2003-July 2006. By my math, that's more than one
every other day on average.

I saw an article about this & went hunting for original source (url below).
Well looks like this data was gathered about a year ago, but then in some
cases more info came out that showed the data was incomplete.

Every federal angency has computer security breaches.
They do not always know what data has been lost.

The vast majority of the breaches are the loss of hardware, such as theft
of laptops.
Many of the breaches are by private contractors.

Dept of Agriculture 8 incidents
Dept of Commerce 297 incidents
Dept of Defence 43 incidents
Dept of Education 41 incidents
Dept of Energy 7 incidents
Dept of Health & Human Services 24 incidents

Dept of Homeland Security 6 incidents but the committee continues to ask
hard questions
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=9&issue=36&rss=Y#sID202

Dept of Housing and Urban Development 1 incident
Dept of Interior 8 incidents
Dept of Justice 2 incidents
Dept of Labor 3 incidents

Dept of State 1 incident but got grade F for cyber security from House
Commitee on Oversight etc.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1251763,00.html

Dept of Transportation 1 incident ... a subsequent FOIA inquiry found out a
ton of other incidents

Dept of Treasury 340 incidents
Dept of Veteran Affairs ... hundreds of incidents
Office of Personnel Management 3 incidents
Social Security Administration 3 incidents

example incidents are given on each agency

http://209.85.165.104/search?q=cache:etHfNZnxgEUJ:oversight.house.gov/Documents/20061013145352-82231.pdf+Oversight+Reform+compromise+sensitive&hl=en&ct=clnk&cd=2&gl=us

Systemic failure at the White House protecting classified information..
http://oversight.house.gov/story.asp?ID=1264

_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 649 incidents over 7 years.