According to a new report by the Government Accountability Office (GAO), digital attacks on the federal government have risen dramatically in the last 6 years. While that itself is not surprising (would you have expected them to go down?), the jump in frequency is troubling.
The GAO report states that “the number of incidents reported by federal agencies to the federal information security incident center has increased” by nearly 680%, over the past 6 years. In numerical terms, some 42,887 incidents were recorded in 2011, up from just 5,503 in 2006. However, it should be noted, as is footnoted in the GAO report, that improved detection has led to some of the percentage gain figure.
Now, what’s the threat here? Why does the number of attacks matter? Well, as you well know, the government has huge amounts of information that could be of great use to those not aligned with its interests.
The report summarizes the theoretical threat well:
The threat posed by cyber attacks is heightened by vulnerabilities in federal systems and systems supporting critical infrastructure. Specifically, significant weaknesses in information security controls continue to threaten the confidentiality, integrity, and availability of critical information and information systems supporting the operations, assets, and personnel of federal government agencies.
In fiscal 2011, 18 of 24 federal government self-reported to have “inadequate information security controls for financial reporting,” just by way of an example.
Now, as you surely know, there is a bill in Congress right now that is supposed to combat just this sort of threat, the Cyber Intelligence Sharing and Protection Act (CISPA). I won’t say that the timing of the release of this report was planned to coincide with the contentious voting on CISPA (as that would be mere conjecture), but it sure as heck won’t hurt.
Proponents of CISPA are touting just the sort of threats that the GAO detailed as reason that the bill is critical beyond reproach. Privacy advocates are in up arms over the bills power to pass consumer information to the government. Opposition has expanded to the point that an amendment is being drafted to answer some complaints. In a coming post, I’ll discuss the reaction of certain advocacy groups to that amendment. For TNW’s take on CISPA, head here.
However, for the moment, let it suffice to say that as we all expected, ‘cyber attacks’ are on the rise, as the power of the Internet gives less wealthy countries a potential weapon.