Government agencies are spending billions on technology for homeland security, yet system vulnerabilities are increasing exponentially, agency representatives told a Congressional panel this week. Incidents due to security weaknesses in computer systems in the U.S. have skyrocketed from about 9800 in 1999 to more than 137,500 in 2003, according to the U.S. Computer Emergency Response Team (CERT) at Carnegie-Mellon University--so reports Robert Dacey, director of information security issues in the General Accounting Office. The GAO prepared a status report on how government agencies and departments are progressing with software patches and other protection measures against cyberattacks.
Government computers are still susceptible to cyberattack, and the more that systems are interconnected, the greater the risk, according to agencies at the hearing. The $60 billion budgeted for technology for homeland security is a waste if systems remain vulnerable, agency representatives told the House subcommittee hearing. Patches are irrelevant if they arent applied everywhere, they noted. If one weak system is unpatched, the patched systems remain at risk of a cyberattack. The sophistication and effectiveness of cyberattacks has steadily advanced, Dacey told the subcommittee. The GAO report also estimates that 80 percent of security incidents go unreported. The data was gathered with the help of CERT, which is teaming with the Department of Homeland Security on cybersecurity issues.
News source: PCWorld.com