FAA Network Hacked
Date: 2/12/2009 9:25 am
Rating: 1 Rate [ | ]
The Federal Aviation Administration has joined the growing list of government agencies that have had their supposedly safe systems hacked. The agency this week notified about 45,000 employees that one of its servers was hacked into and employee personal identity information was stolen.
The FAA was quick to say the server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system. It did say two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA's rolls as of the first week of February 2006.
On the agency's Web site it states: The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information. The agency is also providing a toll-free number and information on the employee website for those who believe they may be affected by the breach.
Such breaches are seemingly commonplace on government networks. A Government Accountability Office report last year found that only 2 of 24 agencies it had implemented all of the security requirements mandated by the Office of Management and Budget last year to protect personal information.
According to the GAO report the Treasury Department and the Department of Transportation had implemented the strongest security while National Science Foundation and the Small Business Administration were worst.
The federal government has seen significant exposures of personally identifiable information in the past few years. According to a 2006 congressional staff report, since January 2003, 19 departments and agencies reported at least one loss of personally identifiable information that could expose individuals to identity theft.
According to the GAO report, a series of data breaches at federal agencies have involved system intrusion, phishing scams, and the physical loss or theft of portable computers, hard drives, and disks. During fiscal year 2006, federal agencies reported a record number of incidents to the US Computer Emergency Readiness Team (US-CERT). For example, in 2006 there were 5,146 incident reports-a substantial increase over the 3,569 incidents reported in 2005. During this period, US-CERT recorded a dramatic rise in incidents where either physical loss or theft or system compromise resulted in the loss of personally identifiable information.
In January, the GAO targeted the IRS saying that while the agency has made some progress in protecting and securing its data, the IRS continues to jeopardize the confidentiality, integrity, and availability of financial and sensitive taxpayer information.
Also in January, the GAO stated: Federal agencies have made progress in strengthening information security. The administration has also launched several initiatives that are intended to improve security over federal systems, such as establishing security configurations for desktop computers and reducing the number of federal access points to the Internet. However, most agencies continue to experience significant deficiencies that jeopardize the confidentiality, integrity, and availability of their systems and information. For example, agencies did not consistently implement effective controls to prevent, limit, and detect unauthorized access or manage the configuration of network devices to prevent unauthorized access and ensure system integrity. Until agencies implement the hundreds of recommendations made by GAO and their inspectors general to resolve identified deficiencies and fully implement effective security programs, a broad array of federal assets and operations will remain at unnecessary risk of fraud, misuse, and disruption.