SAN FRANCISCO - Corporate America is getting better about telling the U.S. government about serious security incidents, according to an official from the U.S. Department of Homeland Security (DHS).
In 2006, companies, universities and government agencies reported 23,000 incidents to the U.S. Computer Emergency Readiness Team (US-CERT), up from 5,000 reported in 2005, Jerry Dixon, deputy director of the DHS's National Cyber Security Division (NCSD), said at the RSA Security Conference on Wednesday. So far, in the first quarter of 2007, more than 19,000 incidents have been reported to US-CERT, Dixon said.
"Increasingly, the private sector is reporting these incidents," Dixon said during a session here. "We are getting a much better picture than what we use to get at the DHS."
The U.S. government's cybersecurity efforts have grown more organized over the last year. In September, the Bush Administration appointed Gregory Garcia, a former technology-industry lobbyist, to become the first Assistant Secretary for Cyber Security and Telecommunications, a position that remained vacant for over a year. The agency completed its first international cybersecurity exercise to improve the nation's response to an attack, but did not received a passing grade in the annual scoring of federal security efforts.
The data on incident reporting came the day after a serious attack on the Internet's core domain name service (DNS) systems disrupted two of the root servers and attacked a third. DHS officials dismissed the attacks.
"This is getting a lot of press attention, but for us it's kind of like, who cares?" Mike Witt, deputy director of US-CERT, told SecurityFocus. "No Internet users were impacted by the attacks and the Department of Defense had no degradation of their operations."
Posted by: Robert Lemos