RealTime IT News

Feds Fight to Plug Security Holes

President Obama's recent order of an immediate two-month review of the federal government's cybersecurity plans apparently can't come fast enough. The federal government, dogged by computer security issues over the years, was hit by two more incidents this week.

One occurred at the Federal Aviation Administration (FAA), where data of 49,000 people were stolen during a data breach. The other occurred at the Los Alamos National Laboratory (LANL) in New Mexico, which is undergoing a security shakeup following the discovery that a total of 90 computers were reported missing or stolen over the past year.

Experts have been calling for an overhaul of federal computer security practices.

The latest incidents, which occurred at organizations which should have had a higher level of security, make it look as if things have not improved over the past four years. In 2005 and 2006, the Department of Homeland Security suffered 844 security breaches, leading a House subcommittee to accuse DHS CIO Scott Charbo of not doing his job during a hearing in 2007.

In the FAA breach, which could impact 49,000 people, data was stolen from 48 files on one server, FAA spokesperson Laura Brown told InternetNews.com. Two of the files combined had data on 49,000 employees.

One had names and social security numbers of 45,000 employees who joined the FAA on or after February 1, 2006. The other had names and encrypted medical information of 4,000 employees in the FAA's safety organization but did not contain any social security numbers, Brown said.

The remaining files have data that is either in the public domain or non-private data, Brown said. The FAA has notified those affected, and will offer them free credit monitoring. It is working with the FBI and the Department of Transportation's inspector general to investigate the breach.

Brown said the FAA was alerted February 1 by the Department of Transportation's cybersecurity monitoring system about the breach, and it took about a week to determine what data had been taken. Employees were notified a week later, this past Monday. No FAA operational systems appear to have been breached, Brown said. Since the breach occurred, the FAA has begun tightening up its security, Brown said.

Next page: Do you know where your computers are?