Few war-induced attacks, feds say

With the war in Iraq commencing last week, federal agencies were poised for possible cyberattacks on critical information systems from tech-savvy political activists and possibly from hostile countries, but few materialized or made it through agencies' cyberdefenses, federal information technology managers said.

The launch of the U.S.-led war prompted "hacktivists" — hackers who attack government computer systems to send a political message — to deface Web sites worldwide with anti-war slogans. Some reports said that a Navy site and an Agriculture Department site were defaced, and a hacker gained control of an unidentified military Web server by exploiting a vulnerability in Microsoft Corp.'s Windows 2000 operating system.

But IT managers said few attacks were successful because federal agencies — which have been on heightened alert since the Sept. 11, 2001, terrorist attacks — have installed the latest security software and hardware to secure networks and have assigned personnel to monitor networks for attacks and intrusions.

For example, IT officials at the Bureau of Customs and Border Protection saw some denial-of-service attacks but no serious attempt to break into its systems last week. "Nothing really has occurred," said Woody Hall, former chief information officer at the Customs Service, which recently moved to the Homeland Security Department (DHS).

During the past three years, Customs installed firewalls, developed and followed better Internet security practices, installed monitoring software to detect anomalies and worked closely with the Federal Computer Incident Response Center (FedCIRC) to install software patches and defenses. "It takes money and the right kind of people," Hall said.

Prior to the war's outbreak, DHS set up an incident response center, which has seen two or three minor incidents but no attacks, said Steve Cooper, the department's CIO. "It went smoothly. [Incidents] were responded to. There was no damage."

The reports are good news for agencies, which have been criticized for poor security management practices. In November 2002, former Rep. Stephen Horn (R-Calif.) gave two-thirds of the 24 agencies he graded an F for their security practices. The Bureau of Indian Affairs at the Interior Department is still disconnected from the Internet after an outside security firm proved it could easily hack into a computer system that manages Indian trust funds.

The Transportation Security Administration also reported positive results. "There is nothing significant to really report," said Joe Peters, IT services and infrastructure leader at TSA.

The Department of Health and Human Services saw no significant attacks either. HHS is working "with DHS, [the Office of Management and Budget] and the FBI in the continuous monitoring of [our] networks, looking for hacking and cyberhacking attempts," said spokesman Bill Hall.

Agency officials didn't feel it was necessary to implement any new security policies once the war started. "We've been very vigilant about hacking attempts on our systems for a long time," Hall said, citing an attempt by Chinese hackers to attack the HHS system a couple of years ago.

FedCIRC, which tracks cyberattacks on federal information systems, reported no unusual increase in attacks governmentwide. Sallie McDonald, who oversees FedCIRC, said the center expected an increase in attacks once the war started, but as of late Friday, no increase materialized. "We have been much more vigilant, but we have not seen any increased activity," she said.

The security consulting firm mi2g Ltd. reported March 21 that companies were seeing more cyberattacks and that government and military systems were "also being targeted but in smaller numbers," according to a company statement.

Mi2g officials attributed the low number of attacks on federal Web sites and servers to the government's increased investment in security, a fear among hackers that they could be caught and prosecuted, and their desire to hurt the economy by attacking .com rather than .gov and .mil sites.

Alan Paller, director of research for the SANS Institute, an information security education and consulting organization, said that enhanced security has made it more difficult for cyberattackers to wreak havoc on government sites. "The number of people watching [network] traffic and the skill level of people [are] up," he said.

IT managers in the Navy also have "hardened" their systems against attack during the past several years. "There's definitely a heightened sense of awareness on the part of everybody, but we have been working really hard over the last several years to put into place a robust structure from the standpoint of information security, threat levels and those sorts of things," said Dave Wennergren, the Navy Department's CIO.

Strong security was one of the top requirements of the $8.8 billion NMCI contract from the outset, said Capt. Chris Christopher, NMCI staff director. "These are the proper security measures from their perspective, so in that sense, we are not doing anything differently because of any current events or situations."

Dan Caterinicchia, Diane Frank, Matthew French, Judi Hasson, Allan Holmes, Megan Lisagor and Sara Michael contributed to this story.