Government Reports Cybercrime Poses National RiskGovernment Reports Cybercrime Poses National Risk

A government study showed that while cybercrime is posing a risk to national security and the U.S. economy, law enforcement still lacks the technical capabilities to tackle it.

The Government Accountability Office reported on Tuesday that public and private sectors face numerous challenges to secure cyberspace, both in operational security and in law enforcement. The GAO report also noted that the commercial and the government sectors are struggling to detect and report cybercrime. IT managers, according to the report, are wrestling to implement stronger security, while law enforcement is fighting a growing problem -- one that is especially strong outside of U.S. borders and out of the government's usual legal reach.

"When it comes to cyber, we have two worlds to secure -- the public and the private sector," said Congressman Bennie G. Thompson, D-Miss., in a written statement. "In order to provide leadership to the private sector, the Department of Homeland Security must demonstrate control of its networks. Unfortunately, previous GAO engagements and our own investigations into the department have shown that 'information security' has become an oxymoron. This is simply unacceptable."

The Department of Homeland Security and its CIO, Scott Charbo, were taken to task earlier this summer for weaknesses in the department's computer network. It was reported during a congressional hearing that the department, which is the government agency tasked with being the leader of the nation's cybersecurity, suffered 844 "cybersecurity incidents" within two years.

Jim Langevin, D-R.I., chairman of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, noted that the incidents ranged from workstations infected with Trojans and viruses to a compromised department Web site, classified e-mails being sent over unclassified networks, and unauthorized users attaching their personal computers to DHS networks and gaining access to government equipment and data. He also said the incidents included "numerous classified data spillages."

The new GAO report showed that threats are coming both from within U.S. borders and abroad. And foreign adversaries continue to make a lot of noise about exploiting technical vulnerabilities.

Langevin also said in a hearing this summer the Chinese have been "coordinating attacks against the Department of Defense for years." And late in May, the Department of Defense reported that the People's Liberation Army in China is building up its cyberwarfare capabilities, even creating malware that could attack enemy computer systems in first-strike attacks.

"I encourage all businesses -- small and large -- to take a very close look at their cybersecurity practices," said Langevin in a statement this week. "Though 100% security may be unattainable, there are many policies and procedures that businesses can implement to better safeguard their data."