Federal law enforcement notified more than 3,000 U.S. companies in 2013 that their computer systems and networks had been breached, according to a Washington Post report.
Lisa Monaco, deputy national security adviser for homeland security and counterterrorism, first disclosed how many times the government had tipped off the private sector to cyber-attacks at a White House event, the Post reported. The alerted companies ranged from big and small, and included national chains and retailers, major defense contractors, and local banks. About 2,000 of these notifications were made by the FBI in person or by phone.
The alerts were part of an ongoing effort to improve public-private threat information sharing between the Federal Bureau of Investigation, the Department of Homeland Security, and other government agencies, with the private sector. Information sharing was part of President Obama’s February 2013 executive order to “increase in volume, timeliness, and quality” the cyber threat information shared with the private sector.
The alerts included actionable information, such as actual IP addresses, malware samples, and specific attack signatures.
The Washington Post reported that the Secret Service notified companies in 590 criminal cases it opened last year. Along with Target, the Secret Service notified a major U.S. media organization, a large U.S. bank, a major software provider, and numerous small and medium-size retailers, restaurants and hotels, officials told the Post.
Congress has been wrangling over the details of cyber-security legislation and the form private-public sector information sharing should take. There is a lot of disagreement over how to set baseline security standards that companies in charge of critical infrastructure should follow. The White House recently unveiled a voluntary framework of best practices companies should follow to secure their networks from attack.
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.