United States Computer Emergency Readiness Team Operations

US-CERT_8May2007

Department of Homeland Security

  • US-CERT Operations
  • Incident & Event Summary
  • 38 pages
  • Unclassified
  • For Official Use Only
  • May 8, 2007

Executive Summary
The National Cyber Security Division (NCSD) United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security (DHS) and the public and private sectors. Established in 2003 to protect the nation’s internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. The organization interacts with federal agencies, state and local governments, industry professionals, and others to improve information sharing and incident response coordination and to reduce cyber threats and vulnerabilities.

This report is intended to provide an overview of the incident and event trends observed by US -CERT impacting Department of Defense (DOD).

The Federal Information Security Management Act (FISMA) of 2002 requires all agencies to report security incidents to the US-CERT. A computer incident within the federal government, as defined by NIST Special Publication 800-61 is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. In order to maintain standard reporting nomenclature and meaningful reporting metrics, US-CERT utilizes the incident and event categories defined in Table 1 and Table 2 below.

cert2cert3cert4

US#042024 Created: 1/24/2007 7:26:50PM Last Edited: 1/25/2007 2:18:49AM Assigned To: Incident Handling
01/24/07 0:00
PII Involved: Yes
Impacted Party: Department of Defense (DOD) / Air Force (USAF)
Agency reports unencrypted emails sent containing PII were sent to wrong recipients. The amount of individuals affected is being investigated.
Ticket Status: CLOSED On 01/24/07 at 7:29:12PM
Not Reported
Not Reported
Not Reported
Function: Not Reported
OS:
Not Reported AV:
Not Reported
Not Reported
Open
User
Timezone: Eastern Standard Time – EST
# Systems:
# Sites:
Impact:
Incident Status:
Identified By:
Occurred:
Tracking #:
Agency ( Department of Defense (DOD) )
Reported By: JTF-GNO
Reporting Sector:
Report Method: EMail
Sub-Type: Policy Violation
Problem Type: 04-Improper Usage
US#041949 Created: 1/24/2007 9:48:14AM Last Edited: 2/9/2007 2:47:57AM Assigned To: Incident Handling
01/24/07 0:00
PII Involved: Yes
Impacted Party: Department of Defense (DOD) / Air Force (USAF)
Agency user reports the names and SSN’s of individuals were downloaded to a thumb drive. The thumb drive was lost. It is uncertain if the names
and social security numbers were compromised. The agency has notified the Privacy Act Manager and is in the process of notifying the 1956
personnel that were listed on the thumb drive that their PII information may have been compromised.
Ticket Status: CLOSED On 02/09/07 at 2:47:34AM
Not Reported
Not Reported
Not Reported
Function: Not Reported
OS:
Not Reported AV:
Not Reported
Not Reported
Not Reported
Not Reported
Timezone: Eastern Standard Time – EST
# Systems:
# Sites:
Impact:
Incident Status:
Identified By:
Occurred:
Tracking #:
Agency ( Department of Defense (DOD) )
Reported By:
Reporting Sector:
Report Method: Email
Sub-Type: Equipment
Problem Type: 01-Unauthorized Access
US#040308 Created: 1/9/2007 12:11:34PM Last Edited: 2/9/2007 7:20:01AM Assigned To: Incident Handling
01/04/07 0:00
PII Involved: Yes
Impacted Party: Department of Defense (DOD) / Air Force (USAF)
An agency reported while searching the web a FOUO Document was posted on Google from NORAD / USNORTHCOM.
Ticket Status: CLOSED On 02/09/07 at 7:19:54AM
2007-01-018
Not Reported
Not Reported
Function: Not Reported
OS:
1 AV:
1
Medium
Unknown
Other
Timezone: Eastern Standard Time – EST
# Systems:
# Sites:
Impact:
Incident Status:
Identified By:
Occurred:
Tracking #:
Agency ( Department of Homeland Security (DHS) )
Reported By: Joshua Silva
Reporting Sector:
Report Method: Email
Sub-Type: Policy Violation
Problem Type: 04-Improper Usage
US#054497 Created: 5/7/2007 9:33:04PM Last Edited: 5/8/2007 12:06:30PM Assigned To: Incident Handling
05/07/07 0:00
PII Involved: Yes
Impacted Party: Department of Defense (DOD) / Army (USA)
An agency reports a laptop was stolen from an individual’s POV containing encrypted PII data.

Share this:

Facebooktwitterredditlinkedinmail