The FISMA Focus IPD

From: Asbury Park Press

Written by Bill Bowman

Last month’s breach of information stored in a U.S. Army database wasn’t the first and, experts say, probably won’t be the last.

Some Shore-area residents who worked or visited the former Fort Monmouth were shocked late last month when they received letters telling them that elements of their personally identifiable information had been “compromised” by a hacker who broke into the CECOM (Communications-Electronics Command) database kept at Aberdeen Proving Ground, Md.

All told, the breach affected as many as 36,000 people, according to the letter from CECOM’s commanding general, Maj. Gen. Robert S. Ferrell.

Such incidents are to be expected in the “cat and mouse” game played by attackers and defenders, said Vinod Ganapathy, an assistant professor of computer science at Rutgers University in New Brunswick.

“The history of computer security has shown that it is impossible to claim that a system is ‘perfectly secure’,” Ganapathy said in an email. “Thus, as defenders, we must always assume that attackers will find means to attack our systems and steal our data.”

CECOM’s recent experience bears out Ganapathy’s statement. Earlier last year, in March, a hacker known as “Black Jester” published sensitive contract information that was stored on a CECOM site, according to the web site Softpedia.com. The information included names, user IDs, physical addresses, email addresses, telephone numbers and passwords, according to the site.

And in January 2011, a hacker put up for sale access to the CECOM site for $499, according to Imperva, a computer security product vendor.

Thomas said no personally identifiable information was accessed in those two prior breaches.

In the latest breach of a CECOM database — still under investigation by the Army’s Cyber Command — the information came from former Fort Monmouth visitor logs as well as CECOM Software Engineering Center personnel files, according to Ferrell’s letter.

Read Complete Article