A recent blog post from Shawn McCarthy, research director of Framingham, Mass.-based IDC Government Insights, caught my eye. The post discusses some of the tools that overseas hackers use against IT networks in the U.S.

In the post, "The Skinny On the International Hacking Attempts Against the U.S.," McCarthy responds to recent news about Mandiant Corp's accusation of a Chinese military unit, known as the People's Liberation Army Unit 61938 is mounting large-scale cyber attacks on American companies. Also, the hacker collective known as Anonymous recently announced that it had broken into a U.S. State Department server, posting data that the group says came from the department's database.


According to the post, hacking efforts that originate in foreign countries, such as China, have had multiple government and civilian targets — and aims. Attacks tend to fall into four broad categories: Targeting trade secrets; targeting government secrets; targeting critical infrastructure; and manipulating IT services for financial gain. McCarthy says we know of the tools being used, and the patterns of such attacks. But these events also raise the question about whether government agencies are spending enough on overall IT security and employee training.



McCarthy says the fact that federal agencies aren't spending enough on IT security is troubling. In fiscal year 2012, federal agencies earmarked an average of 8 percent of their total information technology budgets on security-related solutions. Those percentages range from 2 percent at the Department of the Treasury to 13 percent at the National Science Foundation (NSF). According to McCarthy, "Hacking attempts against government computers and against national infrastructure are bound to increase. But understanding how these intrusions are happening, what tools are being used, and how to fight against them, can certainly help slow down the progress of such blatant intrusions."

It should be noted that the White House issued an executive order last month (Feb. 12) that aims to improve critical infrastructure cybersecurity.

Within 150 days of the date of the order, the Secretary of Homeland Security must identify critical infrastructure at greatest risk. “The Secretary,” says the executive order, “shall use a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”

In his blog post, McCarthy explains, “It can be difficult for federal agencies to shut down hacking attempts. But a lot can be done by monitoring activity and by training employees.” In the “What you can do” section of the post, McCarthy offers a variety of suggestions, including the need to lock down browsers and the importance of encrypting stored data.

McCarthy told Govpro: The ‘What can you do’ comments apply to state and local (S&L) governments, too. However, S&L sites are not the targets of hacking attempts quite as often as federal sites. But such threats are very much an issue for all levels of government. The intelligence community does more to secure their networks than any other. They also are targeted for break-in more than any other.”

McCarthy provided Govpro with his views on government IT trends here. Govpro recently had the comments of SwishData’s Jean-Paul Bergeaux on government cybersecurity here.