Bush Promises Cyber Intrusion Reporting Standards
Administration to provide federal agencies with specific instructions for FedCirc reporting within the next six weeks.
The Bush Administration is expected to give federal agencies specific instructions on how to report computer security incidents to the Federal Computer Incident Response Center (FedCirc) within the next six weeks. FedCirc is the incident response center where federal civilian agencies report computer security incidents.
The purpose of FedCirc is to ensure the government has critical services available in order to withstand or quickly recover from attacks against its information resources. On March 1, the agency officially became part of the Department of Homeland Security's (DHS) Information Analysis and Infrastructure Protection (IAIP) Directorate. DHS's National Cyber Security Division hosts FedCirc.
According to DHS officials, the Administration's incident report guidance will give FedCirc the data it needs to track and analyze incident reports.
Currently, a security incident is defined as an act of violating an explicit or implied security policy, but this relies on the existence of a security policy that, while generally understood, varies between organizations.
The types of activity believed to be widely recognized as being in violation of a typical security policy include but are not limited to (1.) attempts (either failed or successful) to gain unauthorized access to a system or data; (2.) unwanted disruption or denial of service; (3.) the unauthorized use of a system for the processing or storage of data; and (4.) changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction or consent.
Once an incident report has been received by FedCirc, an analyst creates a trouble ticket and sends an acknowledgement receipt with an identification number back to the creator of the report. If the incident is new, research is conducted and the analyst follows-up with a recommendation.
However, if the incident is something that FedCirc is already aware of or have received high volumes of calls on, then they may offer a solution when taking the initial incident report via telephone.