The Fed learns from experience

The Fed learns from experience

Every cyberattack is a classroom. That's the view of the Federal Reserve.

To protect the Reserve's IT infrastructure, the systems team searches for lessons to be gleaned from each attack, said Mary Ann Emerson, the Federal Reserve Board's IT director.

'When money went from being physical in form to also being electronic, our security practices had to evolve as well,' Emerson said today at the Computer Security Institute's annual conference in Washington.

Her staff does after-action reviews of malicious code events. The Blaster attack review led to a major patch policy change, for instance.

When the Blaster worm appeared last year, the Fed had tested the Microsoft Corp. patch that would stop it, but policy required that it be deployed only on the weekend to avoid disrupting business operations. The worm forced all-night sessions to push the patch out early and create workarounds on unprotected machines, Emerson said.

As a result of that incident, the Fed now allows deployment of patches during the workweek.

The Sasser worm in May 2003 convinced the IT department to filter out all executable attachments on incoming e-mail.

The IT shop also can be proactive and has conducted stings to check compliance with its policies, Emerson said. During the tractor incident on the National Mall that tied up traffic in downtown Washington for three days, the IT staff sent out an e-mail with an attachment that purported to be a photo of the tractor and driver. When opened, the attachment provided the user's identity to the IT staff.

Despite a Fed policy against opening e-mail attachments, 'half of our employees who received it opened it,' Emerson said. 'That was a bad day for our IT staff.'

That incident resulted in temporarily blocking all incoming e-mail, she said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group