Selected Security Events in the 1990s
Selected Security Events in the 1990s
Programming error in software for the AT&T electronic switching systems causes a nine-hour outage, blocking an estimated 5 million calls.
Accidental fiber cut blocks 60 percent of the long-distance calls into and out of New York, disables air traffic control functions in New York, Washington and Boston and disrupts the operation of the New York Mercantile Exchange and several commodities exchanges.
National Research Council releases report, "Computers at Risk: Safe Computing in the Information Age."
U.S. Naval Academy
computer system is penetrated successfully.
Office of Management and Budget Circular A-130, Appendix III, "Security of Federal Automated Information Resources," is updated, requiring agencies to assign responsibility for security, develop a system security plan, screen and train individual users, assess risk, plan for disasters and contingencies and periodically review their security safeguards. It also requires agencies to define responsibilities for individuals with access to automated systems, and to implement security incident response and reporting capabilities.
President Clinton establishes CIO Council, chaired by OMB, to address governmentwide technology issues and advise OMB on policies and standards needed to implement legislative reforms. Council members include chief information officers and deputy CIOs from each major agency.
General Accounting Office issues report, "Information Security: Opportunities for Improved OMB Oversight of Agency Practices."
Clinger-Cohen Act of 1996 stipulates that agency heads are directly responsible for information technology management, including ensuring that the information security policies, procedures and practices of their agencies are adequate. The act also requires the appointment of a CIO for each of the 24 largest federal agencies to provide expertise to implement needed reforms.
A 15-year-old hacker working from Croatia penetrates a computing system at Andersen Air Force Base in Guam.
Commands sent from a hacker's personal computer disable vital services to the Federal Aviation Administration control tower at the Worcester, Mass., airport.
As part of the Eligible Receiver exercise,
an NSA hacker team breaks into Defense
Department computers and the U.S. electric
power grid system. The team simulates a series of rolling power outages and 911 emergency telephone overloads in Washington and other cities.
Operator installs a corrupted top-level domain name server database at Network Solutions and effectively wipes out access to roughly 1 million sites on the Internet.
GAO issues an exposure draft of the Federal Information System Controls Audit Manual, which describes a methodology for evaluating federal agency information security programs.
Employee uploads an incorrect set of translations into a Signaling System 7 processor and causes a 90-minute network outage for AT&T toll-free telephone service.
State Department shuts down portions of one of its international computer systems after GAO discovers evidence of an intruder in computers at two overseas posts.
President's Commission on Critical Infrastructure Protection issues its report, "Critical Foundations: Protecting America's Infrastructures." It calls for a national effort to assure the security of the United States' increasingly vulnerable and interconnected infrastructures, such as telecommunications, banking and finance, energy, transportation and essential government services.
CIO Council, under OMB's leadership, designates information security as one of six priority areas and establishes a security committee.
February 1998: Software failure in Illuminet, a private carrier, interrupts operation of the New York Mercantile Exchange and telephone service in several major East Coast cities.
Software flaws cause an outage in the AT&T frame-relay
Clinton issues Presidential Decision Directive 63 (PDD-63), calling for an effort to ensure the security of the nation's critical infrastructures for communication, finance, energy distribution and transportation. Establishes National Coordinator for Security, Infrastructure Protection and Counter-Terrorism. Forms the Critical Infrastructure Coordination Group, which is supported by the Critical Infrastructure Assurance Office (CIAO) within the Department of Commerce.
A tree shorts a line running to a power plant in Idaho, bringing about cascading outages that take down the three main California-Oregon transmission trunks and interrupt service for 2 million customers.
GAO issues the report, "Information Security: Serious Weaknesses Place Critical Federal Operations and Assets at Risk."
Agency plans for critical infrastructure protection called for under PDD-63 are due to CIAO.