The FBI and the U.S. Marshal Service have reported being infected by a computer virus. Neither agency knew what kind of virus it was, but both were shutting down Internet access and e-mail as a precaution. The virus appears to have affected the external network and at no time was sensitive data at risk, claimed an FBI official. As of today, the sites are back up and running.
My initial concern was that a major government security agency was hit with a virus, the FBI no less, but every computer on the Internet is a potential target today. So instead of worrying whether an organization could be infected, we know that's a given today. Let's look at some other factors:
- Were the systems fully patched?
- Was one system compromised or many?
- Was data taken?
- Was any data destroyed?
- How long did it take to notice the breach?
- Was a forensics analysis completed?
- Werelogs compromised?
The answer to these basic questions will tell us a lot about the preparedness and the maturity of the organization. I am not giving up on security by any means. I have just come to the realization that every organization is vulnerable and, given enough resources, any organization can be breached. It really boils down to how well an organization can contain, recover, restore and protect itself from the same thing happening again.
I was talking to a friend over the weekend and we were discussing how this could possibly happen to the FBI. He said, "If the FBI can be compromised, then what chance do I have of protecting my systems?" We don't know all of the details, and probably never will. I know many security professionals feel like throwing their hands up in the air, but this shouldn't affect how we protect our systems in any way. If anything, it should make us want to dig in even deeper.