recommended reading

How Many Cyberattacks Hit the United States Last Year?

Thanks to the warnings of senior lawmakers and Obama admiistration officials, Americans are growing more aware of online vulnerabilities that could lead to a “cyber Pearl Harbor” attack. By definition, such a catastrophe would be extraordinarily rare, its chances perhaps no more than one in a ... what, exactly?

It’s hard to talk about odds when the pool of minor cyberincidents is growing larger every day. Depending on when it arrives, the first major cybervent against the United States could be a one-in-2 million incident or a one-in-10-trillion incident. But noise from garden-variety hacks shouldn't just be ignored in a broader search for the next 9/11. Understanding those day-to-day online skirmishes can help reveal the scale of the broader problem.

The Homeland Security Department runs a national clearinghouse of cyberthreat information known as the U.S. Computer Emergency Readiness Team, or US-CERT. Part of its job is to track cyberincidents, which DHS defines as violations of an organization’s security policy. That could include unauthorized attempts to access a network, DDoS attacks, or other nasty behavior.

In 2007 -- the year that Twitter was founded -- US-CERT received almost 12,000 cyberincident reports. That number had more than doubled by 2009, according to new statistics from theGovernment Accountability Office (PDF), and it had quadrupled by 2012. We're learning of more attacks, more often. From a certain point of view, this is a good thing: Growing awareness means improved detection.

More than two-fifths of the cyberincidents reported by federal agencies last year were attempts to access U.S. networks or propagate malicious code. And here’s something else: The incidence of denial-of-service attacks that disable a website with bogus traffic was hardly worth mentioning. Remember when hackers from Anonymous managed to take down the CIA’s website last February? Despite the breathless news coverage of that event, it was dwarfed by the number of other incidents the government recorded. And these are just the ones the government knows about.

All of which is to say that the universe of cyberincidents is gigantic, and that by focusing so closely on The Next Big Attack, the United States risks failing to connect the dots -- again.

I’ll leave you with some additional recent numbers on cyberintrusions, as reported by various actors:

The energy company BP says it suffers 50,000 attempts cyberintrusion a day.

The Pentagon reports getting 10 million attempts a day.

The National Nuclear Security Administration, an arm of the Energy Department, also records 10 million hacks a day.

The United Kingdom reports 120,000 cyberincidents a day.

That’s almost as many as the state of Michigan deals with.

Utah says it faces 20 million attempts a day -- up from 1 million a day two years ago.

How these groups define and count their cyberincidents could be fairly diverse; it stretches credibility to think that Utah would be a bigger target than the Defense Department, for example. But, altogether, the numbers provide a necessary sense of scale.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.