Security incidents nearly double in 2001

Total security incidents nearly doubled in 2001 compared to the prior year, according to statistics released Friday by the federally funded computer and network security body, the Computer Emergency Response Team (CERT) Coordination Center.

While 2000 saw 21,756 security incidents, 52,658 such incidents were reported in 2001, CERT/CC said.

CERT/CC, based at Pittsburgh’s Carnegie Mellon University, issues regular advisories about security vulnerabilities in software, as well as virus and worms outbreaks, offers tips on keeping computer systems secure and helps to coordinate responses to some security incidents. CERT/CC also maintains a hotline for reporting security issues.

Security incidents, which are defined by the organization as any related set of security events, be they a large-scale virus outbreak or a much smaller one, have risen nearly every year since CERT’s founding in 1988. That trend has risen sharply in the last few years with nearly 10,000 incidents reported for 1999, more than 21,000 in 2001 and now nearly 53,000 such events in 2001.

Reports of security vulnerabilities in software have followed the same trend as security incidents, as well, with a steady upward trend capped in 2001, which featured more than twice as many vulnerabilities as 2000. In 2001, there were 2,437 security vulnerabilities reported compared to 2000’s 1,090 vulnerabilities and sharply up over 1999’s 417.

Last year also saw more serious security events than most previous years, according to CERT/CC’s figures. The body published 41 security alerts, it’s most serious notification of security problems, in 2001, up from 26 in 2000. 2001’s figure, however, did not best the single-year high mark of 53, set in 1996.

Security incidents are going up in part because more people are more aware of security and are reporting more incidents, according to Chad Dougherty, an Internet security analyst at CERT/CC.

“Security awareness is increasing and we’re starting to see more attention (paid) to Internet security,” he said.

Also playing a role in the increase in security events in 2001, were attacks on widely deployed software, Dougherty said. Two worms, Code Red and Nimda, both attacked Microsoft Corp. IIS (Internet Information Service) Web server platform in the last half of 2001. IIS is deployed on millions of servers worldwide.

Events like Code Red and Nimda, as well as CERT’s overall numbers, play up the point that “everyone on the Internet is dependent on everyone else” for security, Dougherty said.

Although declining to make a prediction about this year, Dougherty expects that the rise in security incidents “is a trend we’ll see increasing as time goes on.”

“We still have a ways to go in software development and producing software that doesn’t contain those vulnerabilities right out of the box,” he said.

Dougherty advised users to check CERT’s Web site, where the organization has posted papers on how to improve computer security, especially for home users.

CERT/CC, in Pittsburgh, is at