When the Zotob worm appeared only days after Microsoft released a patch that would have prevented infection, 700 Department of Transportation (DOT) computers were infected after a contractor connected a laptop to the DOT’s network against the department’s policy. This incident, which is recounted in a report on the department’s IT security by the DOT’s Inspector General (IG), is just one indication that some federal IT professionals are having trouble in meeting the challenges of locking down networks.
Here’s another. The IG notes that “about half of all Federal Railroad Administration computers are not subject to routine vulnerability checks because they are being used by employees who telecommute (or travel around the country) for the majority of the year.” As is made clear by the Zotob example, these laptops, “if infected with hostile software, could become conduits for spreading problems to the rest of the networks.”
@ The IG’s full report is available at SM Online.