The Complex

The government’s cyber vulnerabiity database was infected with malware (Updated)

The National Institute for Standards and Technology or NIST — the government institute responsible for bringing together critical infrastructure providers to decide the minimum cyber security standards they should adhere to under President Obama’s cyber security executive order — had to take its list of cyber vulnerabilities offline after it was discovered to be infected ...

By
NIST
NIST
NIST

The National Institute for Standards and Technology or NIST -- the government institute responsible for bringing together critical infrastructure providers to decide the minimum cyber security standards they should adhere to under President Obama's cyber security executive order -- had to take its list of cyber vulnerabilities offline after it was discovered to be infected with malware.

The National Institute for Standards and Technology or NIST — the government institute responsible for bringing together critical infrastructure providers to decide the minimum cyber security standards they should adhere to under President Obama’s cyber security executive order — had to take its list of cyber vulnerabilities offline after it was discovered to be infected with malware.

(That’s a photo of NIST’ advanced measurement Lab above.)

According numerous reports in the tech press, two of NIST’s servers hosting the U.S. government’s National Vulnerability Database were infected with malware that took advantage of security gaps in Adobe’s ColdFusion software. The kicker: the site was infected for two months before the malware was noticed and NIST took it offline last Friday.

The National Vulnerability Database is supposed to be the government’s resource to give the IT security community a running list of known cyber vulnerabilities.

"Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites," a NIST spokeswoman said in a March 14 statement posted to  Google+ by Kim Halavakoski, chief security officer at Crosskey Banking Solutions, which noticed the database was offline while trying to research cyber vulnerabilities.

As noted by The Register, Adobe issued a warning about the flaw in ColdFusion on January 4 and a software patch for it on January 15.

So yeah, it looks like the government agency charged with helping develop cyber security best practices didn’t follow a key best practice; regularly updating its software.

When looking for a photo for this piece, Killer Apps noticed that NIST’s photo gallery is also unavailable, let’s hope it wasn’t infected too.

We’ve got a phone call in to NIST, we’ll let you know when we hear back.

 UPDATE : A NIST spokeswoman just emailed Killer Apps to say that the database and several other NIST sites are back up and running.

Please note that the following web sites are now back up.  There may be some associated web sites or aliases that are not yet up, however.

http://nvd.nist.gov
http://checklists.nist.gov
http://scap.nist.gov
http://usgcb.nist.gov

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

Tag: War

latest

All the Palestinians Got From Oslo Was KFC

The End of Nagorno-Karabakh

What in the World?

What Does Nagorno-Karabakh’s Fall Mean for Great Power Influence?

U.S. Fears Sudan’s War Will Worsen Humanitarian Crisis
See All Stories

Editors’ Picks

  1. 1
    America Can’t Stop China’s Rise
  2. 2
    Iran Is Exploiting Divisions and U.S. Inaction in Iraqi Kurdistan
  3. 3
    Blue Hawk Down
  4. 4
    What Does Nagorno-Karabakh’s Fall Mean for Great Power Influence?

More from Foreign Policy

A photo illustration shows Chinese President Xi Jinping and U.S. President Joe Biden posing on pedestals atop the bipolar world order, with Indian Prime Minister Narendra Modi, European Commission President Ursula von der Leyen, and Russian President Vladamir Putin standing below on a gridded floor.
A photo illustration shows Chinese President Xi Jinping and U.S. President Joe Biden posing on pedestals atop the bipolar world order, with Indian Prime Minister Narendra Modi, European Commission President Ursula von der Leyen, and Russian President Vladamir Putin standing below on a gridded floor.

No, the World Is Not Multipolar

The idea of emerging power centers is popular but wrong—and could lead to serious policy mistakes.

A view from the cockpit shows backlit control panels and two pilots inside a KC-130J aerial refueler en route from Williamtown to Darwin as the sun sets on the horizon.
A view from the cockpit shows backlit control panels and two pilots inside a KC-130J aerial refueler en route from Williamtown to Darwin as the sun sets on the horizon.

America Prepares for a Pacific War With China It Doesn’t Want

Embedded with U.S. forces in the Pacific, I saw the dilemmas of deterrence firsthand.

The Chinese flag is raised during the opening ceremony of the Beijing Winter Olympics at Beijing National Stadium on Feb. 4, 2022.
The Chinese flag is raised during the opening ceremony of the Beijing Winter Olympics at Beijing National Stadium on Feb. 4, 2022.

America Can’t Stop China’s Rise

And it should stop trying.

Ukrainian President Volodymyr Zelensky looks on prior a meeting with European Union leaders in Mariinsky Palace, in Kyiv, on June 16, 2022.
Ukrainian President Volodymyr Zelensky looks on prior a meeting with European Union leaders in Mariinsky Palace, in Kyiv, on June 16, 2022.

The Morality of Ukraine’s War Is Very Murky

The ethical calculations are less clear than you might think.

Trending

  1. Iran Is Exploiting Divisions and U.S. Inaction in Iraqi Kurdistan
    Argument
    Ranj Alaaldin

  2. No, the World Is Not Multipolar
    Essay
    Jo Inge Bekkevold

  3. Blue Hawk Down
    Report
    Robbie Gramer

  4. What Does Nagorno-Karabakh’s Fall Mean for Great Power Influence?
    It's Debatable
    Emma Ashford, Matthew Kroenig

  5. The End of Nagorno-Karabakh
    World Brief
    Alexandra Sharp