In a short 4 part series we take a look at all the cybersecurity issues that the US government faced in 2015.

Cybersecurity 2015

            The year of 2015 has seen many changes to the standards and regulations the government has in place for agencies and departments to follow, especially when it comes to cybersecurity and how to store information and protect the systems and networks. Also, the measures to be taken if there was a breach to a system or network have been redefined because of the mew and developing technologies. Lots of new legislation has been created by both the House and Senate with the goal of increasing cybersecurity and the sharing of cyber threat attack information with the government and other companies. All of this is being done with one goal in mind, learning from these attacks and to then be able to better protect one’s systems and networks from future attacks.

Incidents that led to the changes

            Many incidents and actions led to the government calling for tougher and stronger regulations in terms of cybersecurity. Starting back in the beginning of 2015 the Obama administration dedicated twenty million dollars on a new White House cyber unit, the E-gov Cyber division. This unit is to oversee the .gov network security and the notifying of victims of security breaches within a predetermined timetable. This division is housed in the Office of Management and Budget (OMB). The role of the OMB is to make clear government wide all the cybersecurity policy making and enforcement. This role was laid out in the 2014 Federal Information Security Modernization Act. Along with the creation of this division the White House also issued a new legislation proposal that would dole out sticker criminal punishment for computer breaches for both inside and outside of the government. It would also provide some liability protections for the companies that share information about intrusions to their systems and networks. Lastly, any infected companies would be required to notify customers who were affected by the breach within thirty days.

The E-gov Cyber will also help by providing incentives to companies who follow the guidelines laid out. One incentive, already an existing incentive, is a continuous diagnostic and mitigation program through the Department of Homeland Security (DHS). This provides real-time security technologies and consulting services for free to agencies.  Another incentive is the CyberStat sessions, these are data-driven reviews where the OMB points out missing controls to these agencies.  These new actions are being put in place so that agencies and the OMB can work together to see what safeguards are missing and then through a collaborative effort chart out a plan of action.

Following those initiatives came the creation of a new agency called Cyber Threat Intelligence Integration Center (CTIIC). Their role was to protect online privacy and secure sensitive data going through spies’ threat assessments and passing their findings on to other federal agencies. The CTIIC will not collect new intelligence but merely analyze and piece together information already gathered from other existing authorities.

Despite these measures in cybersecurity being taken there were the two major data breaches suffered by the Office of Personnel Management (OPM). The federal agency data bases and the White House called for an immediate lock down of governmental systems when it was discovered that Chinese spices had infiltrated secured systems. Four million two hundred thousand social security numbers of federal employees was leaked. This was one of the most devastating hacks of government data ever. Even more surprising is it happens more than a decade after a presidential directive was ordered for all government systems be upgraded to require stronger passcodes and smart cards for access.

The second major data breach was discovered while investigating the first data breach. This breach also being linked to Chinese spies is believed to have started back in May of 2014 and discovered in April 2015. Records of more than twenty-one million current and former civilian agencies, military employees and contractors were leaked when the Office of Personnel Management database was hacked. This included one million eight hundred thousand family member’s data being hacked as well. The records that were compromised in this breach included; detailed, sensitive background information, such as employment history, re­l­at­ives, addresses, and past drug abuse or emotional disorders. It was also believed that one million one hundred thousand of the compromised files included fingerprint records were stolen but after investigating further into the matter it was discovered to be far worse, five million six hundred thousand fingerprint records were stolen. What came from these two massive data breaches was even more drastic measures being taken and they needed to happen faster than typical protocol.

Our Thoughts on Part 1

            When it comes to keeping our nation’s secrets and records safe it should be one of the highest priorities for the US government. Making sure that not only our military is equipped with the best equipment to keep them safe while they keep us safe, the same should apply to all the systems and networks the government uses and making sure they are equipped with the best software and hardware. That however is not always the case it seems. Sadly, sometimes it takes such a major incident, or in this case two, for the government to fully understand all the vulnerabilities there are in their systems and networks. It seems more and more that larger entities and organizations are more reactive than proactive in terms to making changes that would seem fairly necessary and it takes things of this magnitude for those serious and necessary changes to be made. We are now in a time where a lot more of attacks we experience will not just be at our personal space but in our cyberspace. Attacking a country’s infrastructure, economy and everyday life is just as dangerous as an attack on a country’s major city.

Once incidents like this happen first you have to address the problem head on to make sure you can minimize the damage and resolve the problem. The next major component is putting regulations in place to really limit an incident similar from ever happening again. Taking a look at the incident and understanding what the attacker did to get in on the inside and take advantage of the vulnerabilities is key to making sure it doesn’t happen again. From that the government needs to put in place the right policies, procedures and people. In the end making sure those vulnerabilities are no longer that and gathering a better understanding of the systems and networks in place to make sure they are secure and monitored properly.