Monday, 15 June 2015

Cybersecurity: Another Pearl Harbor?

Has the cyber Pearl Harbor that Secretary of Defense Leon Panetta warned of in 2012 already happened? Earlier this month, the Office of Personnel Management, which manages personnel records and pension payments for federal employees, admitted as many as 4 million people may have had their files hacked.

According to The Wall Street Journal, investigators say the intrusion was discovered in mid-April during a presentation at OPM by the Virginia-based company, CyTech. The embedded malware was discovered when the cyber security firm ran a diagnostic study on OPM’s network. Investigators say hackers may have had access to OPM files for more than a year.

J. David Cox, national president of the American Federation of Government Employees, says the breach is far worse than OPM admits. He alleges that the hackers (thought by most U.S. officials to be Chinese) were able to access the OPM’s Central Personnel Data File, which contains 69 different categories of information, including Social Security numbers — as well as security clearance information — on most civilian federal employees and retirees.

Writing for the cyber-security blog, 20 Committee, former National Security Agency analyst John Schindler explained the dangers: “Whoever now holds OPM’s records possesses something like the Holy Grail from a (counter-intelligence) perspective. They can target Americans in their database for recruitment or influence. After all, they know their vices, every last one — the gambling habit, the inability to pay bills on time, the spats with former spouses, the taste for something sexual on the side … all that is recorded in security clearance paperwork.”

Everyone knew this could happen. The Pentagon and the Government Accountability Office have been warning government agencies for years to strengthen cyber infrastructure. In April, the GAO issued its umpteenth report on cybersecurity, “Actions Needed to Address Challenges Facing the Federal Systems.” One of the issues addressed was “data breaches involving sensitive personnel information.”

We wonder: If a breach of this magnitude can continue undetected for more than a year at one agency, where else are hackers looking? How safe are our power grid and our water supplies? What about nuclear stockpiles and transportation systems? How safe are the Hoover Dam and Reagan National Airport?

Associate Editor Robin Beres noted in a column she wrote in January that there are plenty of federal agencies supposedly addressing this problem. But, she added, “It doesn’t matter how many organizations are tasked with a mission if no one is actually doing it.”

View the original content and more from this author here: http://ift.tt/1C7MAmi



from cyber security caucus http://ift.tt/1QyKPL4
via IFTTT

No comments:

Post a Comment