While anonymous administration officials have blamed China for the attack (and many in the security community believe that the attack bears the hallmark of Chinese state-sponsored espionage), no direct evidence has been offered. The FBI blamed a previous breach at an OPM contractor the Chinese, and security firm iSight Partners told The Washington Post that this latest attack was linked to the same group that breached health insurer Anthem.
OPM is the human resources department for the civilian agencies of the federal government, so this attack exposed records for over four million current and former government employees at places like the Department of Defense. The breach, which CNN dubbed `the biggest government hack ever,` included background and security clearance investigations on employees` families, neighbors, and close associates stored in the Electronic Questionnaires for Investigations Processing (e-QIP) system and other databases. The attack also affected a data center operated by Department of the Interior used by OPM and other agencies as a shared service—the result of data center consolidation ordered by the Obama administration. As a result, even more agencies may have been directly affected.
The OPM hack is just the latest in a series of federal network intrusions and data breaches, including recent incidents at the Internal Revenue Service, the State Department, and even the White House. These attacks have occurred despite the $4.5 billion National Cybersecurity and Protection System (NCPS) program and its centerpiece capability, Einstein. Falling under the Department of Homeland Security`s watch, that system sits astride the government`s trusted Internet gateways. Einstein was originally based on deep packet inspection technology first deployed over a decade ago, and the system`s latest $218 million upgrade was supposed to make it capable of more active attack prevention. But the traffic flow analysis and signature detection capabilities of Einstein, drawn from both DHS traffic analysis and data shared by the National Security Agency, appears to be incapable of catching the sort of tactics that have become the modern baseline for state-sponsored network espionage and criminal attacks. Once such attacks are executed, they tend to look like normal network traffic.
Put simply, as new capabilities for Einstein are being rolled out, they`re not keeping pace with the types of threats now facing federal agencies. And with the data from OPM and other breaches, foreign intelligence services have a goldmine of information about federal employees at every level of the government. It`s a worrisome cache that could easily be leveraged for additional, highly-targeted cyber-attacks and other espionage. In a nation with a growing reputation for state of the art surveillance initiatives and cyber warfare techniques, how did we become the ones playing catch up?
Read original article
No comments:
Post a Comment