Federal Agencies Hit With More Data Breaches Than Other Sectors - 330 Million at Risk

According to Thales e-Security's 2018 Data Threat Report—Federal Government Edition, US federal agencies are experiencing more data breaches than other sectors. The report reveals that  71% of IT security professionals in US federal agencies disclosed that at least one breach had occurred at their respective agencies. Ironically, these revelations came to light in the midst of an escalation in IT security spending by the US government, which is expected to continue to increase in 2018. One thing that is at stake by not adequately addressing federal cybersecurity is the the personal data of over 330 million Americans.

Additionally, while there has been an uptick in government agencies moving to the cloud, only 23% of those agencies are using encryption. Moreover, of those using encryption on the cloud,  34% lack full control because the cloud providers possess the encryption keys.  In these cases, a third party is actually in charge of government data.

The Issues at Hand

Meanwhile, the US has experienced a battery of cyberattacks--the  frequency of which led the World Economic Forum (WEF) to list cyberattacks as the third largest global threat in 2018, in its 2018 Global Risks Report.  For instance, the potential use of cyberattacks in targeting critical infrastructure has become a major concern because of the devastating impact it could have. Most recently, several power plants fell victim to an attack. It was described as a “multi-pronged, coordinated attack” in which the attackers “conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems” and is outlined in a report from the United States Computer Emergency Readiness Team (US-CERT). Below is an excerpt from that report:

“Alert (TA18-074A)

Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

Systems Affected

• Domain Controllers

• File Servers

• Email Servers

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.”

US officials have also expressed concern regarding the existence of "emboldened cyber adversaries." Admiral Michael Rogers, Director of the National Security Agency, Commander of the U.S. Cyber Command and Chief of the Central Security Service recently warned that, "we face threats that have increased in sophistication, magnitude, intensity, velocity and volume, threatening our vital national security interests and economic well-being."

In particular, the US is troubled by the persistent actions of Russia, China, Iran and North Korea, against the United States. Rogers cautioned that, “Russia and China, which we see as peer or near-peer competitors, respectively, in cyberspace, remain our greatest concern.” He continued, saying: “But rogue nations like Iran and North Korea have grown growing capabilities and are using aggressive methods to conduct malicious cyberspace activities.” The following are just a few of the recent activities attributed to Russia, China, Iran and North Korea:

Russia

• Infamous Russian Cyber-Espionage Group Hacks German Government

• Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks

• Cyber-Attacks on US Critical Infrastructure Linked to Cisco Switch Flaw

North Korea

• White House Officially Blames North Korea for WannaCry Ransomware Outbreak

• New Adobe Flash Zero-Day Spotted in the Wild

China

• US Charges Three Members of Elite Chinese Cyber-Espionage Unit

• Chinese Hackers Target Think Tanks to Steal Military Strategic Info

• Chinese Crooks Assembling Massive Botnet of Nearly 5 Million Android Devices

Iran

• US Charges Nine Iranians With Hacking Over 300 Universities

So, What’s Being Done to Improve Federal Cybersecurity?

President Trump issued a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

And, the Department of Defense (DoD) has released a preliminary cyber strategy, in advance of the more detailed cyber strategy expected to be released in the Summer. According to the DoD, “the purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.”

The DoD's Three Primary Cyber Missions:

• Defend DoD networks, systems, and information

• Defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence

• Provide cyber support to military operational and contingency plans

The defense of US cyberspace is also part of the DoD’s National Defense Strategy, which places emphasis on the modernization of key capabilities. Cyberspace will be navigated as a warfighting domain and cyber defense, resilience and the continued integration of cyber capabilities is now part and parcel of the full spectrum of military operations.

The DoD also intends to prioritize the development of “resilient, survivable, federated networks and information ecosystems from the tactical level up to strategic planning.” Another addition to the strategy is the development of “capabilities to gain and exploit information, deny competitors those same advantages, and enable us to provide attribution while defending against and holding accountable state or non-state actors during cyberattacks.”

Overall, however, things are not moving along swimmingly in the world of federal cybersecurity. The Government Accountability Office (GAO) has reported that departments and agencies have not been consistent in implementation of the framework for the protection of its information systems. The following is a list of the most basic steps the federal government needs to take in order to secure its information systems. The GAO found that the implementation of these basics has been a major stumbling block, in many cases:

• Patch vulnerable systems and replace unsupported software

• Comprehensively test security on a regular basis

• Strengthen oversight of IT contractors

• Better identify cyber threats

• Improve their responses to cyber incidents and data breaches

• Better recruit and retain a qualified cybersecurity workforce and improve workforce planning activities at agencies.

U.S. critical infrastructure systems have been under attack for years. The units of the US infrastructure that are essential to the nation's well being and stability include the power grid and transportation, financial, health, election and manufacturing systems.

Russian hackers have already encroached within the systems that handle our country’s most vital operations, including nuclear facilities. There is real potential for cyber attacks to be deadly, and the most likely way for that to occur is by way of a cyber attack against critical infrastructure such as power plants, dam controls and pentagon computers.