Security businessSecurity contractor USIS failed to notice months-long hacking of its computer systems

Published 5 November 2014

A new report reveals that the cyberattack on security contractor USIS, similar to previous attacks by Chinese government hackers on U.S. firms, was infiltrating USIS computer systems for months before the company noticed. The breach, first revealed publicly by the company and the Office of Personnel Management(OPM) in August, compromised the records of at least 25,000 DHS employees.

Last month, the Homeland Security News Wire reported on the security breach at U.S. Investigations Services (USIS), once the government’s top security clearance contractor. A new report reveals that the cyberattack, similar to previous attacks by Chinese government hackers on U.S. firms, was infiltrating USIS computer systems for months before the company noticed. The breach, first revealed publicly by the company and the Office of Personnel Management (OPM) in August, compromised the records of at least 25,000 DHS employees. “The information gathered in the security clearance process is a treasure chest for cyber hackers. If the contractors and the agencies that hire them can’t safeguard their material, the whole system becomes unreliable,” said Alan Paller, head of SANS, a cybersecurity training school, and former co-chair of DHS’ task force on cyber skills.

Authorities are now questioning why USIS’x computer detection alarms failed to discover the security breach earlier on and whether federal agencies that contracted USIS should have better monitored the firm’s cybersecurity practices. Yahoo News reports that cybersecurity experts say that attacks on corporate targets often occur up to eighteen months before they are discovered and are usually detected by the government or outside security analysts. A computer forensics analysis by consultants hired by USIS’s lawyers said the company handled the breach properly by reporting the incident once it was discovered. The analysis went on to say that OPM and DHS regularly reviewed and approved USIS’s early warning systems.

USIS reported the breach to federal authorities on 5 June, more than two months before publicly acknowledging it. The attacks are similar to a breach in March, when Chinese hackers penetrated computers at OPM. This latest attack was “sophisticated but we’re still working through that as well. There is some attribution” as to who was behind the breach, said Joseph Demarest, assistant director of the FBI’s cyber division.

Bret A. Padres, managing director of Stroz Friedberg, a digital risk management firm that prepared an analysis for USIS, said the company’s computers had government-approved “perimeter protection, antivirus, user authentication and intrusion-detection technologies.” Although Stroz Friedberg did not evaluate the strength of USIS’s cybersecurity programs before the intrusion. Padres said the breach targeted a vulnerable computer server in “a connected but separate network, managed by a third party not affiliated with USIS.” Padres did not identify the outside company.