CybersecurityLatest massive data breach highlights federal government cyber vulnerability

The latest hacking of federal government records has resulted in the theft of personal files for as many as fourteen million people, and is yet another sign of systemic security breaches within government.

As theAtlantic reports, the theft of the files at the Office of Personnel Management (OPM) was significantly worse than the government officials had originally let on. Many are still trying to figure out whether the OPM attack may have included sensitive information about contractors or the family members of employees who underwent background checks. Additionally, it remains unclear whether the hackers were able to gain access to data that might identify spies or intelligence personnel.

Worse, the increasing hacks of the OPM reveal that the department never strengthened its cybersecurity following attacks as early as 2010.

In a damming report, the  New York Times found that “the agency did not possess an inventory of all the computer servers and devices with access to its networks, and did not require anyone gaining access to information from the outside to use the kind of basic authentication techniques that most Americans use for online banking. It did not regularly scan for vulnerabilities in the system, and found that 11 of the 47 computer systems that were supposed to be certified as safe for use last year were not ‘operating with a valid authorization.”

Now, some experts are arguing that the OPM incident is indicative of a greater need across the country to better defend governmental infrastructure with updated methodologies.

“Like banks and technology companies, government agencies must move to a model that assumes hackers will always get in,” said Michael A. Riley, a senior fellow in cybersecurity at the Center for Strategic and International Studies. “They’ll need to buy cutting-edge technologies that can detect intruders inside networks and eject them quickly, before the data is gone.”

This line of thinking is already at work within the military, where operational readiness and “a traditional war-fighting perspective” are predicted to become more recommended for other institutions and cross over to civilian operations.

“There are more questions than answers,” said a 2013 Air Force Research Institute report regarding deterrence against online attacks. “Organizing to fight through cyber attacks not only prepares the United States to operate under duress, but sends a strong deterrence message to potential adversaries.”

Some speculate the usefulness of military models in the public sector, but according to the Atlantic, “the players in an emerging global power struggle that will largely take place online are all new, and they’re using tools that the U.S. government still doesn’t seem to understand,” and this understanding might hopefully avoid more incidents like the OPM disaster.