BreachExchange mailing list archives
How big a deal is the reported Russian hack of White House computers?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 9 Apr 2015 19:16:27 -0600
http://www.cbsnews.com/news/how-big-a-deal-is-the-reported-russian-hack-of-white-house-computers/ Federal agencies are now investigating a reported Russian hack of a White House computer network last year that exposed sensitive information about President Obama. And while the White House has not formally accused the Russian government of involvement in the cyber attack, sources tell CBS News the intrusion did originate in Russia. The attack, however, only breached "the unclassified system," explained CBS News Senior National Security Analyst Juan Zarate. "There are classified systems that are more heavily protected, harder to infiltrate." So while it could have been worse, Zarate said, the attack was problematic for two reasons. "One...we can't have Internet and cyber infrastructure that is vulnerable to penetration by the Russians, or anybody else," he explained. "That's just not good. You have sensitive information, even if that's not classified on there, and you shouldn't have penetration." "The second though, and this is more intriguing from a geopolitical perspective, is to the extent that the Russians are responsible for this...This is telling, because it's not new that the Russians have been behind attacks, but it is a symbolic intrusion at a time of heightened tension between the West and Russia," Zarate explained. The U.S. response, Zarate said, must be multi-faceted. "You try to do everything possible to understand who's behind it, what kind of infiltration happened, what kind of data was exfiltrated," he said. "Second is you've got to harden your systems because, to the extent that there are vulnerabilities in one part of the system, there are likely other vulnerabilities. And you don't want the Chinese, the Russians, or anybody else getting inside your systems whether unclassified or classified." It's worth remembering, Zarate added, that while the U.S. possesses these same cyber capabilities, and likely some even more powerful tools, American policymakers are generally more responsible in deploying them. "The U.S. doesn't buy policy and, by law, and engage in the kind of cyber economic espionage that the Chinese do," he said. "They don't coordinate with non-state proxies and organized crime groups and activists like the Russians do...There's no question the US has capabilities and we're the best in the business in many ways, but we actually constrain the way we use the power. The challenge is the Russians and the Chinese are thinking more aggressively about how they use it."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- How big a deal is the reported Russian hack of White House computers? Audrey McNeil (Apr 16)