BreachExchange mailing list archives
Cyber security demands real answers — Another View
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 13 Jul 2015 18:22:34 -0600
http://www.thetowntalk.com/story/opinion/2015/07/11/cyber-security-demands-real-answers-another-view/29999479/ The Internet era is giving way to the age of cyber vulnerability. The long list of private companies that have been patsies for hackers includes Target, Home Depot and most recently health insurer Anthem, which exposed the records of a breathtaking 80 million of its customers and employees. Though hackers didn't seem to be the cause Wednesday, there were serious computer problems at United Airlines, the New York Stock Exchange and The Wall Street Journal. As infuriating as it is when business computer systems crash, or when credit card data are stolen, attacks on the government are far more serious because they threaten national security. Witness the epic theft of sensitive data from computers at the Office of Personnel Management, the government's human resources department. Hackers, whom government officials have linked to China, broke into computers at OPM and stayed there undetected for months, downloading vast amounts of information on millions of current and former federal employees. The hackers took millions of the forms used by people to disclose intimate details of their lives for national security clearances. The information could be used to unmask covert agents or to blackmail Americans into spying for an enemy. Michael Hayden, the former head of the NSA and the CIA, told The Wall Street Journal that the embarrassing theft was "a tremendously big deal." How did it happen? "Raw incompetence," he said. That sounds about right. Last fall, OPM's inspector general detailed numerous longstanding flaws in the agency's computer security systems. An analysis by the tech site Ars Technica said the break-in probably began as a phishing email, which typically tries to get an employee to click on a link or open an attachment that then secretly installs malware. That let the hackers in, and eventually they had the run of OPM's computers. Government computers are guarded by a system called "Einstein" that sadly doesn't seem as smart as its namesake: It looks for suspicious network activity based largely on known attacks, but isn't skilled at identifying new ones. If the government isn't going to play offense — or isn't going to publicize it if it does — it's going to have to get much better at defense. This situation simply cannot continue. Whether it's the rollout of the Obamacare website or these attacks on an unforgivably vulnerable computer system, the administration seems to need a disaster before it wakes up and gets technology right. It certainly has another one on its hands now.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cyber security demands real answers — Another View Audrey McNeil (Jul 22)