A few weeks ago, a data breach was reported that involved an unclassified computer network used by President Obama’s senior staff, prompting countermeasures by the administration resulting in temporary system outages. Officials said the attack did not appear to be aimed at destruction of either data or hardware, or assuming control of other systems at the White House, which poses the question – what were the hackers looking for?
Recent reports and the Washington Post have disclosed cyber-espionage campaigns by hackers thought to be working for the Russian government. Targets have included NATO, the Ukrainian government and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top-tier of states with cyber-capabilities. The Washington Post also reported the nature of this breach is consistent with a state-sponsored attack.
Interestingly, FireEye developed a report supporting this assertion. According to the report, APT (Advanced Persistent Threats) 28: A Window Into Russia’s Cyber Espionage Operations, FireEye believes APTs that target malware, language and focused operations indicate a government sponsor that is most likely Russian. While there have been no reports that definitively confirm the Russian government were the hackers responsible for this particular breach, the way in which the actors behaved is similar to the those described in the FireEye report.
The truth is, attacks such as this are becoming more prevalent and the actors are becoming more devious. The Department of Homeland Security reports that cyberattacks are growing more “sophisticated, frequent, and dynamic.” To decrease the likelihood of future breaches, government entities are encouraged to join the Continuous Diagnostics and Mitigation (CDM) program to implement tools that identify cybersecurity risks on a continuous basis, prioritize risks based upon potential impact, and enable cybersecurity personnel to mitigate the most significant problems first.
Different agencies in the federal government experience breaches of increasing levels of gravity, which results in these particular agencies moving up in priority on the CDM task order list and getting closer to obtaining funds for CDM. Sadly, it’s seems as though a data breach needs to happen before elevating it within the task order listing, which is a bit of circular logic. Agencies should take a more proactive stance by:
- Shift your security mindset from “incident response” to “continuous response,” wherein systems are assumed to be compromised and require continuous monitoring and remediation.
- Adopt an adaptive security architecture for protection from advanced persistent threats
- Spend less on prevention; invest in detection, response and predictive capabilities.
Federal agencies need to become more proactive and aggressive in protecting their biggest assets – their data.