Espionage Lessons from the OPM Hack

Uploaded on 2015-07-10 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

HACKED-office-of-personnel-management-monitor.jpg

Hackers stole Social Security numbers, health histories and other highly sensitive data from more than 21 million people

It has been a month since the Office of Personnel Management (OPM) infiltration was made public and shockwaves of the hack reverberates in Washington, DC and beyond.   While we continue to extract negatives from the story of the OPM hack, three lessons emerge that might give us hope for a secure future.

Lesson #1: Security is not assured in digital systems 

The incident should remind us that every networked system is vulnerable. Cyber espionage is a reality and a problem every institution will have to deal with. The events of the last few months only make this clear as the US government officials admitted the State Department was hacked, which then led to an intrusion that even included some of Obama’s personal emails. 

The Syrian Liberation Army hacked the mil.gov website and public relations portal. Of course, to top it off, records for 4 million (or possibly many more) federal workers were stolen from the OPM, likely by the Chinese. Included in this massive amount of information is the background form that every employee who seeks secret clearance must fill out and includes some of the most intimate details about one’s personal life.

Searching for someone to blame is not really the answer. Rethinking what is available and networked is since the Internet was never designed with security in mind. Yet we continue to trust it with our deepest and darkest secrets. Once the vulnerabilities and the weaknesses of our systems are made clear, we can move forward with fixing the problems and altering the nature of how we share information. The simple conclusion is that we have entered an era of cyber espionage, not necessarily cyber war.

Lesson #2: US human intelligence will need to adapt to the digital age

Some have gone so far as to call the OPM hack a failure larger than the Snowden affair. Make no mistake, the hack was large and comprehensive, but we also must move beyond the spy fantasies that pervade analysis of the OPM hack. The typical story is that this information could be used as a stepping-stone to siphon off state secrets. 

Using cheap and available data mining tools similar to the NSAs’, the opposition could use the information to build a profile of individuals susceptible to blackmail, such as a federal employee with a history of extra-marital affairs and ties with the Chinese nationals, information all in the SF86 form were  stolen. Once identified, these targets could be subject to honey traps, a threat that MI5 has previously warned about in other contexts.
The US has not lost all of its HUMINT capabilities because of the hack and information leak, but it will need to adapt to take into account OPM-style attacks in the future.

Lesson #3: The main vulnerability to security systems remains external to US government networks

The perpetrators hacked the OPM by stealing the credentials of an outside contractor. There are things being done to increase security in US government systems, yet vulnerability will remain through external contractors with access, like Edward Snowden. This is why it is important do more than monitor systems constantly, we must hunt those who already have access and are using it maliciously, or those that might do so. 

At the strategic level, the exploit of OPM’s four million records means very little. It has not and will not change how the United States conducts the business of foreign policy, but the entire intelligence community needs reevaluate how it might conduct its mission. It is important to keep the real issue of cyber espionage in mind as we debate the future of conflict. 
DefenceOne:  http://bit.ly/1NYIjZj

 

« Data Scientist: The Sexiest Job of the 21st Century
Security Engineer Location: Sao Paolo »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

EU Joint Research Centre

EU Joint Research Centre

JRC is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

IT.ie

IT.ie

IT.ie are a comprehensive provider of Managed IT Services, Cloud Solutions, Cyber Security, and proactive IT support services.

Exaforce

Exaforce

At Exaforce, we are on a mission to 10× improve the productivity and efficacy of security and operations teams using our transformative multi-model AI engine.

SurgeONE.ai

SurgeONE.ai

SurgeONE.ai is the first AI-driven platform built to transform compliance, cybersecurity, and data across financial services—powered by experts, guided by insight.

Cyber Eagle

Cyber Eagle

Cyber Eagle is a sovereign-grade cybersecurity firm specializing in autonomous AI-powered defense systems for critical infrastructure protection.