Espionage Lessons from the OPM Hack

Uploaded on 2015-07-10 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

HACKED-office-of-personnel-management-monitor.jpg

Hackers stole Social Security numbers, health histories and other highly sensitive data from more than 21 million people

It has been a month since the Office of Personnel Management (OPM) infiltration was made public and shockwaves of the hack reverberates in Washington, DC and beyond.   While we continue to extract negatives from the story of the OPM hack, three lessons emerge that might give us hope for a secure future.

Lesson #1: Security is not assured in digital systems 

The incident should remind us that every networked system is vulnerable. Cyber espionage is a reality and a problem every institution will have to deal with. The events of the last few months only make this clear as the US government officials admitted the State Department was hacked, which then led to an intrusion that even included some of Obama’s personal emails. 

The Syrian Liberation Army hacked the mil.gov website and public relations portal. Of course, to top it off, records for 4 million (or possibly many more) federal workers were stolen from the OPM, likely by the Chinese. Included in this massive amount of information is the background form that every employee who seeks secret clearance must fill out and includes some of the most intimate details about one’s personal life.

Searching for someone to blame is not really the answer. Rethinking what is available and networked is since the Internet was never designed with security in mind. Yet we continue to trust it with our deepest and darkest secrets. Once the vulnerabilities and the weaknesses of our systems are made clear, we can move forward with fixing the problems and altering the nature of how we share information. The simple conclusion is that we have entered an era of cyber espionage, not necessarily cyber war.

Lesson #2: US human intelligence will need to adapt to the digital age

Some have gone so far as to call the OPM hack a failure larger than the Snowden affair. Make no mistake, the hack was large and comprehensive, but we also must move beyond the spy fantasies that pervade analysis of the OPM hack. The typical story is that this information could be used as a stepping-stone to siphon off state secrets. 

Using cheap and available data mining tools similar to the NSAs’, the opposition could use the information to build a profile of individuals susceptible to blackmail, such as a federal employee with a history of extra-marital affairs and ties with the Chinese nationals, information all in the SF86 form were  stolen. Once identified, these targets could be subject to honey traps, a threat that MI5 has previously warned about in other contexts.
The US has not lost all of its HUMINT capabilities because of the hack and information leak, but it will need to adapt to take into account OPM-style attacks in the future.

Lesson #3: The main vulnerability to security systems remains external to US government networks

The perpetrators hacked the OPM by stealing the credentials of an outside contractor. There are things being done to increase security in US government systems, yet vulnerability will remain through external contractors with access, like Edward Snowden. This is why it is important do more than monitor systems constantly, we must hunt those who already have access and are using it maliciously, or those that might do so. 

At the strategic level, the exploit of OPM’s four million records means very little. It has not and will not change how the United States conducts the business of foreign policy, but the entire intelligence community needs reevaluate how it might conduct its mission. It is important to keep the real issue of cyber espionage in mind as we debate the future of conflict. 
DefenceOne:  http://bit.ly/1NYIjZj

 

« Data Scientist: The Sexiest Job of the 21st Century
Security Engineer Location: Sao Paolo »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

VMware

VMware

VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.