The Pentagon was the
target of a recent and successful breach involving the Joint Chiefs of Staff
email system. The attack occurred sometime around July 25th and the email
system, affecting over 4000 personnel, has been down since that time (Vanden Brook & Winter, 2015) . The attack vector
used to penetrate the network was spear-phishing and it was noted that a new
and different vulnerability was exploited, one that has not been seen before.
Based on this, officials believe that a state actor was involved in the breach.
To date, the Pentagon and other federal agencies have been under attack from
suspected state-sponsored actors with the most recent breach involving the Office
of Personnel Management (OPM) resulting in the compromise of information of an
estimated 22 million people.
For this most recent
attack, officials are pointing to Russia based on the nature of the attack,
which does not appear to be in line with suspected Chinese attack behavior. The
attack employed an automated system to rapidly gather a massive amount of data
within a minute and distribute it to thousands of accounts across the Internet
with coordination of encrypted social media accounts being involved. This would
not represent the first venture of Russia into federal email systems as Russia
is also suspected of a breach at the State department back in October 2014.
While no classified information was suspected to have been compromised given
that the system was unclassified, a great deal of sensitive information was
likely compromised, including the president’s personal schedule.
Spear phishing has
been on the rise in the past few years across all organizations and
cyber-espionage incidents have involved spear phishing in nearly two thirds of
such attacks (Verizon, 2015) . Also, as noted above, it appears that
the government is well aware of the intent of multiple state actors’ intent to
breach federal organizations and compromise information. The federal government
took only a matter of a couple of weeks to attribute this latest attack to
Russia, though of course there is rarely a smoking gun in such cases as this.
Also, the government is taking very specific steps in remedying this massive
breach including scrubbing the entire system, revamping part of the system,
creating mock hacking scenarios, performing red team evaluations, conducting
training for all personnel and distributing information to the federal
government (Youssef, 2015) .
Given the response
actions taken and the short time-frame involved, this would indicate that the
government has a very good idea how it will be attacked and also how to prepare
and respond to such attacks. What this does not explain is why with such a firm
understanding of the adversary and the types of attacks that will be involved
these attacks continue to be so successful and continue to result in massive
breaches of federal organizations. Each organization in the federal government
is charged with the proper execution of precious and scarce resources and these
continuing failures indicate this is not the case. Hopefully the government
will be taking a very hard look at the continuing causes of these failures and
begin to hold organizations accountable for them. It is likely that the
response of the organizations will be that they do not have the resources
necessary to protect their systems. However, cyber security is part of the
mission of every organization and any organization that cannot execute its
mission should be held accountable and either shut down or have its mission
transferred to another organization within the federal government that can
execute. Only with accountability will these organizations begin to really take
cyber security seriously and really work to implement what they apparently
already know.
Works Cited
Vanden Brook, T., & Winter, M. (2015, August 7). Hackers
penetrated Pentagon email. Retrieved August 7, 2015, from usatoday.com:
http://www.usatoday.com/story/news/nation/2015/08/06/russia-reportedly-hacks-pentagon-email-system/31228625/
Verizon. (2015). 2015 Data Breach Investigations
Report. Retrieved August 7, 2015, from cyberactive.bellevue.edu:
https://cyberactive.bellevue.edu/bbcswebdav/pid-7308760-dt-content-rid-9574545_2/courses/CIS608-T301_2157_1/CIS608-T301_2157_1_ImportedContent_20150529052136/Verizon-DBIR-2015.pdf
Youssef, N. A. (2015, August 5). Pentagon Hack
‘Most Sophisticated’ Ever. Retrieved August 7, 2015, from
thedailybeast.com:
http://www.thedailybeast.com/cheats/2015/08/05/joint-chiefs-of-staff-hacked.html
No comments:
Post a Comment