The US State Department recently admitted it “detected activity of concern” within its network, prompting a temporary shutdown of part of its email system and reigniting speculation about the resilience of government networks to cyberattacks.
State Department spokesman Jeffrey Rathke told a group of reporters during a press briefing that the State Department “immediately formed a team to develop and implement a response plan, in coordination with cyber security experts from [the Department of Homeland Security] and from other agencies” after becoming aware of the intrusion a “few weeks ago.”
He said no classified systems were affected, and “We do not send classified information over our unclassified systems.”
Rathke offered no information regarding the origins of “the intrusion,” but similar incidents at the White House, US Postal Service and the National Oceanic Atmospheric Administration have included reported allegations, from unnamed sources, that the breaches were the work hackers from foreign nations.
The breach at the White House was believed to be from Russia and the breaches at the USPS and NOAA were reportedly from China.
The NOAA confirmed four of the agency’s websites were compromised by an Internet-sourced attack in recent weeks. The US Postal Service said it is investigating a cyber breach that exposed personally identifiable information of some employees.
Asked whether the incident at the State Department was connected to the White House incident, Rathke responded: “We believe that this activity was linked to the incidents. I don’t have a broader conclusion to draw than that.”
According to Advisen’s Loss Insight database, cyber cases involved government agencies and public administration groups have been steadily on the rise, especially since 2010.
Also, the median cost of data lost has sharply risen in 2014 to nearly $1.8 million.
In 2013, the State Department experienced 1,391 security incidents – a number that placed it in the lower to mid-range of all departments evaluated in an Office of Management and Budget report released last spring.
By comparison, the Department of Health and Human Services experienced 8,226 and the Department of Veteran Affairs reported 11,368 incidents, while the Justice Department saw 4,582 security incidents. The types of security incidents in the report reflect denial of service attacks, improper usage of data or systems; unauthorized access or mishandling of data; phishing scams; policy violations and “non-cyber” incidents, which refer to mishandling of hard copy data.
One of the primary sources of attacks included social engineering, meaning “fraudulent web sites and other attempts to entice users to provide sensitive information or download malicious code.”
Advisen data indicates personal privacy-related information is often lost in government/public admin breaches.
The report indicates that government agencies spent over $10.3 billion in 2013 on cybersecurity initiatives. However, the OMB found that more effort and adherence to best practices developed through US-CERT is needed.
The Federal Network Resilience Cybersecurity Assurance branch helps to assess cybersecurity measures and readiness of unclassified networks and systems. CAS did not immediately return a request for comment.
A recent Senate Armed Services Committee investigation found hackers associated with the Chinese government accessed the computer systems of US Transportation Command contractors at least 20 times in a single year.
In a note issued shortly after the results of the investigation were released, network security company FireEye said, “it’s important not to lose sight of the fact that China is not the only player in this game.”
“We have also observed suspected Russia-based actors target a defense technology company, and in Operation Saffron Rose, we saw an Iranian group target US defense contractors in addition to members of the Iranian opposition,” FireEye continued.
Clearly the incidents at the Whites House, State Department, USPS, NOAA and other federal agencies—as well as major data breaches at retailers—have heightened concern.
“The increased frequency and sophistication of cyber attacks upon both public and private entities highlights the need for greater collaboration to improve data security,” Re. Elijah Cummings, D-MD, wrote in a letter to Secretary of State John Kerry early this week. He requested from the State Department a full description of the attack, the type of data breached and measures taken to improve cybersecurity.
He said federal contractors, including USIS, the nation’s largest provider of federal background checks, was also penetrated.
Senate Homeland Security Committee ranking member Tom Coburn, R-OK, said in a statement: “I’m troubled by the fact that when federal agencies are hacked, Congress and the public seem to be the last to know.”
He said Congress should pass the Federal Information Security Management Act, penned by him and Democrat Sen. Tom Carper, which would require federal agencies to report intrusions.
Erin Ayers contributed to this report