The Uptick in Federal Breaches Is Alarming

The Washington Post ran a rattling headline recently: “Federal Cyber Incidents Jump 1,300% in 10 Years.” It reports that between 2005 and 2015, federal-agency breaches skyrocketed from 5,503 to 77,183. This, of course, includes 2014’s infamous Office of Personnel Management hack, which compromised 21.5 million records with employees’ personal information, such as social-security numbers.

The newspaper’s cyber-incident statistic comes from the GAO report for the Commission on Enhancing National Cybersecurity. And Gregory C. Wilshusen, GAO’s director of information security issues, boldly sounded the alarm, saying, “As of September 16, 2016, about 1,000 of our information security-related recommendations have not been implemented.” Those suggestions included clamping down on unauthorized network and file access, which can be leveraged to compromise personal and classified information alike.

In defense of the federal government, strategies to curb this epidemic are currently being implemented. It has created the Federal Cybersecurity Workforce Strategy, implemented the Cybersecurity National Action Plan, proposed legislation for the Information Technology Modernization Fund, and just appointed Brigadier General Gergory J. Touhill as the first federal CISO (via the Office of Management and Budget). The press secretary for the latter emphasized to the Washington Post that, “Over the last nearly eight years, federal agencies have made significant progress in strengthening their overall cybersecurity posture.” Though as TechCrunch points out, the government must also confront the reality that, “most of our critical systems are in the hands of private companies, well outside the influence of the OMB.”

(Full disclosure: In-Q-Tel, the nonprofit venture-capital group that represents several U.S. intelligence agencies, recently invested in Interset’s security-analytics software to nurture a solution that would swiftly address both inside and targeted attacks.)

We are also in a race against everything from basic spear-phishing methods that yield big results to sophisticated infiltration methods endeavoring to force catastrophic damage. As such, conversation about breaches being a matter of national security (see the case of Edward Snowden) has transformed into tough-talk about how they’re impacting the United States’ military prowess. “China appears to be moving forward with plans to use electronic attacks designed to either disrupt or take control of American drones,” writes TechCrunch, citing previous reports that China has already attempted GPS jamming—a tactic used by Iran against a U.S. drone in 2011. Additionally, TechCrunch references an article in a Chinese journal that suggests “network warfare” as a way to disrupt the American military.

In its cyber strategy, the Department of Defense writes, “DoD cannot defend every network and system against every kind of intrusion—DoD’s total network attack surface is too large to defend against all threats and too vast to close all vulnerabilities. DoD must take steps to identify, prioritize, and defend its most important networks and data so that it can carry out its missions effectively.” The DoD paper inadvertently highlights an irony in the GOA’s report: No one can technically stop breaches; they will simply happen. A true solution, however, will rigorously curtail them well before they exploit our identities or our national security.