The White House has directed all federal agencies to quickly tighten the security of their computer systems after Friday’s disclosure that the Chinese hack of personnel files compromised a database holding sensitive security-clearance information.
“Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” the Office of Management and Budget said in a statement that did not mention the intrusion, which also targeted a federal employment database with personnel records of 4 million active and former federal employees.
Chief Information Officer Tony Scott has launched what the White House is calling a 30-day “cybersecurity sprint.” Here’s how the government wants federal agencies to increase security after the intrusion:
- “Immediately” deploy indicators, or sure signs that intruders may be in the system, into anti-malware tools. These indicators contain “priority threat-actor techniques, tactics and procedures,” the White House said. They should be used to scan systems and check employees’ user logs.
- Patch critical holes in their systems “without delay.” Agencies receive a list of these security vulnerabilities every week from the Department of Homeland Security.
- Tighten controls and policies for “privileged users,” or staff members with high-level access. Agencies should reduce their ranks, limit the types of computer functions they can perform and restrict the duration of their online sessions to prevent hackers from stealing large amounts of data, in addition to reviewing the logs from when they are online.
- Dramatically accelerate the widespread use of a process called “multifactor authentication,” another term for two-step ID checks. The idea here is that passwords alone are not safe controls, so employees need to log in with a smartcard or alternative form of identification.
The government has been hit by a number of high-profile cyberattacks in the past year. Hackers from China also broke into databases containing information on federal employees and contractors who hold security clearances. The Internal Revenue Service reported in May that hackers downloaded an online service that the agency uses to give Americans access to their past tax returns.
Agencies have been slow to address their vulnerabilities, even as federal cybersecurity funding has grown in recent years to combat fast-moving threats. But attacks on government networks are also on the rise. A Government Accountability Office found this year that the number of security incidents reported by federal agencies jumped to 67,168 in 2014 from 5,503 in 2006, an increase of 1,121 percent.
The government also is struggling to compete for the talent it needs to address cyberattacks. There’s a talent crunch in the computer security industry, as the private sector can offer senior cybersecurity professionals higher salaries than the government can, a Partnership for Public Service and Booz Allen Hamilton report found this spring.
You might also like: