I personally believe the US’s CI and KR should not be connected to any network because it’s too vulnerable, and too much of our network is old and outdated.
On top of that, it’s is well-known that our infrastructure, not just our roads and bridges, but our IT network is “crumbling:” I think that’s the term every one uses, and because this fact IS WELL KNOWN, these are the networks that state-sponsored attacks are typically concentrated.
There are, however, many cases where particular sectors have been targeted like aviation and mass transit, the gas and oil industry, our power grid systems our system of damns and many have been victims of the black-market credit card and social security number theft. This is the kind of information that affects individuals on a more personal level. I have, family and friends of mine, have all been victim of security breaches that could’ve been avoided.
Take the OPM breach that we were finally told about in 2015. Are you ready for this?
Staff members in OPM’s IT department realized that its personnel files had been hacked. Realized? Really?
Check out this timeline: The hack began in November of 2013, when the attackers first breached OPM networks. In December of 2013, is when OPM definitively knew that attackers were attempting to breach the systems of two contractors who conducted background checks FOR the Gov and had access to OPM servers.
In March of 2014, OPM officials realized they’d been hacked for sure but the Gov didn’t announce it to the public. And since they determined that the attackers had been confined to a part of the network that didn’t have any personnel data, OPM allowed the attackers to stay in the network so they could monitor them and gain counterintelligence.
On May 7, 2014, an attacker had used active credentials stolen from one of the contractors’ database to establish another foothold in the OPM network and installed malware there to create a backdoor. On May 27, 2014, the attackers began to load “keyloggers” onto database administrators’ workstations. Keyloggers are computer programs that record every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.
During the time the hackers were hacking away, and OPM was just watching what they were doing, OPM came up with a brilliant plan, entitled “Big Bang,” to reset the entire system thinking it would purge the attackers from the network.
Needless to say, “Big Bang” didn’t remove the hackers’ access OR the backdoor and in July and August of 2014, the attackers exfiltrated the background investigation data from OPM’s systems.
By October 2014, the attackers had moved through the OPM environment to breach a Department of Interior server, and in December 2014 another 4.2 million personnel records were exfiltrated.
Fingerprint data was exfiltrated in late March of 2015 and on April 15, 2015, security personnel noticed unusual activity within the OPM’s networks, which quickly led them to realize that attackers still had a foothold in their systems.
My data, along with millions of my friends and colleges had the information contained in our SF-86 forms, stolen while the Gov watched. SF-86 forms contain extremely personal information, including fingerprints, that’s gathered in background checks for people who need government security clearances.
So far, our stance has been one that’s reactive. Where are the proactive digital security measures that launch the nano-second foreign code starts ‘sniffing’ around? Why is the IT Network Administrator’s office CLOSED at 1600 everyday like that’s when hackers knock off their activities? Why oh why would our Gov grant remote access to their servers to anybody? Because Public Private Partnerships are cost-effective, creates jobs and frees up the Gov to do other things. (That’s political reasoning, however, unpractical it may actually be).
Our Gov has got to stop shooting the private sector in the foot with all the regulations, (with claims of civil rights infringement), and focus on strengthening the security of our information.
This is some scary stuff folks!