The government is a big, juicy, slow moving target for hackers.
No other body has the clout to collect so much private, sensitive information on individuals.
- Criminal records
- Tax filings
- Birth records
- Surveillance data
Together and separately, municipal, state and federal government represents a treasure trove for identity thieves and fraud artists.
And all this is even before considering the highly sensitive defense, diplomatic, and financial information that is accumulated somewhere in the vast digital coffers of government.
Blueprints for spy satellites … control codes for Global Positioning System (GPS) stations … contracts for top secret defense expenditures … cables with foreign leaders … all information that foreign governments and companies would kill to get their hands on.
Government cybersecurity professionals have a lot of challenges, but they also get some of the coolest tools to use and most interesting jobs to handle.
Big Problems with Government Information Security Require Big Solutions
At the National Security Agency (NSA), cybersecurity researchers have access to some of the most advanced supercomputer systems on the planet. As part of their work assisting other government agencies in securing information systems, they get to work on systems straight out of science fiction– systems like the L-3 Warrior Systems Wireless Personal Area Network.
Not just any security analyst off the street will be hired to work with such sensitive systems. Only the brightest master’s-educated cybersecurity professionals will be qualified.
Government is Catching Up to Itself…
Despite having funded most of the basic research that led to the creation of the Internet and much of the computing technology that powered it, government itself was slow in adopting that technology. Some government managers even bragged that they didn’t have to have a computer on their desk. And austerity measures have throttled technology adoption even further, as this January 2013 article in Forbes reports.
Even after attempts by the Obama administration to kickstart government IT initiatives (difficult as it may be to believe, President Obama in 2008 became the first president to have a mobile device for official use), many in the government hierarchy interviewed for a 2015 Washington Post article believed the federal government still lagged behind the private sector in technology adoption.
This general lag has put the government at a particular disadvantage when it comes to cybersecurity. An April 2016 article from Reuters cites a report finding that the U.S. government ranked worse on computer security than every other major industry in the country. The litany of breaches of government systems is long and egregious:
- 5 million employee records were stolen from the Office of Personnel Management (OPM) in 2015, including fingerprint data
- More than 700,000 social security numbers and personal identifying information was stolen from the Internal Revenue Service (IRS) in 2016
- The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) were hacked for a loss of almost 30,000 employee records in 2015
- The National Aeronautics and Space Administration (NASA) was hacked and employee data taken, and an experimental drone was hacked and had flight logs and data stolen
The list of breaches at smaller government organizations is too long to even touch on, but included such dramatic events as multiple local police agencies paying ransoms to foreign hackers in blackmail schemes to get their data back, according to an April, 2016 article from CNBC.
The federal government moves slowly but when it gets rolling, the momentum is overwhelming. Today, cybersecurity is a major priority for the U.S. government.
President Obama unveiled a $19 billion plan to overhaul the nation’s cybersecurity defense back in 2009, a 35 percent increase from what was previously allocated. Cybersecurity engineers, architects, auditors, administrators and analysts throughout the government have been scrambling to put the plan in place.
$19 Billion ($19,000,000,000) Buys a Lot of Cybersecurity
The Cybersecurity National Action Plan (CNAP) is wide-ranging and deep. $3.1 billion will be plowed immediately into government IT to modernize it and establish a new oversight position: the Federal Chief Information Security Officer whose job it is to help secure federal information systems. Public awareness campaigns will cover topics like password security and multi-factor authentication.
Throughout the government, cybersecurity specialists at different agencies will be required to evaluate systems and make recommendations for modernizing or replacing them, prioritizing the highest-risk assets.
DHS will become a hub for all federal agencies requiring cybersecurity assistance. The agency will be boosting the number of in-house cybersecurity teams to 48 in a hiring spree that will headhunt the best information security specialists in the country.
More than $62 million will be invested in educating and training those specialists and others who may work in either the public or private sector.
The federal government will also review its use of social security numbers – one of the most highly prized targets for hackers – for any purpose other than tax identification. The goal will be to reduce the points of exposure, an effort that is expected to crossover to local governments and private corporations as well.
Information Security Takes a Networked Village: Government Cybersecurity Reaches Out to the Private Sector
Part of the new federal cybersecurity initiatives is a belated acknowledgement that attacks on the nation’s network infrastructure cannot easily be separated into public and private vulnerabilities. Deficiencies in private sector information security leads to weakness for government entities in the same way that a neighborhood ravaged by disease will quickly cause nearby areas to be infected as well.
Critical infrastructure that is in private hands is a particular focus of CNAP efforts. Public utilities and power generation facilities have traditionally focused on the bottom line rather than information security, but attacks against them have national implications.
CNAP and government cybersecurity experts will work with private industry to help secure that infrastructure against electronic attack.
Cross-Border Cooperation is Key to Pursuing Malicious Hackers
With so many hacking attempts originating overseas, it is left in the hands of government to pursue prosecution through cooperation with foreign governments. The FBI and Department of Defense both use cybersecurity staff to connect with overseas counterparts to track and apprehend malicious hackers.
The Department of Justice is increasing cybersecurity funding by more than 23 percent to improve this process, in hopes of leading to more success such as the 2016 arrest and prosecution of hackers from Russia and Algeria for distributing malware designed to steal financial data.
The Department of Defense, meanwhile, will build a Cyber Mission Force more than 6,000 strong, comprising 133 teams, which may be tasked with offensive or defensive cybersecurity tasks.
For situations where foreign governments themselves may be behind hacking attacks, national security can be at stake, and military cybersecurity analysts are on the front lines.