7 June 2015

When I read David Sanger’s report ‘Hacking Linked to China Exposes Millions of U.S. Workers’ in the New York Times about the Office of Personnel Management (OPM) attack I was shocked on both, the large number of stolen records and the obviously inadequate protection measures and processes.

‘The intrusion came before the personnel office fully put into place a series of new security procedures that restricted remote access for administrators of the network and reviewed all connections to the outside world through the Internet’.

Are basic protection measures like Two Factor Authentication for all employees for access from the internet to federal computer networks really not in place, not even for the NSA:

‘In acting too late, the personnel agency was not alone: The N.S.A. was also beginning to put in place new network precautions after its most delicate information was taken by Edward J. Snowden.’

And why does it take such a long time until an investigation starts? From a LIFARS blog we learn:

‘The possibility of a data breach was first detected back in April, by the Department of Homeland Security. An internal investigation conducted in May, confirmed that the breach had indeed occurred.’

In the New York Times article we find the reason for this delay:

‘Administration officials said they made the breach public only after confirming last month that the data had been compromised and after taking additional steps to insulate other government agencies from the intrusion.’

Again, it seems to me that basic protection measures like proper network segmentation are not in place. In addition to effective communication processes and business continuity management, which could cut the Mean Time To Identify (MTTI) a breach dramatically due to the Ponemon 2015 Cost of Data Breach Study, page 24, figure 24.

Take care!