Chinese hackers now targeting smaller federal agencies, officials claim
For many years, major U.S. agencies have fended off attacks from international cyberattackers, including state-sanctioned cybercriminals. Now, however, government officials believe some of these hackers are refocusing their efforts to attack smaller agencies, The New York Times reported. This suggests the need for better cybersecurity initiatives across the federal government.
The news source noted that federal cybersecurity analysts believe hackers attempted to access the Government Printing Office's and Government Accountability Office's networks in March. Around the same time, Chinese hackers allegedly successfully attacked the Office of Personnel Management's network. Officials could not say with certainty that the attackers were operating at the behest of the Chinese government but asserted that the sophisticated nature of the strikes suggests military affiliation.
According to the news source, these attacks surprised and confused American officials, as the organizations were not at all the normal targets for such efforts. None of the agencies in question housed a significant amount of classified information.
A wider focus
James A. Lewis, a cybersecurity expert with the Center for Strategic International Studies, told The New York Times that while the attacks targeting the GAO and OPM are understandable, the same cannot be said of the GPO. He suggested that the intrusion could be attributed to either a misunderstanding on the part of the cyberattacker or simply a matter of opportunism.
If the latter is true, it suggests that any and all U.S. federal agencies may be seen as fair game for foreign cyberattackers. Even if a department is not seen as likely to have much in the way of valuable sensitive information, a hacker may decide that it is still a worthwhile target.
The New York Times further noted that the state of the Chinese labor market indicates there are hackers eager to take advantage of any and all opportunities that come their way. These cybercriminals will frequently search for viable targets by casting a wide net.
This trend is particularly significant in light of a recent GAO report which found that smaller agencies are struggling to keep up with evolving federal cybersecurity initiatives, having a mixed record of success in meeting important deadlines.
Furthermore, the GAO found that these smaller agencies are just as important as larger departments when it comes to network security.