Data breach highlights need for improved federal cybersecurity
In March, cyberattackers gained access to sensitive networks housed within the federal government. While the exact nature of this attack and its culprits have yet to be determined definitively, some observers believe that the incident speaks to the need for improved cybersecurity efforts among U.S. federal agencies.
New tactics needed
As Federal Times reported, the hackers accessed the government's e-QIP system, an automated data system that stores security clearance investigation information. In response, the Office of Personnel Management and U.S Computer Emergency Readiness Team, both of which are part of the Department of Homeland Security, are now investigating the breach.
According to a congressional staffer familiar with the system, e-QIP consists of a wide range of sensitive information that could be very useful to a hostile foreign nation, the news source explained. Many speculate that the cyberattack originated in China, but these claims have not been verified.
In light of this event, Rep. Michael McCual, R-Texas, argued that Congress must take steps to improve and streamline the government's overall approach to cybersecurity. The news source noted that McCual particularly emphasized the need for greater clarity regarding the DHS's role in regard to cybersecurity. This would allow the DHS to respond to and contain data breaches and other cybersecurity-related incursions more quickly and effectively.
Sen. Tom Carper, D-Del. and chairman of the Homeland Security and Governmental Affairs Committee, agreed with McCual's assessment. As Federal Times reported, Carper called on Congress to modernize out-of-date cybersecurity laws across the board as a means of reducing the risk of future attacks.
The severity of these issues was further emphasized by Mark Weatherford, former deputy undersecretary for cybersecurity at DHS. He noted that neither the DHS nor any other agency has overarching authority to oversee federal cybersecurity efforts. This lack of leadership compromises the government's data protection efforts as a whole.
"There is no overarching authority that allows DHS to have that kind of insight and visibility across the federal government spectrum," said Weatherford, the news source reported.
Weatherford went on to argue that Congress has been lax on the issue of cybersecurity. Instead of addressing the underlying problems, lawmakers have instead focused more on chastising agency leaders following cybersecurity incidents.
Beyond rearranging responsibility for federal cybersecurity, the government also faces data protection challenges within the various agencies. In particular, smaller agencies have struggled to achieve compliance with cybersecurity and privacy issues, as the Government Accountability Office recently reported. This is particularly important because these agencies house just as important, sensitive information as their larger counterparts, yet they frequently lack the resources and staff necessary to adequately protect their assets.
"Small agencies…like large agencies, place a great deal of sensitive information on their systems and, if not properly protected, they are at risk from the growing and evolving threats to the systems and networks that support federal operations," the GAO report concluded.
This suggests that the government needs to take action to both reorganize its approach to cybersecurity and increase funding for programs that serve this purpose. Only a comprehensive effort will effectively protect sensitive government information from cyberattackers.