State Department hacking further emphasizes need for better federal cybersecurity
Everyone agrees that federal cybersecurity is important. Agencies throughout the government possess a tremendous amount of highly sensitive information that countless cybercriminals and other hackers would love to get their hands on, and robust cybersecurity solutions are essential for thwarting such efforts.
Unfortunately, the U.S. government's current efforts in this area are not sufficient to ward off the growing number of sophisticated threats, as yet another breach demonstrated.
State Department troubles
The most recently revealed cyberattack targeted the State Department's unclassified email system. In response, the department was forced to disable the email system in its entirety, in order to allow technicians to repair damage and make cybersecurity upgrades. During this downtime, certain public State Department websites also became unavailable.
"We are implementing carefully planned improvements to the security of our main unclassified network, taking advantage of a scheduled outage," said Jeff Rathke, a spokesman for the State Department.
The attack occurred in October, but was only recently revealed. According to Rathke, no classified data was accessed during the incident.
Part of a pattern
The full nature of the intrusion is currently being investigated by the FBI and other intelligence agencies. However, the State Department noted that this attack occurred at the same time as a similar breach affecting a White House computer network. Consequently, many observers suspect that the two incidents were directly linked.
In both cases, agency spokespeople declined to identify any suspects. The sheer complexity of the cyberattacks points fairly strongly toward state-sponsored actors, with most outside experts assuming that either Russia or China is responsible.
As Rathke noted, though, this cyberattack was not especially rare – just unusually successful.
"The State Department, like any other large organization that has a global span, is a constant target of cyber attacks," he acknowledged.
As troubling as the successful intrusions into White House and State Department computer systems were, they are not unique events. Virtually every agency within the federal government has experienced at least one breach in recent years, and many have been struck multiple times. Rathke was correct to note that these organizations are constant targets for attacks, and while many attempts are stopped, many others are successful.
Clearly, federal agencies need to embrace superior cybersecurity strategies in order to protect their sensitive information and other assets. And as cybercriminals and state-sponsored hackers become increasingly sophisticated in their efforts, this need will only grow.
However, this is much easier said than done. There are countless factors that make it difficult to fully, perfectly protect an agency's digital resources from cyberattackers. Among the most significant of these is the employees themselves. As an Associated Press investigation revealed, a large percentage of cybersecurity incidents from recent years are attributable to insider mistakes.
Consequently, the implementation of better training and guidance should be a priority for any federal agency eager to improve its cybersecurity capabilities. Without knowledgeable and responsible worker habits, even the most robust cybersecurity system will eventually come up short.