With latest breach, calls for superior government cybersecurity increasing
Throughout the federal government and beyond, there is widespread agreement that the U.S. needs to significantly improve its cybersecurity capabilities in a wide range of areas. The problem, stated bluntly, is that as the U.S. has come to depend more and more on digital resources, government agencies' data security efforts have simply failed to keep pace with these developments. This has created a status quo with far too many vulnerabilities. Combined with a growing number of sophisticated, opportunistic hackers eager to steal sensitive government information, it's no surprise that the U.S. has suffered so many data breaches in recent months and years.
Now, yet another U.S. government agency has become the victim of a successful cyberattack. This time, the Census Bureau was the target and the hacktivist organization Anonymous was the perpetrator. In light of other, even more prominent breaches, this new incident should serve as a call for a new approach to cybersecurity across the entirety of the federal government.
"The breach affected 4,000 Census Bureau personnel."
A breach at the Census Bureau
This latest breach likely affected approximately 4,000 Census Bureau personnel. Among the revealed information were names, email addresses, phone numbers and employees' password hashes.
In light of the Office of Personnel Management's recent data breach, the scope of the Census Bureau breach is relatively minor, as Consumer Affairs pointed out. The OPM incident resulted in approximately 22 million exposed records, which clearly dwarfs this latest attack.
However, the significance of the Census Bureau breach lies primarily in the fact that it appears so minor, when in reality it should be seen as a fairly important event. The frequency of U.S. data breaches has become so great that individual instances seem fairly insubstantial unless they affect truly massive numbers of people or concern especially sensitive information. The OPM breach qualified under both of these metrics, garnering it much more attention than many other serious federal cyberattacks have gained.
"The U.S. government is susceptible even to attacks from hackers who lack a state sponsor."
Additionally, the news source pointed out that whereas the OPM and other major data breaches are suspected to be the work of state-sponsored cyberattackers, the Census Bureau breach was the work of a loose, unofficial collection of hacktivists known as Anonymous. Rather than pursuing state secrets or other tools of espionage, the hacktivists committed this act as a means of protesting against the Transatlantic Trade and Investment Partnerships, according to NextGov blogger Darren Guccione. This is significant for several reasons. For one thing, it demonstrates that the U.S. government is susceptible to attacks even when the hackers lack the resources of a state sponsor. While certainly the members of Anonymous who perpetrated this cyberattack knew what they were doing, there's no denying that they were essentially amateurs. The fact that their political activism could result in a data breach at a federal agency reveals a great deal about the shortcomings of U.S. cybersecurity capabilities and reliability.
A lackluster response
The further significance of this breach is that it highlights the lack of progress that federal agencies have made in their efforts to improve their cybersecurity defenses in the wake of data breaches. Consumer Affairs called this incident "another reminder (as if you needed any more) that the United States government cannot protect its own data."
Guccione shared a similar sentiment, arguing the Census Bureau and OPM breaches should serve as "a wake-up call for all Americans that we need to make government cybersecurity a national issue."
"What's at stake aren't just the identities of federal government employees or state secrets, but the digital security of all Americans," he added.
Yet despite all this, the author pointed out that even the OPM breach has failed to lead to significant improvements in U.S. cybersecurity. Instead, the federal response has been slow and agencies remain severely understaffed when it comes to cybersecurity experts. What's more, this shortcoming is not limited to the federal government – state and local governments have also fallen short in the realm of cybersecurity.
"Government agencies fix fewer than one-third of detected problems."
Guccione pointed to a recent Veracode report to highlight one of the biggest problems with the U.S. government's response to its cybersecurity missteps. Specifically, the study explained that federal agencies tend not to fix the vast majority of cybersecurity flaws. While financial service firms typically address 81 percent of these issues and manufacturing companies tackle 65 percent, government agencies overall fix fewer than one-third of detected problems.
This speaks to a lack of both resources and expertise on the part of federal agencies, as any cybersecurity vulnerabilities should be corrected immediately to minimize data breach risks.
With this in mind, it's clear that a new government-wide approach to cybersecurity is needed. Agency leaders need to work closely with cybersecurity experts to truly appreciate not just the severity of the threats they face, but also practical steps they can take to improve their protective capabilities. The ideal cybersecurity strategy will vary significantly from one agency to the next, but a key commonality will always be the need for vigilance and dedication.