AST Digital Magazine September 2017 AST Digital Magazine September 2017 | Page 31
Volume 16
24 U.S. federal agencies, the number of cyberat-
tacks had climbed 1,300 percent between 2006
and 2015, from 5,500 to more than 77,000 per
year.
Among those 24 agencies, 18 possess
“high-impact systems” information that
if lost could cause “catastrophic harm”
to individuals, the government or the
country.
In addition to the increase in the number of at-
tacks, the rationale behind attacks is becoming
increasingly murky.
Attacks are eventually being discovered, but all
too often, after the attacker’s tracks are wiped
clean.
September 2017 Edition
one who went through background checks to apply for a gov-
ernment position since 2000 has been affected, according to
the OPM. Courtesy of PBS NewsHour and YouTube)
While fingers point to the Chinese military as the
culprits, there is still no definitive evidence of the
hackers’ long-term intentions.
Among the theories: that the Chinese govern-
ment wants to track down dissidents, that it is
collecting potentially embarrassing information
to compromise U.S. government officials, and
even that they want to graft fingerprints of U.S.
government personnel with high security clear-
ance onto their own agents!
Tony Scott, the former U.S. federal CIO, re-
sponded to OPM with creation of the Cybersecu-
rity National Action Plan (CNAP).
Without verification of what hackers are trying
to steal and attribution, it’s difficult to know what
paths to information assets to protect or to un-
derstand the motivation.
Better insight into motivation can be invaluable
in not only protecting one agency, but also in un-
derstanding which agency might be next.
For example, in the 2016 Office of Personnel
Management (OPM) breach, where 21 million
records were stolen, the reason behind the at-
tack remains unclear.
Tony Scott, the former U.S. federal CIO
While a giant leap forward, one significant flaw is
that CNAP continues to focus on prevention and
does not focus sufficiently on in-network threat
detection, which is needed to reduce the time to
detection.
Lengthy time to detection provides attackers the
advantage they need to mount and complete
their attacks.
(More than 21 million Americans had personal data stolen
from files held by the Office of Personnel Management. Any-
Prevention technologies, such as antivirus, fire-
wall and secure gateway solutions attempt to
stop cyberattacks at a network’s perimeter.
31