CyberSecJobs recently featured a new piece by Attorneys Chris Graham and Caroline Leary on the current state of federal cybersecurity. According to the lawyers, federal agencies have a long way to go to ensure the protection of both classified information and the private information of its employees and millions of Americans.
In "Internal Security Risks Highlight the Need for Improving Federal Cyber Security Infrastructure," Attorneys Graham and Leary assert that our federal agencies are woefully behind in keeping their digital systems safe from hackers, malware, and even internal violations and lazy policies. "As recent events have shown, the danger of security breaches is not limited to outside hackers and nations trying to infiltrate the government’s systems," they write. "Such danger is also found in the government’s failure to take serious internal security risks."
They cite a troubling 2014 report from the U.S. Government Accountability Office, which found the 17 of the 24 federal agencies surveyed admitted to "material weaknesses or significant deficiencies" in their information security controls. Those agencies with so-called high-impact systems also reported that they were more frequently the target of overseas hackers and could confirm over 2,200 incidents adverse actions against their systems—frequently their email systems.
Attorneys Graham and Leary turn to several recent, high-profile examples that further indicate the need for change. One was the NSA hack that occurred last month—a leak of 234 megabytes of information on the NSA's own cyber weapons. A recent breach of United States Office of Personnel Management's system has also threatened the information on federal employees and, potentially, tens of millions of individuals.
Another example is the ongoing Hillary Clinton email saga-- in which the former Secretary of State used a personal email server to receive and send emails with classified and confidential information. The FBI called Clinton and her team's handling of their email "extremely careless" and the ordeal is another stark example of the how the Department of State—and other federal agencies—need to vastly improve their cyber security infrastructure.
You can read "Internal Security Risks Highlight the Need for Improving Federal Cyber Security Infrastructure" in its entirety here.