Cyber security experts have been widely critical of OPM’s failure to safeguard its networks given the sensitivity and volume of its personnel files. Adam Firestone, Senior Vice President and General Manager of Kaspersky’s Government Security Group, remarked that the government needs to reassess its approach to cyber security from “perimeter defense” to the internal defense of networks:
“The issue is how the network was prepared for the breach. And what were the internal security mechanisms inside the network to prevent the information inside the network from being used and useful for an adversary who got in. From our perspective we assume a breach, we assume that everything is porous, but we prepare. The idea is to prepare the network and your systems for the breach such that even though they do get in, what they retrieve is not useful.”
Navy Cyber Command has demonstrated the viability of this approach as it has managed to fend off every cyber intrusion since the Navy-Marine Corps Intranet breach in 2013. Cyber Fleet Commander Vice Admiral Jan Tighe attributed the success of Navy Cyber Command to the prompt internal defense of its networks, noting that initial breaches were inevitable. It is unclear how the United States will respond to China given the Department of Defense’s newly released cyber strategy which emphasizes the US will retaliate against cyber-attacks (Stewart, 2015). The distinction in the OPM case is the hacker group did not destroy OPM networks or hardware, but committed an act of espionage.
- Chinese hackers may have breached the federal government’s personnel office, U.S. officials say, Fred Barbash and Ellen Nakashima, 2015.
- Navy, Marine Cyber Fought Off All Net Attackers Since 2013, Sydney J. Freedberg, Jr.,2015.
- Anthem Breach May Have Started in April 2014, Brian Krebs, 2015.
- The Chinese Have Your Numbers, 2015.
- U.S. Weighs Extent of Suspected Data Breach by Hackers in China, Devlin Barrett, 2015.
- U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say, Devlin Barrett, Danny Yadron and Damian Paletta, 2015. http://www.wsj.com/articles/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888
- Opm Hackers Skirted Cutting-Edge Intrusion Detection System, Official Says, Aliya Sternstein, 2015.
- China's Cyber Attack, Defense News, 2015.
- U.S. Spy Agencies Join Probe of Personnel-Records Theft, Damian Paletta, 2015.
- Pentagon's new cyber strategy cites U.S. ability to retaliate, Phil Stewart, 2015.