US still woefully behind in the prevention of cyber attacks

The Hill:
Lawmakers in both parties say breaches reported this week at the Department of Justice and the Internal Revenue Service are the latest indication of the government’s weak defenses against cyber criminals.

While the administration has sought to downplay both incidents, some lawmakers are hitting the White House, arguing the intrusions offer further evidence that the government can’t be trusted to protect its highly sensitive networks.

“[President Obama] has neglected to take tangible steps to address these persistent cyberinfrastructure challenges,” Sen. Steve Daines (R-Mont.) said in a Wednesday statement that accused the administration of trying to sweep the IRS breach “under the rug.”

Opinion is hardly unanimous. Unlike last spring’s hack of the Office of Personnel Management, which provoked widespread criticism, some aren’t sure what to make of the latest incidents.

They say that the two breaches are unique cases that don’t necessarily point to a systemic failure on the part of the government.

“Not that these aren’t bad things that happened, I’m certainly concerned any time there’s information that’s compromised, but in these two situations, it doesn’t appear to fit in the rubric of what we generally think of as a cyberattack,” Rep. Jim Langevin (D-R.I.) told The Hill.

Spokespersons from both the Department of Homeland Security and the DOJ provided almost identical statements to reporters that emphasized there was “no indication” of any “breach of sensitive or personally identifiable information.”

The incident stems from an anonymous hacker who claimed to have breached the Department of Justice by using a stolen email address to game an IT support employee into giving him login credentials.

Once inside the network, he purportedly stole and dumped databases of tens of thousands of FBI and Department of Homeland Security personnel. Spot-checks by various publications point to the information’s legitimacy, but neither list has been confirmed.

Then, on Tuesday, the IRS announced that identity thieves had used an automated bot in an attempt to generate phony login information, using almost half a million Social Security numbers stolen elsewhere to successfully create 101,000 PINs used to file for refunds.
...
Using only defensive measures is not adequate, obviously.  What is needed is the ability to track and destroy the operations of those who infiltrate computer systems.  I do not get the impression that anyone in government is actively even considering such measures.

Comments

Popular posts from this blog

Another one of those Trump stories Ted Cruz warned about

Ted Cruz was right about Washington