By Natasha Bertrand2 hours ago
Two months after the Office of Personnel Management (OPM) discovered that it had suffered a massive data breach, the Obama administration is trying to figure out how best to retaliate against the prime suspect — China — without escalating the cyberwar.
"In a series of classified meetings, officials have struggled to choose among options that range from largely symbolic responses — for example, diplomatic protests or the ouster of known Chinese agents in the United States — to more significant actions that some officials fear could lead to an escalation of the hacking conflict between the two countries," The New York Times reported last week.
US President Barack Obama is asking for a creative response. But cybersecurity expert Dave Aitel, CEO of Immunity Inc., thinks the government would be better off focusing its energy and resources on securing its vulnerable systems rather than on retaliation.
"If you want to disrupt and deter people from hacking OPM, all you have to do is properly secure it," Aitel told Business Insider.
"We lost a lot of really valuable information, but we have to remain the adults in the room."
In hacking the OPM, Chinese hackers diverged from their pattern of stealing intellectual property and defense secrets. Instead they targeted information that would enable them to build a database of US diplomats, intelligence operatives, and those with business in China.
"The government just has to secure its systems and move on," Aitel added, especially since the OPM hack was technically fair game.
"This particular kind of hack is considered normal — nation states spy on each other all the time, and we don't sanction them or start cyberwars over it," Aitel said. "It was massive, but it was well targeted."
Indeed, as one senior administration official told The Times in June, "This was classic espionage, just on a scale we've never seen before from a traditional adversary."
And mistakes were clearly made.
Contractors in both Argentina and China were reportedly given "direct access to every row of data in every database" when they were hired by the OPM to manage million of detailed personnel records of federal employees and applicants, and the hackers managed to stay undetected in the agency's security clearance computer system for over a year.
"OPM's data-security posture was akin to leaving all your doors and windows unlocked and hoping nobody would walk in and take the information," House Oversight chairman Jason Chaffetz (R-Utah) told Katherine Archuleta, who resigned as OPM director over the breach, during a hearing before the House Oversight and Government Reform Committee in June.
No comments:
Post a Comment