September 29, 2016, by David McCauley – When you typically hear about war you imagine a faraway conflict in a distant land. What would you think if I told you that our government is involved in a conflict happening right now beneath our very noses? This conflict isn’t fought in the desert, tundra, or jungle – it’s fought among cables, wires, and circuits. On the internet several big global players are ‘fighting’ in the information age on a digital front. Cyber warfare and cyber security go hand-in-hand as offense and defense. Defending against cyber attacks is profoundly difficult in part because it’s challenging to anticipate every possible weak spot. You often hear about corporations and retailers that are hacked, resulting in the loss of customer and client information.
The United States government is targeted too, and these attacks are a topic of public and private interest. The sensitive information the government deals with makes it a high risk sector. That information is now stored and transmitted digitally rather than existing entirely in physical records of the past. Because of the broad scope and multiple branches of the government, securing all data is a gargantuan task. Last year’s breach of the Office of Personnel Management (OPM) is troubling indicator that in some aspects the government’s cyber security is lagging behind. In June 2015 OPM suffered two separate but related cyber attacks that resulted in the theft of background investigation records. These records included the social security numbers of 21.5 million individuals as well as 5.6 million fingerprints. According to OPM’s Cybersecurity Resource Center, a three-pronged investigation involving OPM, the Department of yeah Homeland Security (DHS), and the Federal Bureau of Investigation (FBI) was conducted. After thorough analysis and investigation, the incident response team determined that the perpetrators are no longer active within these government networks.
The global risk consultancy firm Control Risks indicated in their 2016 RiskMap Report that between Oct 2014 and Oct 2015, one-third of all cyberattacks were carried out against the government. While at first it might seem that these government cyber security issues have little to do with service members, but that’s far from the case. The OPM breach resulted in millions of compromised background investigation records. This is a serious matter and highlights what could be lost if proper controls aren’t installed in government work stations.
All government employees and military service members have a responsibility to follow cyber security best-practices to order to prevent opportunities for cyber attacks. Human error is the greatest negligent threat to data security. Properly adhering to organizational standards and security guidelines is vital. Some basic guidelines include:
- Never access classified documents from unsecured systems.
- Do not download or store work related files in public or unsecured storage locations.
- Don’t use unsecured mobile devices to access sensitive information.
- Avoid saving passwords to your browser, and remember to regularly update passwords.
- Always return checked-out devices to their proper location and log their usage.
Each of these guidelines when ignored can allow opportunities for the system to be compromised. Written security policies exist for a reason – particularly in a government setting where that information can directly relate to national security. Be vigilant, follow your information handling guidelines, and you could help prevent the next data breach.
About the Author: D.M. McCauley is a former U.S. Navy sailor who worked in Intel. After the service he has dedicated his time to writing and traveling with his significant other.