The U.S. State Department was the target of a recent series of cyber attacks, the Associated Press reported last week. The department realized various systems in several of its offices around the world—including some at its headquarters in Washington, D.C.—had been breached in mid-June after it detected “anomalies in network traffic,” according to a spokesperson for the organization.
Although no culprit has been identified, experts have speculated that the attacks might have come from groups—which may or may not be state-sponsored—operating out of China or North Korea. The former is a possibility because the U.S. Embassy in Beijing was hit especially hard, losing all access to the Internet for two weeks. However, the attacks also took place during a verbal tête-à-tête between the United States and North Korea played out in the world media due to the latter’s tests of long-range missiles.
The overall consequences of the attacks are unknown as yet, but investigators think the hackers might have stolen sensitive government data and passwords, and also put in place backdoors in certain computers that would allow the attackers to access them whenever they’re online. To date, though, no one knows exactly what information was taken, or if any was taken at all, for that matter.
This news comes around the same time that a new report from market research firm Input predicts that IT security spending in the federal sector will grow from $5.1 billion in the fiscal year 2006 to $6.3 billion in 2011. Input researchers also anticipate that legislators will revisit the Federal Information Security Management Act (FISMA) in light of incidents such as this and poor evaluations of government departments and agencies by the Office of Management and Budget (OMB). Some changes might include greater emphases on real-time network monitoring, inventory management, configuration management and identity management.
Do you think the feds are on the right track for more secure systems, or are they just throwing a lot of money and words at these cyber threats? Let us know about it in the “Information Security and National Defense” thread in the Security forum at www.certmag.com/forums. And for more information about cyberwar, go here.