- - Sunday, January 3, 2016

ANALYSIS/OPINION:

The year 2015 brought cybersecurity mainstream with headless worms, jailbreaking, ghostware and data breaches all joining the daily headline lexicon. Tens of millions of Americans were directly impacted. We learned of the most massive and catastrophic cyberattack in U.S. history, and of an unrepentant secretary of state transmitting classified material via personal email. The hydra-headed cybercriminals adopted increasingly innovative tactics, state-sponsored actors such as Iran become bolder, and social media became a terrorism story. Here’s but a snapshot of our cyber-insecurity in 2015.

Office of Personnel Management: What could possibly go wrong when a government agency outsources its sensitive data management to China? The actual scope of the attack remains abstruse. Suffice to say, the OPM breach was devastating for the United States, and has cost our intelligence services a generation of spies. More than 21 million Americans were excruciatingly exposed, I regrettably count among them. Six months later, OPM still has the personal data of all federal employees and our sensitive resources continue to be targeted. The office remains a very plump, slow-moving target for state actors and criminals alike.

Hillary Clinton’s email: The lurching scandal surrounding the former secretary of state’s flagrant abuse of national security data is the political cyberhit of the year. Quite simply, if an enlisted soldier transmitted top secret information via personal email servers, he would be in jail. Evidently, aides routinely took screenshots of top secret documents and emailed the pictures to Mrs. Clinton’s private account. The FBI has ramped up inquiries into the security of Mrs. Clinton’s jerry-rigged email system and how her aides communicated over email. This is nothing less than a criminal breach of national security. Then there is Secretary of Defense Ashton Carter, but that’s another story.

New York dam breach by Iran: Perhaps one of the most troubling breaches of 2015 actually occurred two years ago — but has only just come to light. The revelation occurred, not coincidently, after Tehran snared a nuclear deal with Washington. Iranian hackers infiltrated the control infrastructure of a small dam in New York, ringing alarm bells at the White House. The breach came amid a separate surge of attacks by Iran on U.S. banks. Despite these concerns, the Iran nuclear deal stands. Our power grid, pipelines and dams are essentially unprotected on the Internet. The details of the dam breach remain classified, but will serve as a blueprint for Islamic terrorists. It seems legacy is more important than national security.

Social media and Islamic terrorism: Since the Islamist terror attacks on San Bernardino and Paris, social media companies, most notably Twitter and Facebook, are under intense pressure to help identify Islamic extremists that use their networks to fund, recruit, promote and plan terrorism. They are resisting, so Congress is stepping in — which, of course, seldom works. Just as they do with child pornography, Twitter and Facebook have the technology to stop Islamic terrorists exploiting their platforms — what they lack is the will.

Health insurance providers: Cybercriminals compromised more than 100 million health insurance records in 2015 — an annus horribilis for the heart of the health insurance industry. The breaches included names, Social Security numbers and birthdates. The biggest hit was on Anthem, exposing 80 million customers. To put the cherry on top, the Department of Health and Human Services says that — coupled with Premera Blue Cross, Excellus Health Plan and others — the medical information of more than 100 million Americans was put under the hackers’ knife in 2015.

Internal Revenue Service: Hackers hit the IRS again this year and stole data from 330,000 taxpayer accounts. Two taxpayers filed a class-action suit against the IRS, over the loss of Social Security numbers and completed tax returns. The suit claims that the IRS knew its website was vulnerable, but did nothing. The criminals were able to file bogus tax returns, and net $50 million in federal funds.

CIA Director John Brennan: In a blast from the past, Mr. Brennan considered it sound practice to stick with his AOL account — remember AOL? Despite his unique insight into the dark edges of cybersecurity, he believed his trusty AOL email was immune from hacking. Teen hackers took control of his account via the weakest link — a Verizon employee — to gain access to Mr. Brennan’s personal account and bleed his account of sensitive data. I can hear the dial tone at Langley now.

Ashley Madison: This was the “made for the tabloids” breach. The attack was brazen and anything but stealthy and included more than 30 gigabytes of data, exposing 32 million Ashley Madison accounts. That’s a lot of pictures, predilections and sordid affairs — even for D.C. The data included names, passwords, addresses and phone numbers. Incredibly, AshleyMadison.com claims their membership has grown by 4 million users since the hack.

Juniper NetScreen Firewalls: Wrapping up the year in a Christmas bow, was the December revelation that Juniper Networks had suffered a long-term, potentially calamitous breach, exposing countless classified communications. Federal officials believe a nation-state — likely Iran or China — used a back door to spy on the encrypted communications of the U.S. government for more than three years. This breach is the hacking equivalent to stealing a master key, which opens every door in every government building.

What of the coming year? It’s hard to predict, but there will certainly be an arms race in information security. Cyberterrorists and criminals will launch beguilingly sophisticated attacks on everything from U.S. national security infrastructure to Internet of Things-connected medical devices. Lets hope we are not quite as surprised by events as in 2015.

Gregory P. Keeley, a National Cyber Security Institute fellow, is CEO of Swan Island Systems.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide