White House Directs Agencies to Lock Down Government SystemsWritten by Kirby Wadsworth on June 16, 2015
Bayshore Blog Post: DefenseOne.com
June 14, 2015
From DefenseOne.com: Swift measures recommended in the wake of OPM attack
Aliya Sternstein of Nextgov.com reports that, in the wake of a devastating hack on Office of Personnel Management, the Obama administration is directing agencies to lock down government systems.
The report says that the White House has directed all federal agencies to take a series of swift measures to lock down government systems, in the wake of a devastating hack that possibly delivered Chinese spies data that could compromise national security.
A summary of the steps released late Friday evening does not explicitly mention the data breach, which was discovered in April and made public last week. Records on more than 4 million current and former civilian agency and military employees were leaked during the incident, which struck the Office of Personnel Management.
It is believed a second, related attack may have victimized people holding security clearances and those who have been investigated to obtain such clearances.
“Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” Office of Management and Budget officials said in a statement. In addition to OPM, the White House, State Department, U.S. Postal Service were attacked by hackers over the past year.
U.S. Chief Information Officer Tony Scott “recently launched” what officials are calling a 30-day cybersecurity sprint.
According to White House officials, the emergency procedures include:
“Immediately” deploying so-called indicators, or tell-tale signs of cybercrime operations, into agency anti-malware tools. Specifically, the indicators contain “priority threat-actor techniques, tactics and procedures” that should be used to scan systems and check logs.
Patching critical-level software holes “without delay.” Each week, agencies receive a list of these security vulnerabilities in the form of DHS Vulnerability Scan Reports.
Tightening technological controls and policies for “privileged users,” or staff with high-level access to systems. Agencies should cut the number of privileged users; limit the types of computer functions they can perform; restrict the duration of each user’s online sessions, presumably to prevent the extraction of large amounts of data; “and ensure that privileged user activities are logged and that such logs are reviewed regularly.”
Dramatically accelerating widespread use of of “multifactor authentication” or two-step ID checks. Passwords alone are insufficient access controls, officials said. Requiring personnel to log in with a smartcard or alternative form of ID can significantly reduce the chances adversaries will pierce federal networks, they added, stopping short of mandating multi-step ID checks.
As Chief Marketing Officer at Bayshore Networks, Kirby is on a mission to educate and inspire leaders to act now to protect our industrial infrastructure - and our way of life - from cyber threats. Bringing more than two decades of executive leadership in both public enterprises and emerging startups, Kirby is a published author, keynote speaker, teacher, and frequent contributor to over 20,000 online followers.