State Department Hack Escalates Federal Data Insecurity - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


State Department Hack Escalates Federal Data Insecurity

The reported break-in of the State Department's network raises national security concerns.

Reports of a hack into U.S. State Department IT systems raises concerns about data security in the federal government to a whole new level. Unlike the laptop thefts that have plagued the Veterans Affairs and Agriculture departments, Federal Trade Commission, and Internal Revenue Service in recent months but gave thieves access to a finite amount of information, the State Department faces the daunting task of clearing up a breach that reportedly gave attackers access to data and passwords that could open the door to future attacks.

The June computer break-ins and subsequent discovery limited Internet access at many State Department locations, including its Washington headquarters, and inside the Bureau of East Asian and Pacific Affairs, the Associated Press reported Wednesday. Word of the attacks comes at a particularly delicate time for the State Department, which has been involved in critical diplomatic negotiations with North Korea following that country's testing of nuclear missiles earlier this month.

The idea that government-held data could be breached as the result of an attack rather than the negligence of government workers is a sobering thought and one not addressed by the multitude of hearings and proclamations that followed in the wake of the May theft of a Veterans Affairs laptop and hard drive containing more than 26.5 million records. "With the State Department, we could be talking about classified information, not just personally identifiable data," says Paul Kurtz, executive director of the Cyber Security Industry Alliance.

There are different types of data breaches and, as a result, a need to react with different levels of concern. When a laptop is stolen, the laptop's owner can usually console themselves with the thought that the data on the device was not the target of the theft. If the thief does access the data on the stolen device, IT shops can determine the contents of that device and have a good idea of what they're up against.

But the State Department's breach is much more troubling. "This is by far worse than the loss of one laptop, even if it had 26 million names on it," says Gartner VP and fellow John Pescatore. The State Department has to figure out what's been stolen from its systems and whether that information was used to access government networks and plant malicious software such as rootkits, which could make subsequent attacks easier. "It's hard enough to remove rootkits from one server, never mind several servers," he adds.

The State Department has a less-than-stellar record when it comes to IT security. In March, the White House Office of Management and Budget's annual federal government computer security report card gave the State Department an F grade for fiscal 2005, even worse that its D+ grade for fiscal 2004. The overall grade given to all 24 federal agencies evaluated was a D+.

As details of the attack against the State Department surface, the incident brings to mind the October 2000 hack against Microsoft, where an intruder had access to the company's corporate network for 12 days. Microsoft security employees discovered the break-in near the end of that month after they found that internal passwords were being siphoned to an E-mail address in St. Petersburg, Russia.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll