Government cyber security has historically been an important issue. After all, federal, state and local organizations house an extraordinary amount of important data. While it would be ideal that all information curated by the government is protected effectively and kept secure, the reality is that federal systems are just as susceptible to attack as private networks – if not more so.
It seems any conversation about government cyber security is incomplete without a reference to the hack perpetrated against the Office of Personnel Management in mid 2015. According to The Washington Post,, the information – including emails, addresses and Social Security numbers – of more than 22 million government employees, family members and retirees was compromised in the hack. In addition, in July, when the OPM informed the world of the hack, the agency thought that the fingerprints of 1 million people were stolen, as well. However, later in the year, that number was actually found to be around five times that much, according to The Atlantic contributor Kaveh Waddell.
Federal servers hold a lot of data, and that's why they need to implement more effective cyber security strategies so that they can keep that information safe. The OPM hack was indicative of a concern that's been boiling beneath the surface of government operations for quite some time: How secure is this federal data? How do citizens keep their private systems safe even when public organizations don't have effective security protocols?
How much data is too much data?
A big part of the reason the OPM was so vulnerable had to do with the fact that it hadn't taken complete IT inventory, Waddell noted. In other words, the organization didn't know how much data its systems actually contained. As of Waddell's late-November article, the government had only recently compiled an accurate inventory of its servers. Part of the problem, according to Government Technology contributor Erin Latham, is that there is such a glut of information on these federal servers that it's hard to keep track of it all.
"Government databases are filled with everything from traffic data to pet-ownership statistics, and many agencies lack the necessary staff and infrastructure to maintain and analyze all of this information," Latham wrote. "Public-sector data analysts report that they spend 47 percent of their time collecting and organizing data but less than a third of their time actually gleaning actionable insights from it."
Public tech vulnerabilities
In addition to federal systems being vulnerable to cyber attack, Trend Micro researchers found late in 2015 that public technologies are also on the list of things cyber criminals can take advantage of. In fact, during the second quarter of 2015, government hacks took the spotlight. Hackers can exploit any kind of existing technology, which paved the way for incidents like the OPM hack and others, including one perpetrated against NATO members (Operation Pawn Storm). In addition, the White House was the target of an attack in April 2015.
Hackers are finding new ways to exploit public technologies. Meanwhile, the U.S. government has recently admitted that its cyber security strategies are less than adequate, according to CNBC contributor Arik Hesseldahl. The government's susceptibility to targeted attacks has to do with its methods of protection more than anything else. The current method of detecting intrusion is with a system called the National Cybersecurity Protection System, which is operated by the U.S. Department of Homeland Security.
"By employing only signature-based intrusion detection, NCPS is unable to detect intrusions for which it does not have a valid or active signature deployed," a NCPS report recently read. "This limits the overall effectiveness of the program."
The answer is that government entities need to get better at securing their systems, but it may take a long time to implement such an overarching solution. Therefore, citizens need to make sure their personal systems are secure as the first line of defense.
The solution: Enhance your own cyber security
When government agencies have readily admitted that their cyber security strategies are not as strong as they could be, what can citizens do to protect their own data? In many cases, keeping your data protected starts at the root – in your own homes. Making sure your systems are safe against unseemly intrusions is the first step to keeping your private information out of the hands of would-be attackers.
Government organizations have traditionally been behind the private sector when it comes to technologies, and cyber security is no exception. Public agencies should invest in security tools and software in order to strategically prevent network intrusion, but consumers should protect themselves, as well, in the event of a government hack. When you log in to government sites, especially, it's critical that your own systems are well protected.