News broke late Thursday that the Pentagon, the United States Department of Defense, the symbol for “curiously-shaped thing that exists to keep us all safe,” had reportedly been hacked by Russia. As reported by CNN, the allegedly-Russian hackers took advantage of a “new and different vulnerability” in order to delve into the Pentagon’s Joint Staff unclassified email system.
As one can assume that hackers wouldn’t be interested in seeing whatever DoD staffers last ordered from Amazon and stealing their credit cards, it would appear that this attack is motivated by the chance of intelligence-gathering or aimed at stealing state secrets. It would also appear that if a successful, sophisticated new hack could be launched against that theoretical pinnacle of U.S. defense, then really, what chance do any of us have?
CNN reported, “No classified networks were penetrated, officials said. The attack has the hallmark of one by a foreign government, but they still are not certain, officials said. The spear phishing attack, however, successfully penetrated the unclassified email at multiple points, the senior official said. All of the required cyber protection and patches were in place, but the attack still was able to find a way into the network that the U.S. government had not seen before, according to the preliminary analysis, the official said.”
Well. Based on that particular paragraph, there may be reason to question the idea that this Pentagon hack represents some new and wildly sophisticated encroachment upon governmental cybersecurity. Spear phishing has become a fairly well known modus operandi, combatable by effective employee training and human watchfulness. It’s a knock on the door, but there’s no need to answer.
A trend among breached entities has arisen in branding every hack a heretofore “unseen” tactic that rivals all those that have hacked before in sophistication. This might be the case – the common cry among those fighting back against the criminal computer element is that hackers develop new skills much quicker than their targets can respond. But it might also just be a good way to save face.
As governmental cybersecurity has become the major topic of conversation in Congress, largely focused on the OPM breach, accountability has been a hefty highlight. OPM director Katherine Archuleta took the fall for the massive breach at her former agency, inevitable amid the many, many congressional hearings that demanded someone to blame for the hack. Will a series of hearings now insist upon a Pentagon scapegoat? Will Department of Defense suggest their budget was just too tight for cybersecurity this fiscal year? That seems unlikely.
Perhaps now, whatever the outcome of the Pentagon hack, the post-breach regulatory tone can be shifted from one that plays the blame game to one that recognizes the supreme vulnerability of all those with data and people to protect on a daily basis from faceless attackers.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
