How government agencies can prepare for cyber attacks
Organizations across a number of sectors are increasingly vulnerable to cyber attacks, putting the information of millions of people at risk of exposure. Government agencies are a prime target for hackers, criminals and hostile foreign entities who seek to cause disruption, sow distrust and obtain classified or sensitive information.
A report by the U.S. Government Accountability Office in December 2018 found that federal agencies reported 35,277 cyber security incidents in the fiscal year 2017, a significant increase of 14 percent compared to the previous year.
With cyber attacks on the rise and data breaches growing in number and scale, what are the consequences of cyber attacks, and what steps can government agencies take to prevent them?
What are the most common types of cyber attacks?
Cyber attacks can take many forms, and the sophisticated methods used by hackers and criminals are constantly evolving. A cyber attack will usually take place in one of the following ways:
- Denial-of-service (DoS) or distributed denial-of-service (DDoS) attack. This type of attack floods network servers or systems, using bandwidth and rendering them unusable.
- Malware. This attack occurs when a system user clicks a link or opens an email attachment, which can then install software on the machine to block access (ransomware) or obtain information (spyware).
- Phishing. This occurs when a cyber attacker attempts to steal sensitive information, such as a credit card number or login information, by posing as a trustworthy source.
- Man-in-the-middle (MitM) attack. These take place when an attacker inserts themselves into a two-party transaction, such as obtaining information from a device connected to an unsecure public Wi-Fi network.
As technology has progressed in recent years, the opportunities for cyber criminals have increased. Large organizations - such as government agencies - are prone to lapses in security procedures which make them prime candidates for hackers.
Recent notable cyber attacks on government agencies
Governments at all levels - federal, state and local - hold sensitive information which could be misused if accessed by cyber attackers. This information could range from personal data such as social security numbers or dates of birth, to intellectual property disclosures filed by businesses.
In the wrong hands, this data can be used to commit identity fraud and other crimes which affect the lives of everyday citizens. At a macro level, the information can be utilized by foreign powers to extract state secrets or influence democratic elections.
There have been several notable cyber attacks on government agencies in recent years. The most prominent examples include:
- Titan Rain (2003 coordinated attacks on United States computer systems). Hackers gained access to U.S. defense contractor computer networks, who were targeted for their sensitive information. Attempts were also made to access NASA and FBI systems, although no classified information was reported to have been stolen. Although the attacks were labeled as Chinese in origin, the identities of the hackers remain unknown.
- 2007 cyber attacks on Estonia. In April 2007, the Estonian parliament, banks, websites and broadcasters fell victim to a series of DDoS attacks. The country’s infrastructure was crippled as the coordinated attack affected financial institutions and government websites. Estonia’s government blamed Russia for the attacks, and at the time, was labeled as the second biggest instance of cyberwarfare after Titan Rain.
- 2008 cyber attack on the United States military. Described as the “worst breach of U.S. military computers in history”, the attack occurred when an infected flash drive uploaded malicious code onto the military’s Central Command network. The code went undetected and spread to both classified and unclassified systems. It took the Pentagon over a year to clear the virus, in which time USB drives were temporarily banned and the autorun feature on Windows was disabled.
- Shadow Network (2009 theft of Indian government documents and emails). In 2010, a report was released detailing the theft of documents related to the Indian government, in addition to 1,500 emails from the Dalai Lama’s office. The operation also compromised computers in every continent except Oceania and Antarctica. The attackers were determined to be part of China’s underground network of hackers.
- 2014-2015 data breach at the United States Office of Personnel Management (OPM). In one of the largest breaches of government data in the history of the U.S., Social Security numbers and other personal information was stolen from OPM computer networks between 2014 and 2015. The data breach affected an estimated 21.5 million people. Reasons for the breach included a lack of data masking, redaction and encryption practices. The operation was blamed on China.
- 2016 Democratic National Committee (DNC) cyber attacks. Computer hackers infiltrated the DNC’s computer network, which resulted in the theft of thousands of documents and emails. U.S. intelligence agencies concluded with high confidence that Russia was behind the cyber attack, in an attempt to sow discord, erode public trust, and interfere with the U.S. presidential election process.
- 2019 Australian Parliament cyber attack. Computer networks used by Australian political parties were targeted by a “malicious intrusion” on February 8th. Although no data was accessed in the breach, lawmakers were advised to change passwords. The Australian Prime Minister, Scott Morrison, blamed a “sophisticated state actor” for the intrusion.”
The Center for Strategic and International Studies (CSIS) keeps an updated timeline of significant cyber incidents. They also detail which countries are most often the ‘offenders’ and the ‘victims’ in such situations. The United States has been victim to over one hundred major incidents since 2006.
How governments can prevent a cyber attack
Governments are now fully immersed in technology - from issuing laptops and smartphones for their employees, to providing apps and other technological aids to members of the public. This opens up additional opportunities for hackers, and means government agencies need to be vigilant to prepare for cyber attacks.
The International City/County Management Association conducted a survey focusing on how local governments in the U.S. are affected by cyber attacks. It found that over a quarter of local governments are under attack on an hourly basis - but perhaps even more worryingly, that 27.6 percent of respondents did not know if, or how frequently, they were the targets of cyber attacks.
There are a number of measures which governments of all sizes can take to help prevent cyber attacks:
- Create and foster a culture of cybersecurity vigilance amongst workers. Ensure that employees are trained in cybersecurity standards and work with experts to develop effective coping mechanisms against cyber attacks. Simple steps like multi-factor authentication can be immensely beneficial.
- Build cooperation at all levels of government. Federal, state and local administrators all have their part to play, implementing best practices which allow information and intelligence to be shared securely along the chains of command.
- Monitor access to all government systems. All credentials and security details should be updated on a regular basis, with permissions revoked for employees who have left their role or no longer require access.
- Ensure security solutions are up-to-date. Rather than relying on outdated and potentially vulnerable security processes, governments should proactively invest in cybersecurity to protect sensitive information.
The frequency of cyber attacks is increasing, and government entities in the United States are the most vulnerable in the world.
Staying one step ahead of cyber criminals is not an easy task, but implementing robust, proactive security processes is the most effective way to deal with this dangerous threat.