How RESILIA Could Have Mitigated the Recent Massive Breach at the U.S. Office of Personnel Management

In today’s rapidly changing world of technology, it is becoming more and more difficult for organizations to stay ahead of hackers and information breaches. What is even more disconcerting is the discovery of a breach occurring weeks or months later than the actual day of the crime and in some cases, even going fully undetected for years. Organizations throughout the world face an uphill task of securely protecting their information assets, especially as hackers keep using sophisticated techniques and keep getting continuous sponsorships from state actors and other agencies. It is no wonder, therefore, that organizations, or for that reason, even a nation probably, keeps fearing the prospect of being a victim to ransom and reputation, notwithstanding financial losses and disruption to business, by these cybercriminals as they go about attacking vulnerable entities at will.

The OPM Breach

The U.S. Office of Personnel Management (OPM), which handles government security clearances and federal employee records was recently breached and four million personally identifiable information of former and current federal employees were stolen. The breach was discovered in early April 2015 and investigation reports suggest that the attack could have occurred late last year, nearly 4-5 months before being discovered. This is supposed to be the first largest cyberattack on the U.S. government by any single individual or group of hackers. The same group is identified to have earlier hacked major health insurers namely Anthem and Primera. An anti-hacking detection system called ‘EINSTEIN’ happened to discover the malicious activity in April. Besides the Office of Personnel Management, twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information).

Causes of the OPM breach

The primary reasons attributed to this crime being successful were due to the facts that:

• The agency did not possess an inventory of all the computer servers and devices that had access to its networks,
• It did not use multi-factor authentication or authentication techniques used similar to online banking that is required by anyone gaining access to information,
• It did not regularly scan for vulnerabilities in the system,
• Some of the computer systems were certified as safe for use but were not “operating with a valid authorization”,
• Despite the problems on 2 servers being very severe, they were continuously used instead of temporarily being disabled and appropriate patches applied before putting for reuse.

RESILIA Could Have Mitigated the OPM Breach

RESILIA™ is a set of best practices for all governments, industries, and individuals in becoming cyber resilient (mind you, not cyber secure) in this ever-evolving cyber activity world. The best practices are available as a guide as well as courses for one and all for getting awareness and aspiring to become cyber resilient to the cyber crimes prevalent today and that may occur in the future.

RESILIA takes into account proactive measures (and not only reactive) while combating cyber crimes with the result that entities can not only be secure but can additionally prevent a possible malicious activity or detect, respond and recover quickly from any incident.

The RESILIA set of cyber resilience best practices follows the same lifecycle approach as the ITIL framework and highlights advantages of how each of these can mutually interact and add value to the other’s domain. Various strategies (such as defense-in-depth), processes and controls are considered for reducing the exposure to risk as well as limiting the impact in the event of an attack. Segregation of duties is also included that can prevent fraud or undesirable practices. All of the causes stated earlier for the OPM breach would have been taken care of during the adoption process, thereby preventing any such or similar attacks from occurring in the first place. Had the breach still occurred, it would have minimized the impact considerably and recovered almost instantly.

RESILIA is Cyber Resilience Best Practice from AXELOS, the prominent owner of Global Best Practices including ITIL® and PRINCE2®.

Conclusion

Ironically, the Office of Personnel Management failed to adopt and implement the NIST Cybersecurity Framework (CSF) meant specifically for the U.S. government and industries that were released just a year or two ago. Had they timely implemented this or a similar framework, the impact may not have have been this catastrophic. However, with the emergence of RESILIA, they can now certainly adopt the same, thereby strengthening their cyber posture by becoming cyber resilient, and not just cybersecurity. It is imperative today and in the future to be cyber resilient for all industries as well as governments so as to continue working in a peaceful and safe, open and collaborative cyberspace environment, else they could find themselves becoming the next cyber ‘TARGET’*.

Take the first step; learn more about the recently launched RESILIA – AXELOS Cyber Resilience Best Practices and give your learners a fighting chance against cyber attacks.

*TARGET, a major retailer in the U.S. was hacked in late 2013 and suffered a major setback to its profits and operations when millions of customers’ data was stolen. The CEO of TARGET later resigned and the CIO also followed soon thereafter.