Friday, June 5, 2015

Massive Data Breach Raises Questions about Perimeter Defense

The U.S. Office of Personnel Management (OPM) confirmed details of a massive data breach potentially impacting the personal records of 4 million current and past employees of the U.S. government.

OPM said it became aware of a cybersecurity intrusion affecting its information technology (IT) systems and data in April 2015 while it was in the process of updating its cybersecurity posture, adding tools and capabilities to its various networks.

Media reports attributed the attack to a Chinese state-backed hacker group known as “Deep Panda”, although both the OPM and FBI declined to comment on the specifics. Media reports also suggest that the stolen data was not encrypted.

The OPM network is believed to have been protected by the second generation intrusion detection and prevention system, known as EINSTEIN 2. A planned upgrade to EINSTEIN 3, which will be integrated as a Managed Security Service with leading Internet Service Providers (ISP), is being accelerated so as to cover all government network by the end of 2016.

Outside commentators noted that relying on a perimeter IDS, even one benefiting from signatures captured by national security agencies, may be an insufficient strategy for 2015 and beyond, compared to other solutions emphasizing network visibility for advanced persistent threats. A Bloomberg story posted Michael A Riley quotes a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington as saying Einstein 3 is already obsolete and that the commercial security industry moving away from this type of perimeter defense.