Last month hackers stole Internal Revenue Service (IRS) data belonging to more than 100,000 taxpayers. This sort of attack on the IRS and other federal computer systems keeps happening—and succeeding—because the government’s cyberdefenses are not strong enough to resist.
Hacking of U.S. government electronic databases is a near-constant threat. Attacks allegedly come from criminal gangs in Russia and Central and Eastern Europe, often seeking financial information from systems like the IRS, which holds personal data on hundreds of millions of taxpayers.
Other cyberattacks can come from skilled foreign operatives, such as hackers allegedly working for the Chinese government, trying to extract high-value intellectual property or gather intelligence. In one such case, a 2015 hack of Office of Personnel Management (OPM) data exposed the personal information of 22 million current and former federal employees. Other hackers attack U.S. sites independently in hopes of selling what they find to interested buyers.
Due to their nature, position, and size, federal networks need stronger security measures than most organizations. So far the cybersecurity resources devoted are not in proportion with the risks. How can U.S. government agencies be better prepared to protect their sensitive data?
Recent Action to Increase Protection
Several policy measures and initiatives are aimed at tackling cyberthreats. Last year, President Obama announced a plan for government agencies and private companies to better share information about pending and ongoing cyberthreats. In December, Congress codified that process in law.
Just last week, the White House released a Cybersecurity National Action Plan. It includes a multifaceted cybersecurity effort within the federal government, extending through the private sector and even with recommendations for individual behavior to improve personal cybersecurity.
These efforts complement other policies and programs adopted in recent years. The 2010 National Strategy on Trusted Identities in Cyberspace aims to increase confidence in online transactions. The 2011 National Initiative on Cybersecurity Education program seeks to train more people to do cybersecurity jobs. The 2011 International Strategy for Cyberspace promotes international collaboration to fight often-elusive digital attackers.
