It has recently been disclosed that the Office of Personnel Management was breached and an incredible amount of sensitive information such as financial and medical information of personnel as well as 1.1 million fingerprint records were taken. While there have been a large amount of security breaches occurring within the business realm, this is the first large scale breach on the federal government. In the wake of this event, the government has made advancements in Federal cyber security.
Back in June of this year, a “30-Day Cybersecurity Sprint” was enacted for a number of Federal agencies. The purpose was to figure out any areas of vulnerability and recently, the results were collected. This new information will help the government and the Department of Homeland Security to figure out the next steps to create a better system of cybersecurity. The agencies first used techniques, tactics, and procedures provided by the Department of Homeland Security to scan their systems for any immediate signs of cyber attacks or malicious cyber activity. Each week, the agencies will receive a DHS Vulnerability Scan Report where vulnerabilities will be identified in order for these problem areas to be corrected.
A next step would be to crackdown on security policies and practices for users that have access to sensitive information. This includes minimizing the number of users with privileged access in the first place as well as limiting the amount of functions that can be performed when using the account. Other things to consider would be to limit the duration that each privileged user can be logged into the system, making sure that all activities are logged and reviewed, and finally, to limit the amount of functions that can be performed while logged on from a remote access point. These are just some of the things that the Department of Homeland Security is doing to ensure cybersecurity within the government.