It has recently been disclosed that the Office of Personnel Management was breached and an incredible amount of sensitive information such as financial and medical information of personnel as well as 1.1 million fingerprint records was taken. While there have been a large number of security breaches occurring within the business realm, this is the first large scale breach on the federal government. In the wake of this event, the government has made advancements in Federal cybersecurity.
Back in June of this year, a “30-Day Cybersecurity Sprint” was enacted for several Federal agencies. The purpose was to figure out any areas of vulnerability and recently, the results were collected. This new information will help the government and the Department of Homeland Security to figure out the next steps to create a better system of cybersecurity. The agencies first used techniques, tactics, and procedures provided by the Department of Homeland Security to scan their systems for any immediate signs of cyber attacks or malicious cyber activity. Each week, the agencies will receive a DHS Vulnerability Scan Report where vulnerabilities will be identified for these problem areas to be corrected.
A next step would be to crack down on security policies and practices for users that have access to sensitive information. This includes minimizing the number of users with privileged access in the first place as well as limiting the number of functions that can be performed when using the account. Other things to consider would be to limit the duration that each privileged user can be logged into the system, making sure that all activities are logged and reviewed, and finally, to limit the number of functions that can be performed while logged on from a remote access point. These are just some of the things that the Department of Homeland Security is doing to ensure cybersecurity within the government.