The OPM breach, revealed earlier this month, reportedly took place in April. The original estimates claimed as...
many as four million federal employees' records may have been affected. More recent estimates from investigators said as many as 14 million records may have been compromised, including those of current and former federal employees as well as contractors.
In response, the White House is pushing the "30-day Cybersecurity Sprint" in an effort to get various government agencies to take "aggressive actions to upgrade the federal government's technology infrastructure and protect government networks and information, implementing tools and policies."
According to reports, these government cybersecurity steps include immediately patching any vulnerabilities; restricting privileged user access to sensitive information; requiring multi-factor authentication procedures to access federal networks; and employing electronic "indicators" provided by the Department of Homeland Security to highlight when attacks happen.
"They amount to a list of basic best practices that have been commonplace for a long time," Meyer said. "What this tells me is they have a problem with basic cyberhygiene and that is likely a symptom of a larger culture problem that disregards security needs."
When the news of the OPM breach was released, questions were raised about the effectiveness of the Department of Homeland Security's (DHS) intrusion detection system, known as EINSTEIN, because the DHS admitted it "cannot currently detect or protect against new threats until they are identified and an associated signature is developed and entered into the system."
The current White House proposal does not appear to include steps to improve EINSTEIN. Meyer said this wasn't necessarily a surprise, but that DHS should take steps to make the system more proactive.
"With drawn out requirements and procurement cycles, it is not surprising that the DHS system is behind the curve and this can create a false sense of security," Meyer said. "EINSTEIN is just a monitoring system and at the end of the day, the asset owners need to take action on the alerts that the system is generating in a timely fashion. This is likely why the current system is only practicing 'observe and report' rather than a more aggressive action."
Learn more about other government cybersecurity bills.