The Interior Department has been hacked at least 19 times in the last two years by cybersecurity thieves with IP addresses from Europe and China, said a new report from the DOI’s inspector general.
Why would hackers even be interested in an agency that oversees national parks and federal lands? There are plenty of reasons: DOI collects $13 billion a year in offshore and onshore leases from the Federal government and has tons of proprietary data in its cyber coffers with geologic and geophysical data from oil and gas operators.
On top of these reasons, OIG found that DOI’s systems remain extremely vulnerable. The result of these attacks: loss of sensitive data and disruption of DOI’s systems. No one is saying how much was stolen because DOI probably doesn’t know.
“No department or agency is immune from attacks,” said Ed Cabrera, Trend Micro VP of Cybersecurity Strategy. “Any department and agency can be targeted as a launching point from which advanced threat actors attack other departments, agencies or political figures.”
CISOs have a daunting task in securing their government data and the infrastructure that supports them, said Cabrera, former CISO of the U.S. Secret Service who now analyzes cyber threats and develops strategies for Fortune 500 companies.
“The maturity level of cybersecurity programs in the Federal government are as varied as the amount that exist, and directly relates to funds and resources they receive,” Cabrera said.
Foreign governments know that DOI plays a major role in development of domestic energy resources, and would be interested to know DOI’s intentions and policies, said Don Maclean, Chief Cybersecurity Technologist, DLT Solutions.
“Any of these bad actors–hostile governments, hostile activist/terrorist groups, or criminals–know that government machines are generally configured in an identical fashion throughout the organization. This means that if they can compromise one machine, they can compromise many,” he said.
Among the OIG’s findings:
• In October 2014, attackers originating from European-based IP addresses grabbed an unknown amount of data and gained control of two of the department’s public Web servers.
• That same month, these European hackers stole user credentials with privileged access to DOI’s system. The OIG was not able to determine how many files were stolen, the report said.
• In 2013, attackers with a Chinese IP entered DOI’s systems and stayed there for a month before being detected. It’s unknown how much data was stolen.
The OIG said the threats are getting more sophisticated with new and more destructive attacks. And physical assets are threatened by cyberattacks, as well.
“Threats to cyber assets include inside threats from disaffected or careless employees and business partners, escalating and emerging threats from around the globe,” the OIG warned.
As DOI transitions to the cloud, the report said, improvements in its IT governance practices are essential to make sure all Federal and department security requirements are met.
“Security issues will continue to expand unless funding, strategic planning, and policy are met,” the report said.
With recent high-profile cybersecurity breaches in the Federal government, including at OPM where 21.5 million files were stolen earlier this year, it’s essential for DOI to continually monitor its sites to spot attacks, it said.
“DOI will have to expend additional effort to realize a mature continuous monitoring program and provide overall improvements in operations, security, and risk posture,” it added.