Is the United States government at risk of getting hacked by the Islamic State?
It’s entirely possible, according to a top cybersecurity expert hired by the federal government’s Office of Personnel Management, who recently warned about the likelihood of hackers from ISIS attempting to breach the agency’s computer systems.
Clifton Triplett, whom OPM hired as a senior cyber and information technology adviser following a massive data breaching exposing the personal information of more than 21 million current and former federal employees, explained what he sees as a major during a Bloomberg Government webcast on Monday.
“What I have to do is … assume that, at some point in time, they may be successful.”
“What I have to do is … assume that, at some point in time, they may be successful,” NextGov reports Triplett saying during the event.
In June, federal officials announced that OPM, which effectively acts as the federal government’s human resources department, had been the victim of the largest data breach in U.S. government history. Hackers reportedly had near-universal access to the agency’s computer systems, which held everything from names and addresses to biometic information like fingerprints.
Officials have privately fingered hackers linked to China as the source of the OPM hack. The CIA has even gone as far as pulling it officers from the U.S. Embassy in Beijing due to security concerns related to the breach.
Early this month, the Chinese government announced that it had arrested hackers it believes were behind the attack on OPM. Officials said the were acting independently and had no ties to the Chinese government.
When it comes to cyberattacks believed to originate from state-sponsored actors, China is typically the most notable source. Even so, U.S. officials blamed Russia for recent successful hacks against the White House’s email network and an unclassified Pentagon email system used by employees of the Joint Chiefs of Staff.
The breach of the personal email account of CIA Director John Brennan, on the other hand, was reportedly the work of a precocious 13-year old.
For its part, ISIS and its affiliates have had some success in attacking the U.S. government’s computer systems—although no security breaches have approached the scope of the OPM hack. In January, the YouTube and Twitter accounts of U.S. Central Command were briefly taken over by a pro-ISIS group calling itself the Cyber Caliphate. The hostile takeover occurred while President Barack Obama was delivering a speech about cybersecurity at the Federal Trade Commission.
In October, American officials arrested a Kosovo citizen named Ardit Ferizi in Makaysia for allegedly hacking a private company in the United States to obtain information of over 1,000 members of the military and other federal employees, and then gave that data over to ISIS. That list was allegedly made public in August by a group calling itself the Islamic State Hacking Division.
Triplett said that, in order to prevent similar breaches from happing at OPM going forward, the agency is working to limit the degree of access each individual user’s account has to agency’s vast quantitity of date. “So if we do have a compromise,” he said, “it is far more contained than, for example, our last incident.”
H/T NextGov | Illustration by Max Fleishman