URL: http://www.scmagazine.com/state-dept-takes-down-parts-of-network-to-harden-security/article/403608/
This was a popular article on pretty much every security website I visited.
Basically the State Department is shutting down their unclassified network for a short period of time in order to clean up malware that has been running on their network since October. They claim that it did not transfer over to their classified network or infect their Financial and HR systems.
An interesting quote in this article
But Paul Martini, CEO of iboss Cybersecurity, in an emailed statement to SCMagazine.com, noted that “while the State Department claims it is removing the final remnants of the malware, the real question is, ‘how much data could have left the network in those vulnerable months?'”
Acknowledging that any organization with an internet-connected system is likely to be breached, Martini said “That does not make it acceptable for gigabytes of data to potentially leave the network in the gap of time it takes to address the malware.”
Working for the Federal government for 20 or so years I find it hard to believe that an organization with this type of mission and more important budget could let gigabytes of data leave its network.
Unclassified does not mean public internet, there is still data on unclassified networks that is For Official Use Only (FOUO) and is not for public dissemination. Large government agencies are behind multiple segmented firewalls that should make something like this very difficult to happen. Yes you could get the malware, there is always something new coming out that AV won't detect but the layers of firewalls, IDS, IPS and specific groups designated for monitoring should notice something like this sooner.
I understand that the State Department is not the Department of Defense, but these organizations need to be held to similar standards. With the recent flurry of reports regarding a former Secretary of State using personal e-mail accounts to perform official business, they are not looking too good right now from a cyber security standpoint.
No comments:
Post a Comment