Office of the Chief Information Officer
- Eric Eskelsen, Office Chief Information Officer, US Department of Education
- 19 pages
- September 16, 2009
“ In the near future, information warfare will control the form and future of war…Our sights must not be fixed on the fire-power of the industrial age; rather, they must be trained on the information warfare of the information age. ”
–Major General Wang Pufeng, Peoples Liberation Army, China
The reconnaissance phase of a Cyber war is already taking place –we are already under attack !!
• High interest in all cabinet personnel and travel OCONUS
• Intel Agencies seek Political, Economic and military
• All mobile devices are targets
• Exfiltration of US sensitive data from local networks and systems committed by hostile Nation States increasing.
• FBI Report to Congress: Al-Qaeda terrorist cell in Madrid used stolen PII/ SI to conduct much of their business.
• Increased cases of a critical nature against critical networks identified by the US-CERT
• In FY 2009, events detected will continue to rise
• Stronger awareness and countermeasures will be required to protect against future threats.
• Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database. January 26, 2009
• Nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place -Verizon Forensic Investigations
• USDA, unknown hackers may have illegally accessed a USDA database containing PII information -approximately 26,000 Washington, D.C., area employees are potentially at risk for identity theft.
• DOT OIG, lost over 100,000 state of Florida Drivers PII.
Peer 2 Peer File Sharing –Top Risks for all Users
US DOT Chief Privacy Officer (CPO) released government DOT and National Archive documents onto P2P File Sharing Network
• CPO’s daughter installed PEP software on home computer
• Computer contained DOT and National Archive
• Documents found by Fox News Reporter using Limewire
Why the Increase In Cyber Intelligence
• Recent open source network compromises disclosure, becoming more common, used as a nation enabler
• Easier to steal digits, than to integrate a spy
• Larger ROI in stealing R&D, vice actually doing it. (Past events have shown that .EDU has been used as a gateway to .GOV)
• Economic motivation
• Globalization empowerment
• Continuous national interest into US directions and intentions
• If you can’t out shoot them out spend them. (costly to recovery from breaches)