Breaches bring lessons for the intelligence community

Concerns of another data breach hitting the government is looming over federal cyber efforts.

Nearly five years ago, the Office of Personnel Management was hit with one of the largest data breaches in American history that exposed millions of records, including information about people who had undergone background checks. That breach is still looming over federal cyber efforts, including in the intelligence community.

Multiple individuals in leadership roles were vacated after the breach, including Katherine Archuleta, then director of OPM. There aren’t any publicly known consequences on record that resulted from using the stolen information, but the reputational damage is still being felt and similar risks remain.

“But just looking back, those risks still exists. The adversary that took the information still has that information and a lot of that information is permanent, unchanging information about 20 million individuals who are responsible for safeguarding America’s secrets. And so the threat and the challenge with those individuals are still very much ongoing,” said Sina Beaghley, a senior international/defense policy analyst with the RAND Corporation, on Agency in Focus: Intelligence Community.

With any breach, it is key to identify how it occurred and who are the responsible parties, which is yet to happen with the OPM breach.

Often times a breach can come from someone on the inside, much like the high-profile saga of Edward Snowden — an individual within the intelligence community that directly took data he had been granted access to.

A concept that got more traction after Snowden and other similar incidents was the idea of continuously monitoring individuals that have already received a clearance to ensure new risks have not emerged by collecting data outside of just what the government has collected and evaluating if the clearance is still appropriate.

“Continuous evaluation is getting all this data from these sort of sources that are available, that collect information about individuals and on a regular basis, kind of having this picture of the individual and seeing these red flags that come up not from just what the government can see on it’s own computer system,” Beaghley said.

Beaghley says the insider threats are not just about sensitive materials, there are physical risks as well. “But then there’s physical security, both of the information and of the individuals where we have had a number of scenarios where people have actually been physically harmed or killed because of actions taken by an insider who had access to them physically and no longer could be trusted. But the government didn’t detect that ahead of time.”

The government is beginning to recognize the convergence of physical and cybersecurity according to Beaghley. She cites the creation of the Defense Counterintelligence and Security Agency, which merges vetting of personnel with the need to protect critical technology, as an example.

Attacks make things more challenging for the intelligence community but serve as learning tools for the government as they continue to adapt in the mission of keeping sensitive information and the people that manage them safe.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    This image made available by NASA shows an illustration of the Transiting Exoplanet Survey Satellite (TESS). Scheduled for an April 2018 launch, the spacecraft will prowl for planets around the closest, brightest stars. These newfound worlds eventually will become prime targets for future telescopes looking to tease out any signs of life. (NASA via AP)

    Commercialization of geospatial intelligence means agencies will have to innovate, adapt

    Read more
    background investigation

    Trump will kick-start upcoming security clearance modernization with new national security memo

    Read more
    Amelia Brust/Federal News Network

    IC faces human capital challenges like any component of government

    Read more