Nearly five years ago, the Office of Personnel Management was hit with one of the largest data breaches in American history that exposed millions of records, including information about people who had undergone background checks. That breach is still looming over federal cyber efforts, including in the intelligence community.
Multiple individuals in leadership roles were vacated after the breach, including Katherine Archuleta, then director of OPM. There aren’t any publicly known consequences on record that resulted from using the stolen information, but the reputational damage is still being felt and similar risks remain.
“But just looking back, those risks still exists. The adversary that took the information still has that information and a lot of that information is permanent, unchanging information about 20 million individuals who are responsible for safeguarding America’s secrets. And so the threat and the challenge with those individuals are still very much ongoing,” said Sina Beaghley, a senior international/defense policy analyst with the RAND Corporation, on Agency in Focus: Intelligence Community.
With any breach, it is key to identify how it occurred and who are the responsible parties, which is yet to happen with the OPM breach.
Often times a breach can come from someone on the inside, much like the high-profile saga of Edward Snowden — an individual within the intelligence community that directly took data he had been granted access to.
A concept that got more traction after Snowden and other similar incidents was the idea of continuously monitoring individuals that have already received a clearance to ensure new risks have not emerged by collecting data outside of just what the government has collected and evaluating if the clearance is still appropriate.
“Continuous evaluation is getting all this data from these sort of sources that are available, that collect information about individuals and on a regular basis, kind of having this picture of the individual and seeing these red flags that come up not from just what the government can see on it’s own computer system,” Beaghley said.
Beaghley says the insider threats are not just about sensitive materials, there are physical risks as well. “But then there’s physical security, both of the information and of the individuals where we have had a number of scenarios where people have actually been physically harmed or killed because of actions taken by an insider who had access to them physically and no longer could be trusted. But the government didn’t detect that ahead of time.”
The government is beginning to recognize the convergence of physical and cybersecurity according to Beaghley. She cites the creation of the Defense Counterintelligence and Security Agency, which merges vetting of personnel with the need to protect critical technology, as an example.
Attacks make things more challenging for the intelligence community but serve as learning tools for the government as they continue to adapt in the mission of keeping sensitive information and the people that manage them safe.