Cybersecurity

A new approach to federal cybersecurity, two years after the OPM breach

Many feel the 2015 data breach at the Office of Personnel Management served as a wake-up call for the federal government. In many ways, it was more of a confirmation of what many had feared would eventually happen.

Last month marked two years since the disclosure of one of the biggest data breaches in U.S. history confirmed the theft of more than 18 million Social Security numbers and other personally identifiable information from the Office of Personnel Management. The issues that helped enable the OPM attack were brought on by years of confusing regulations, irregular budget cycles and a lack of proper oversight; compounded by the fact that change in information technology takes years, not days.

The initial response — a coordinated 30-day cybersecurity “sprint” launched by the Office of Management and Budget — was somewhat successful in implementing new security requirements, such as scanning for threat indicators, immediately patching critical vulnerabilities, and implementing two-factor authentication.