It happened at the White House in late October. Two weeks later, it happened at the State Department. By the end of November, the Postal Service also admitted it happened to them.
So what's been happening to all of these agencies over the last couple months? They've been hacked. And some of them, hacked badly. In fact, 2014 might go down as the year of the black hat hacker. Cyber attacks aren't anything new, but the scope of the intrusions and the coverage of the issue reflects a new frontier opening in this battle.
Record numbers of daringly gigantic cyber attacks have been peppering the media all year long, leaving the digital community searching for better answers. Why these attacks are happening, and what government can do to stop them are now central issues for every government CIO office.
Scope of the problem
Attacks like the ones mentioned above are just the ones that make the headlines, but the problem is pervasive. The Heritage Foundation, a conservative think tank in Washington, has pulled together a list of the most recent gov-centric hacks over the last three years (they also have a great list on the corporate side as well). It's pretty much a who's who of government agencies: Nuclear Regulatory Commission, Department of Energy, Army Corps of Engineers, IRS, NASA, and DHS have all been hacked recently.
Deutsche Telecom maintains an interactive, early warning map of data breaches across the world, clearly showing how heavily American infrastructure is attacked.
But people shouldn't just blame the bureaucratic pace of government. Consider what's been happening the private sector as well. The infamous Target and Home Depot hacks have both happened in the last 12 months, affecting nearly 100 million Americans (myself included). JP Morgan Chase's much less publicized data breach affected 76 million households and seven million small business, according to the New York Times. Sony was hacked so badly last week that the LA Times reported Sony's internal teams started using pencil and paper to communicate internally, because Sony was forced to shut down all its IT systems!
snoopsmaus. Security lapses like Heartbleed lie deep in the stack, making intrusions and protection harder for government IT professionals.
Lapses in cyber security sometimes stretch beyond the scope of every organization. Popular application stacks like LAMP and MEAN, which underlie the modern Web, leverage large quantities of open source software that are subject to the vagaries of widely distributed teams. Security faux-pas can lie dormant deep in these stacks, sometimes for years unnoticed. The Heartbleed and Shellshock vulnerabilities, discovered in the last couple years, affected half of all internet enabled devices. Conversations around security have to shift from "will" we get hacked to "when" we get hacked.
Sign up for Computerworld eNewsletters.