[Infowarrior] - FBI, DHS Share Lessons Learned from OPM Hack

[Richard Forno]

More "lessons learned" to be read and subsequently ignored until the next big incident, at which point, another set of identical "lessons learned" will be generated, read, and ignored.  Lather, rinse, repeat.     --rick


FBI, DHS Share Lessons Learned from OPM Hack

https://blog.opendns.com/2016/01/26/fbi-dhs-share-opm-security-lessons-learned/

The fallout from the epic hack on the Office of Personnel Management (OPM) continues. Since the congressional oversight hearings in June 2015, OPM Director Katherine Archuleta resigned; the government was hit with a number of lawsuits from “victims”; OPM hired a cybersecurity advisor, Clifton Triplett, and increased its IT “modernization” budget from $31 million to $87 million, with another $21 million scheduled for 2016; and the Obama administration announced Friday that OPM will no longer conduct background investigations. The FBI and Department of Homeland Security also released a “cyber alert” outlining a collective analysis and lessons learned from the OPM hack.

The memo was distributed only to cleared contractors by the Defense Security Service, and it includes a number of recommendations for security efforts going forward. While the memo does not name OPM specifically, according to an FCW article, the timing of its release and the recommendations included reportedly coincide with the OPM breach directly.

At the forefront is the recommendation for a segmented identity management system, which, according to the memo, could have limited the severity of the OPM breach. From the FCW article:

“When an organization’s network is not segmented from others, this could mean hundreds of sub-networks are affected versus one,” the memo states. Privileged access controls “would have helped detect the intrusion earlier and made it significantly more difficult for the actor to spread across the network.”

While the entire memo could not be located, FCW did list a number of security recommendations from it, including:

	• Enabling a personal firewall at agency workstations
	• Monitoring users’ online habits and blocking potentially malicious sites
	• Employing encryption for data at rest and in transit
	• and Investigating “outbound network traffic observed over TCP port 53 that does not conform to the DNS protocol.”

< ->

https://blog.opendns.com/2016/01/26/fbi-dhs-share-opm-security-lessons-learned/

--
It's better to burn out than fade away.