Nextgov on the White House directing all US government agencies to tighten up their cyber defenses “immediately” in the wake of the massive OPM hack:
A summary of the steps released late Friday evening does not explicitly mention the data breach, which was discovered in April and made public last week. Records on more than 4 million current and former civilian agency and military employees were leaked during the incident, which struck the Office of Personnel Management.
It is believed a second, related attack may have victimized people holding security clearances and those who have been investigated to obtain such clearances.
“Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” Office of Management and Budget officials said in a statement. In addition to OPM, the White House, State Department, U.S. Postal Service were attacked by hackers over the past year.
U.S. Chief Information Officer Tony Scott “recently launched” what officials are calling a 30-day cybersecurity sprint.
While some of the required countermeasures are valuable in the larger sense of cyber defense, I am unsure those will actively prevent nation state attacks or even substantially lower their success rate. However, I do like the direction to accelerate the use of two-factor authentication. That will surely help but overall, I think the US government needs a much better, more uniform, and far more comprehensive approach to cyber defense.