U.S. federal agencies have seen a string of cyberattacks in the past few months. The first to be affected was the White House, followed by the U.S. Postal Service, then the National Oceanic and Atmospheric Association. The U.S. State Department was also attacked, with “activity of concern” seen since October 2014 — the same time as the White House. According to a spokesman for the State Department, the attack seems to be linked to the one at the White House.

In the U.S. State Department hack, an unclassified email system was compromised, with emails related to the Ukrainian crisis among those stolen. Even though the attackers did not penetrate any classified areas of the network, officials concede that sensitive information that could be of value to foreign intelligence agencies is routinely shared in unclassified emails.

Phishing Email Sparks US State Department Attack

The attack reportedly started with a phishing email sent to a State Department employee that contained a malicious link that caused malware to be downloaded onto the computer. The attackers were then able to move laterally across the network, which incorporates thousands of computers spread across the United States as well as remote locations, including embassies. The vast extent of this network has hampered cleanup operations. The attackers are also believed to be using a rootkit, which is a worm that allows them to mask the majority of their activity.

Worst Attack Ever Against a Federal Agency

According to officials, the U.S. State Department hack is the worst that has ever been seen against a federal agency. The FBI is actively investigating the attack, which has demonstrated that there are serious security issues within the State Department’s network.

The system was first taken down for scheduled patching, but more comprehensive measures were required. Efforts were made to harden the system and automatically archive all emails, something that was not done previously. Other implemented measures included replacing 30,000 employee network login tokens and requiring them to change their passwords and PINs.

Comprehensive Measures to Boost Security

There has also been speculation that the attacks were the work of a foreign government. Whoever the perpetrators were, it is clear that more comprehensive measures should be taken to bolster security within the U.S. government and to raise security awareness to prevent others from falling victim to phishing attacks. All organizations — not just governments — need to beef up their ability to detect and respond to sophisticated attacks.

Consequently, among the measures being introduced by the U.S. government to improve security is legislation to encourage information sharing about cybersecurity threats. One such bill, known as the Protecting Cyber Networks Act, encourages private companies to share information via a civilian portal without fear of reprisal, since they will be provided with liability protection.

According to the bill’s backers, the business community welcomes such a move, as they hope it will help to stave off the threat of some of the mega-breaches seen recently. While previous efforts to introduce information sharing legislation have not been successful owing to fears that they would lead to increased surveillance, those concerns have largely been assuaged with this latest legislation, raising hopes that it will ultimately be successful.

More from Government

What’s Going Into NIST’s New Digital Identity Guidelines?

One of this year’s biggest positive cybersecurity events comes from the National Institute of Standards and Technology (NIST). For the first time since 2017, NIST is updating its digital identity guidelines. These new guidelines will help set the course for best practices in handling digital identity for organizations across all sectors. What is Digital Identity? To grasp the update’s importance, it helps to understand the role of digital identity in an organization’s security posture. In its 2017 guidelines, NIST defines…

Who Will Be the Next National Cyber Director?

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next? As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the…

How Much is the U.S. Investing in Cyber (And is it Enough)?

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes. To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going…

What the New Federal Cybersecurity Act Means for Businesses

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The risk of quantum-powered password decryption is increasing exponentially. The new legislation is designed to help federal agencies proactively shift to a post-quantum security posture. Agencies have until May 4, 2023, to submit an inventory of potentially vulnerable systems, and the Act directs the Office of Management and Budget (OMB) to prioritize the adoption of post-quantum cryptography standards. For businesses, government efforts to address emerging quantum risks…