March 31, 2015 By Fran Howarth 2 min read

U.S. federal agencies have seen a string of cyberattacks in the past few months. The first to be affected was the White House, followed by the U.S. Postal Service, then the National Oceanic and Atmospheric Association. The U.S. State Department was also attacked, with “activity of concern” seen since October 2014 — the same time as the White House. According to a spokesman for the State Department, the attack seems to be linked to the one at the White House.

In the U.S. State Department hack, an unclassified email system was compromised, with emails related to the Ukrainian crisis among those stolen. Even though the attackers did not penetrate any classified areas of the network, officials concede that sensitive information that could be of value to foreign intelligence agencies is routinely shared in unclassified emails.

Phishing Email Sparks US State Department Attack

The attack reportedly started with a phishing email sent to a State Department employee that contained a malicious link that caused malware to be downloaded onto the computer. The attackers were then able to move laterally across the network, which incorporates thousands of computers spread across the United States as well as remote locations, including embassies. The vast extent of this network has hampered cleanup operations. The attackers are also believed to be using a rootkit, which is a worm that allows them to mask the majority of their activity.

Worst Attack Ever Against a Federal Agency

According to officials, the U.S. State Department hack is the worst that has ever been seen against a federal agency. The FBI is actively investigating the attack, which has demonstrated that there are serious security issues within the State Department’s network.

The system was first taken down for scheduled patching, but more comprehensive measures were required. Efforts were made to harden the system and automatically archive all emails, something that was not done previously. Other implemented measures included replacing 30,000 employee network login tokens and requiring them to change their passwords and PINs.

Comprehensive Measures to Boost Security

There has also been speculation that the attacks were the work of a foreign government. Whoever the perpetrators were, it is clear that more comprehensive measures should be taken to bolster security within the U.S. government and to raise security awareness to prevent others from falling victim to phishing attacks. All organizations — not just governments — need to beef up their ability to detect and respond to sophisticated attacks.

Consequently, among the measures being introduced by the U.S. government to improve security is legislation to encourage information sharing about cybersecurity threats. One such bill, known as the Protecting Cyber Networks Act, encourages private companies to share information via a civilian portal without fear of reprisal, since they will be provided with liability protection.

According to the bill’s backers, the business community welcomes such a move, as they hope it will help to stave off the threat of some of the mega-breaches seen recently. While previous efforts to introduce information sharing legislation have not been successful owing to fears that they would lead to increased surveillance, those concerns have largely been assuaged with this latest legislation, raising hopes that it will ultimately be successful.

More from Government

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today