US Government departments have been coming under fire lately. A hacker managed to breach one of the Pentagon’s email systems in June, leading officials to take up to 1,500 accounts offline. Seemingly by chance, the system did not contain classified information relating to military operations, according to a spokesman.
The same week, Scott Charbo, the chief information officer of theDepartment of Homeland Security, was being taken to task by Congress forsuffering a reported 844 security incidents last year. These includedworkstations infected with Trojans, a compromised department website andclassified emails being sent over unclassified networks.
One congressman said the infiltration of US government networks was oneof the most critical issues confronting the country. A few weeks laterhowever, reporters for Associated Press managed to download sensitive USmilitary and technical files by accessing anonymous FTP servers with nopassword protection or, in one case, with a password that was includedin another file on the server.
All relatively common issues, albeit at a very high level. In the UK,we’ve already seen a targeted Trojan attack against government emailaddresses, and it’s a fair bet that similar attacks to those describedin US congress are ongoing against UK networks.
The Information Commissioner’s annual report lambasted some largeorganisations’ attitude to secure storage and disposal of personalinformation, which has led to more calls for EU-wide breach notificationlegislation, citing US disclosure law SB 1386 as an example tofollow.
The message seems to be, once again, that the US is ahead. But this timeit’s in terms of experience rather than technology. If UK leaders – bothgovernment and business – were to realise that work needs to beginimmediately to avoid similar problems down the road, we might actuallyhave learned something from our “special relationship” partner.