A cyberattack on a private institution that works with U.S. intelligence agencies has revealed yet another flaw in how many government officials view cybersecurity. The hack of Juniper Networks, which was announced Dec. 17, 2015, has resulted in a data breach that could contain encrypted correspondence of government agencies spanning more than three years.
Representative Will Hurd from Texas detailed the breach in a Wall Street Journal article, where he pointed out that the vulnerability has since been given a patch. That said, the damage has already been done, as the hackers very well could have already made off with years of sensitive government information.
No one knows the full extent
As Hurd pointed out, the real problem with this breach is the fact that there isn't a single person that can say how many agencies were affected by this breach. The cyberattack occurred due to the use of ScreenOS, a piece of software that hasn't been updated since 2011. Considering how quickly hackers adapt to cybersecurity defenses, it certainly isn't difficult to see how this particular software could have been breached.
Although the Department of Homeland Security is attempting to sift through which agencies were using ScreenOS, progress has been slow. Hurd points out that while banks using this software were forced to reveal themselves by the Securities and Exchange Commission, government officials have been slow to step up. To compound this issue even further, it is currently impossible to say who has patched the vulnerability, which means many agencies could still be at risk.
The most frightening part of this cyberattack is that not only do government administrators not know who was affected, they have no idea how long this hacking attempt could have been going on. The Better Business Bureau estimated that it takes about 170 days to detect a hack. That's nearly six months of complete freedom within a network. While that's certainly scary enough on an individual level, the fact that such an attack can go unannounced when dealing with government data is downright terrifying.
Government needs to focus more on cybersecurity
Although the U.S. is obviously keen on stopping cyberattacks, the major problem is that cybersecurity experts simply don't want to work for the government. A report compiled by consulting firm Booz Allen Hamilton found that computer security professionals can make up to $33,000 more annually by working in the private sector.
Basically, recruiting the best and the brightest for government cybersecurity positions simply isn't possible under the current pay scale the U.S. is working with. These experts know exactly how much their skills are worth, and while working for the government to ensure national security is obviously a noble goal, there is no better incentive than a large paycheck.
In fact, these professionals are in extremely high demand wherever they go. A 2015 report compiled by Peninsula Press found that there were about 209,000 open cybersecurity jobs just in America. Other countries such as China are investing in their cybersecurity divisions, and America must follow suit if it wishes to keep up with the times.