The U.S. Department of State shut down its unclassified network in March in an effort to shore up the security of its systems following the discovery late last year that spies had access to the network.
The brief statement on the planned outage gave few details, except that the agency would be “implementing improvements to the security of its main unclassified network.” In mid-November, the State Department shut down its unclassified email system after it detected “activity of concern” on the network, reportedly the result of an attack coming from Russia.
The current planned outage came after similar activity had been detected, according to the latest statement. The agency has been working with security providers to clean up its systems and harden them against future attacks.
“The Department continues to closely monitor and respond to activity of concern on our unclassified network,” Jen Psaki, a State Department spokesperson, said in a statement posted on March 13. “Such activity is something we take very seriously.”
The ongoing security saga at the State Department highlights that the Internet has become a playground for nation-state spies and hackers. Since the discovery of the Stuxnet attack on the Iran’s Natanz nuclear processing facility—an attack attributed to U.S. and Israeli intelligence agencies—dozens of government-backed operations have been discovered.
Espionage networks attributed to a number of nations—including China, France, Israel, North Korea, Iran, Russia, the United Kingdom and the United States—have all been discovered in the past year.
The actual espionage networks have been in operation much longer. There are indications that some of the attacks, such as the recently-revealed Equation Group operation, have been operational since as early as the late-1990s.
While the current wisdom in the security industry is that companies should always assume that they have been breached, the State Department’s situation leaves the agency unable to trust its systems, James Bindseil, CEO of collaboration services and security firm Globalscape, told eWEEK.
“Once you have been compromised, every single system is suspect,” he said. “Compromising the State Department’s email systems is not the goal; that’s just a method of getting in initially. And once they are in, attackers commonly install backdoors to make sure they have access in the future.”
The State Department stressed that no classified systems had been breached, but acknowledged that U.S. government institutions have been under increasing attack by hacking groups and foreign adversaries.
“The Department is among a growing list of public institutions and private industries facing an increasing number of sophisticated cyber-threats,” Psaki said in the statement. “We are leading a team of dedicated experts from other agencies and the private sector that are working around the clock to protect the Department’s data.”
The government needs to take a more measured approach to security, designing in safeguards, rather than bolting them on after that fact, said Globalscape’s Bindseil.
“They can’t just go in and scrub a bunch of machines over the weekend, because they will be doing this same exact thing in a month,” he said.