Cyberattacks on the U.S. government and private sector are only going to get worse, said President Obama on Monday, days after suspected Chinese hackers made off with 4 million federal workers’ records.
“This problem is not going to go away — it’s going to accelerate,” Obama said at a press conference in Germany, where he is attending the G-7 summit of leading industrial nations. “That means that we have to be nimble, as aggressive and as well-resourced as those who are trying to break into these systems.”
{mosads}The data breach at the Office of Personnel Management (OPM), revealed last week, has shed a light on the federal networks’ inadequate cyber defenses and unveiled a massive Chinese cyber espionage campaign to gather data on government employees.
Many security experts are surprised it took Chinese hackers this long to obtain all federal workers’ information. The 4 million records cover the 2.7 million current government employees, plus sensitive data on retired employees going back to 1985.
It’s thought Beijing is looking to compile data on government officials in order to stage further cyber campaigns, ranging from targeted phishing attacks to blackmail to imitating high-ranking officials.
Previous suspected Chinese cyberattacks across the public and private sector had compromised hundreds of thousands of government workers’ data, but nothing like the scale of the hack revealed last week.
“We have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as times go by, both in systems within government and within the private sector,” Obama said.
A November report from the OPM’s inspector general described myriad shortcomings in the agency’s network security. For instance, the OPM did not regularly scan the network for vulnerabilities, nor did it require basic authentication techniques used by most online banking systems.
“Part of the problem is we’ve got very old systems,” Obama said. “What we are doing is going agency-by-agency and figuring out what can we fix with better practices and better computer hygiene by personnel, and where do we need new systems and new infrastructure in order to protect information.”
Last month, it was also revealed that suspected Russian cyber thieves snapped up tax information on roughly 100,000 people. They gained access by simply imitating those individuals using information that had leaked onto the dark Web following previous hacks.
IRS chief John Koskinen said the hackers would seek to file fraudulent tax returns in 2016.
“Both state and non-state actors are sending everything they’ve got at trying to breach these systems,” Obama said.
The president reiterated his call for Congress to pass legislation that would encourage the government and private sector to exchange more information on cyber threats. Privacy advocates have objected to the legislation, arguing it would shuttle more data to the intelligence agencies.
“We’re going to have to be much more aggressive,” Obama said, “than we have been.”