After OPM data breach, what is the state of cybersecurity?

Listen to Jason Miller's full interview with Terry Roberts and Shawn Henry on the state of cybersecurity in government.
shawn_henry_conference
Shawn Henry

Recent cybersecurity embarrassments at the Office of Personnel Management, the White House and the State Department have cybersecurity experts wondering how the government became so vulnerable. Their response: it hasn’t always been this way.

The White House’s sweeping plan on cybersecurity, the Comprehensive National Cyber Initiative, was set up in 2008-2009 to shore up cyber vulnerabilities across government. But with so many recent hacks, Shawn Henry, chief security officer and president of Crowd Strike Services, told Federal News Radio America isn’t better than it was three to five years ago when it comes to preventing cyber attacks.

“You had the executive branch and the legislative branch coming together with a comprehensive strategy. Fast forward eight years later, we see an OPM breach where it appears that relatively benign or easy to correct capabilities were defeated … that was not necessarily a very  difficult attack, overall,” Henry said.

Henry, along with Terry Roberts, the founder and president of CyberSync, co-chair the cyber track at this year’s Intelligence and National Security Summit being held in September.

Terry Roberts
Terry Roberts

Roberts told executive editor Jason Miller that cyber progress has not been consistent across agencies.

“I do think that there is progress being made, but it’s not across all of government. So, I think we have pockets of excellence and we’re not able to take advantage of that excellence consistently in support of all government organizations … I think one of the key pieces that is missing is there isn’t a cyber baseline for every government organization,” she said. “Instead, I think we’ve been reactive to what is the latest threat factor, and then we put new technologies in place, and sometimes it takes literally years to put those in place. And, in the meantime, something as critical as the OPM personnel database was really left unguarded,” Roberts said.

Henry also said that adversaries looking to infiltrate government databases have developed a more refined approach.

“The adversaries have absolutely gotten better. The most sophisticated adversaries have capabilities that allow them to get into environments and into networks with relative ease, it seems, and they’re able to remain there undetected for long periods of time,” Henry said.

Read more interviews with other experts from the Intelligence and National Security Summit here.