Office of Personnel Management
The Office of Personal Management (OPM) is the victim of a highly intrusive cyber espionage operation conducted by “Deep Panda”, a state backed Chinese hacker group. The personal information of over 4 million current and former government employees dating back to 1985 has been compromised. Chinese hackers managed to circumvent the much vaunted EINSTEIN 3 cyber intrusion monitoring and blocking system (Sternstein, 2015). Once OPM’s network was penetrated, the hackers were easily able to access government records, as OPM’s personnel data was unencrypted (Perera, 2015). The breach was initially discovered by CyTech Services, which ran diagnostic software of OPM’s network in a sales demonstration in April of 2015.
Several US intelligence officials stated that the collection of OPM personnel records represents a goldmine for Chinese counterintelligence activities. In tandem with the Anthem Inc. and Premera Blue Cross breaches conducted by Deep Panda, the Chinese government has the medical records, security clearance statuses, social security numbers, performance ratings, addresses, and other compromising personal data of millions of US government employees (Barrett, 2015). The data is useful in both the recruitment of Americans by Chinese intelligence services and identification of American spies within the Chinese government.
Cyber security experts have been widely critical of OPM’s failure to safeguard its networks given the sensitivity and volume of its personnel files. Adam Firestone, Senior Vice President and General Manager of Kaspersky’s Government Security Group, remarked that the government needs to reassess its approach to cyber security from “perimeter defense” to the internal defense of networks:
“The issue is how the network was prepared for the breach. And what were the internal security mechanisms inside the network to prevent the information inside the network from being used and useful for an adversary who got in. From our perspective we assume a breach, we assume that everything is porous, but we prepare. The idea is to prepare the network and your systems for the breach such that even though they do get in, what they retrieve is not useful.”
Navy Cyber Command has demonstrated the viability of this approach as it has managed to fend off every cyber intrusion since the Navy-Marine Corps Intranet breach in 2013. Cyber Fleet Commander Vice Admiral Jan Tighe attributed the success of Navy Cyber Command to the prompt internal defense of its networks, noting that initial breaches were inevitable. It is unclear how the United States will respond to China given the Department of Defense’s newly released cyber strategy which emphasizes the US will retaliate against cyber-attacks (Stewart, 2015). The distinction in the OPM case is the hacker group did not destroy OPM networks or hardware, but committed an act of espionage.