During this day and age when almost everything revolves around using the computer and the Internet, it’s bothersome to hear how services aren’t that secured and your personal details can easily be hacked by malicious beings to steal money from consumers or just wreak havoc in the interwebs.  But what’s more alarming is finding out that your own government is not that secured in terms of cyber security.

In an article published by Computer.co.uk, former government CIO Bill McCluggage was featured slamming the cyber security efforts of the government, stating that it’s moving at a glacial pace compared to private sectors like banks who were quick to figure out how to avert cyber security crisis.

McCluggage stated that the government’s efforts are “big and brutish” that’s why it takes longer to implement.  The downside of this scenario is that though the security may be tougher, the implementation takes longer thus providing attackers a huge window to infiltrate their systems.

“You’re going to create an opportunity for fraudsters if you’re not rapid in the way you deploy countermeasures in depth,” said McCluggage.

Another problem that McCluggage sees is that some of the government ITs are unwilling to adapt to newer technologies that would allow them to keep up with how private sectors dealt with the same situation.

“The banking sector has been quite successful,” he said. “It has seen a 50 per cent reduction in online fraud in the last four years or so, because it has applied relevant and timely technology on a risk-balance equation.”

He also noted that when the time comes that everything is digitalized, that may be the only time the government will realize that they need to implement something quick or face losing more money than they already are.  In 20ll, Prime minister David Cameron stated that the UK is losing £27bn per year.  If the UK government doesn’t act quickly, that number is just going to keep rising.  McCluggage noted that people working in the government are afraid of change because they do not understand it.  They are unwilling to learn how the private sector dealt with cyber security issues as they think that their experience in the government is different from those in the private sector.

“They worry that their jobs might be under threat. Their position of power is that government is a dark art and industry doesn’t need to know about it. That’s now being jeopardised because people are coming in to show other ways of doing things from the private sector,” McCluggage stated.

Epic Government Fails

Thinking about, the UK isn’t the only government being victimized by hackers.  In 2009, the Utah Department of Technology Services and the Utah Department of Health suffered an attack wherein 24,000  Medicaid and CHIP (Children’s Health Insurance Plan) records were removed by Eastern European hackers with at least one file containing information on hundreds of individuals.

In June 2011, the hacker collective Anonymous called out to every hacker all over the globe to attack government agencies and publish all classified information they obtain as they campaign for liberty, and privacy, and against government corruption.  That resulted into the leaking of a megaton of smartbomb acquired from Arizona’s Department of Public Safety.  Some of the files exposed weren’t that important but some files showed tactical raid plans and even embarrassing stuff about the AZDPS.

The next to be attacked are the sheriffs.  Anonymous released 10gb of confidential data cache obtained from 70 US law enforcement agencies that contained “hundreds of private emails spools, password information, address, Social Security numbers, credit card numbers, snitch information, training files, and more.”  It was followed by the release of a data dump of law enforcement e-mails that contained secret dialogues between the sheriffs that revolved around petty corruption, contempt of the public, and racism de jour.

Seriously, I’m amazed at how lax the government is in their cyber security when everything they don’t want the public to know about could be easily taken from their sites.  And it’s just irritating how careless the government can be especially with public data.  Just serves them right to be exposed for all their little crimes, too bad the public has to suffer because of their idiocy.

A workaround: What a government CIO should keep in mind

Still, these attacks provided the government a good dose of bitter lesson.  At least now they’re doing something about it while they can, or before something that could totally crush them gets exposed.

Cheat to win

Cheating is bad, but sometimes it’s the only way to beat cheaters or on in this hackers.  Just like what Star Trek’s  Captain James T. Kirk did to beat the Kobayashi Maru – the unwinnable pilot disaster simulator.  By knowing how hackers think, security experts would know their next move which would result in them averting an attack as they already know their modus operandi.

Beefing up security measures

When the water pump failure in Illinois sparked rumors of cyberterrorism, the FBI used Splunk,  the software that enables users to search, monitor and analyze machine-generated data by applications, systems and IT infrastructure at scale via a web-style interface, to get to the root of things.  They soon found out that  a contractor logged in from Russia – it wasn’t a state-sponsored attack or cyberterrorism.  It’s good to know that the FBI uses tools such as Splunk in their fight against cyber threats.

Security in the cloud

The cloud is said to be information technology’s next frontier but though this sector proves promising as it would allow people to do more with the cloud aside from storing files, it is still quite vulnerable to hackers.  In an interview with SiliconANGLE founder John Furrier at TheCube, Curt Aubley, Lockheed Martin VP & CTO Cyber Security & NexGen Innovation, stated that right now, security agencies are dealing with 80% known threats and 20% advanced threats.  Advanced threats are those authored by malicious groups who lives and breathes malware – they spend everyday creating new threats that would expose any vulnerabilities on any system.  Aubly noted that the government knows about this and they’re employing security providers to comply with government security measures while still being able to fend off threats.

Try and keep up

The government may not be doing everything as fast as they should be but at least they’re doing something.  It’s one thing for hacktivists like Anonymous getting their hands on government files and exposing their crimes to the public but it’s another thing if terrorists gets their hands on government files, especially if those are about national security.

The government already employs hackers to work for them, but not all hackers think alike, so it would be next to impossible to stop malicious authors from creating vicious malware or to stop hackers from infiltrating their systems because some of them get a huge sum of money for what they’re doing.  All the government can do is to try to keep up with the hackers so they won’t be caught off guard.