Recent cybersecurity events have both the Senate and the House showing a willingness to cooperate on legislation, though there is a healthy debate over how much authority the government should have to regulate security standards for private sector firms, particularly those deemed "critical infrastructure" and therefore crucial to national security. On one thing most experts are in agreement: whatever we're doing now isn't working. The following incidents are just the most public evidence.

Sony PlayStation Network data breach

The attack that brought down the PlayStation Network in April may have done more to compel congressional action on cybersecurity than any other single breach, particularly given the firm's lack of transparency and public outreach following the initial attack.

The aftermath has made some form of national data breach standard all but inevitable and may prompt some lawmakers to seek a damage provision for consumers in any upcoming privacy legislation.

Most importantly, the breach showed even the most technologically-advanced firms may still boast fundamental vulnerabilities in their systems.

Epsilon Data Management

A similar attack on the Epsilon online marketing firm affected millions of customers from a wide range of firms including Best Buy, Kroger and JPMorganChase, exposing their names and email addresses.  Again, the firm drew criticism from lawmakers for its failure to adequately communicate with affected consumers.

AT&T iPad breach

A security hole on the AT&T website exposed the email addresses of over 114,000 iPad owners including senior government and military officials last June.

Gmail phishing attack targets White House staffers

A recent phishing scheme that obtained the passwords of hundreds of Gmail users reportedly targeted White House staffers and other senior U.S. government officials.

The search giant has said the attack originated in Jinan, China which that nation's leadership has fiercely denied. The incident may also restart scrutiny of whether White House officials use personal email accounts to conduct official business.

Joint Strike Fighter hack

Hackers breached the Pentagon's $300 billion Joint Strike Fighter program in 2009, one of a number of setbacks for the costliest weapons program ever.  The incident added to the urgency to increase the military's cyber response ability; the Pentagon plans to release its first cybersecurity engagement strategy publicly on June 7.

Pentagon Credit Union

In January a hacker breached the security of the Pentagon Credit Union, putting a number of active-duty military personnel at risk of identity theft. The Attorney General's office in New Hampshire said 514 customers had been affected.

Dept of Veteran Affairs

A laptop computer stolen from a Dept of Veteran Affairs contractor last year put hundreds of veterans at risk of identity theft. It was later revealed the personal data of the 644 veterans was not encrypted, a violation of the VA's IT policy.

A similar incident in 2006 prompted a widespread political backlash and new data breach procedures at VA.

You may be victim from one of these breaches. Part of what the national cybersecurity effort set out was this year’s metrics document;  the  document also contains an entire section asking agencies to report on continuous monitoring itself, asking what percentage of data from various data feeds are being monitored "at appropriate frequencies and levels in the agency," according to the document. Data feeds included in the questioning include application logs, patch status, vulnerability scans, failed logins for privileged accounts, and data loss prevention data, among others.  

Contact us now for more information and to find out how we can help you.