It is no longer a matter of if the U.S. will fall victim to massive cyberattacks, it is just a matter of when. At least that seems to be the consensus of the National Security Agency, among other high-profile watchdogs.
The NSA recently stated that the country needs to be prepared for the possibility of more high-level cyberattacks — attacks like the one which targeted the U.S. Office of Personnel Management (OPM), leaving millions of sensitive government records exposed. And considering the massive attack is believed to have gone undetected for a year, there’s certainly plenty of cause for concern.
Last week the U.S. government confirmed the two cyberattacks on OPM ultimately compromised over 21 million Social Security numbers, 19.7 million forms with data and 1.1 million fingerprint records, The Wall Street Journal reported.
Navy Admiral Michael Rogers, who currently serves as both the Director of NSA and Commander of the U.S. military Cyber Command, is quite sure this will not be the last time attacks of this magnitude hit the U.S.
“I don’t expect this to be a one-off,” Rogers said while speaking at the London Stock Exchange as part of an effort to raise awareness of cybersecurity threats in the financial sector, adding the incidents have forced the government to take a closer look at its cybersecurity policies, WSJ reported.
While no official communication may be sent to victims of the recent attacks for some time, OPM confirmed anyone who went through a security clearance background investigation performed by the office since 2000 should assume their information was affected by the data breach.
Earlier this month the agency outlined the steps it plans to take in order to assist potential victims. The office will offer a comprehensive suite of monitoring and protection services to individuals whose sensitive information was compromised, including full service identity restoration support and victim recovery assistance and identity theft insurance.
Rogers explained that while the government continues to work through the aftermath of what happened at OPM, one of the remaining questions revolves around how to determine the “right vision for the way forward in how we are going to deal with things like this.”
Rogers also confirmed that though Cyber Command is in charge of protecting Defense Department networks, it was not given the responsibility of defending OPM.
“We are in a world now where, despite your best efforts, you must prepare and assume that you will be penetrated,” he explained during the event. “It is not about if you will be penetrated, but when.”
Rogers said cooperation between both companies and the government is needed in order to truly protect networks. “Cyber to me is the ultimate partnership, Rogers said. “There is no single entity out there that is going to say: ‘Don’t worry, I’ve got this.’”