Most Federal Agencies Wouldn’t Be Able to Bounce Back from a Sony Hack

If you’ve been following Global Geopolitics for a while, you will have come to the realization long ago that America is prepared for absolutely nothing.

The unintelligent community doesn’t even know what hit them until it’s too late. The political ‘leadership’ conducts hearings and continues to make warnings on taking action and implementing plans, but it never comes to fruition. The public for the most part doesn’t care so long as the shopping malls still remain open so they can scavenge like cockroaches through cheap plastic goods made in China.

America is in freefall in so many ways, the sword is coming to it (see also HERE), and no one except for a handful of people are really paying attention – and then a small fraction of that same handful dare to raise awareness like is done here.

God help America.


A file-wiping attack such as the Sony Pictures Entertainment hack could bring major federal departments to their knees, because most have no data-loss contingency plans, according to the latest figures on compliance with government cybersecurity laws.

Further, unplugging systems to contain damage, as Sony did, would impair an agency’s ability to carry out constitutional duties, some former federal cyber leaders say.

While it is debatable whether North Korea, unaffiliated hacktivists seizing an opportunity or another entity is ransacking the entertainment behemoth’s networks, one thing is clear: Sony had shoddy disaster response procedures.

The attack reportedly used so-called wiper malicious code that destroys files. After the first signs of a breach in late November, Sony officials told employees to disconnect machines from the corporate network.

Unlike industry, the federal government is required to have backup procedures in case of a cyber emergency. That said, agencies don’t always follow the rules.

More than 60 percent of the government’s major agencies do not have full contingency plans should data become unavailable, according to an annual report to Congress on the Federal Information Security Management Act.

Some departments don’t know how a cyber incident would impact their business operations, many do not conduct “regular ongoing testing nor exercising of business continuity” plans, and other agencies’ standby systems are as unreliable as their primary systems, according to the assessment, which was released in May.

“What differentiates Sony from the government is this: Sony loses the data, the shareholders are unhappy, the customers are unhappy, the employees are unhappy. If a federal government agency loses data and can’t function, they have constitutional responsibilities they may be unable to fulfill,” said Sam Visner, a former National Security Agency signals intelligence chief, who now serves as an cyber and foreign affairs adjunct professor at Georgetown University.

That would mean “a real impairment in the welfare of citizens,” he added. “We ought to realize that the redundancy of data and the ability to store data — in a way that this kind of wiping attack isn’t going to occur — is vital.”

If a Sony-like attack hit the U.S. Patent and Trademark Office, “it would make it impossible for us to be able to arbitrate and adjudicate the information rights of the people who patented things and trademarked things,” Visner said. “It’s the same kind of intellectual property to which Sony has lost access.”

U.S. government agencies have faced off with cyber intimidators in the past. Swindlers in 2009 reportedly broke into the Virginia Prescription Monitoring Program’s secure website and held ransom 8.2 million patient records and almost 36 million prescriptions. The system stores the prescription histories of patients receiving controlled substances, to prevent abuse. In that situation, the attacker purportedly froze the data using encryption.

A message on the hacked site read:

“For $10 million, I will gladly send along the password … If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid.”

The Virginia Department of Health Professions sent a notification letter to all individuals whose records in the database likely contained a Social Security number. But none of the information was lost, and the system continued to operate.

Visner called the Virginia incident “analogous” to the Sony attack. “I think what’s interesting about that case is it was a warning shot for the rest of us to consider just how vulnerable these kinds of systems were,” he said.

Full article: Most Federal Agencies Wouldn’t Be Able to Bounce Back from a Sony Hack (NextGov)

Comments are closed.