State investigating cyberintrusion
- By Mary Mosquera
- Jul 12, 2006
The State Department is investigating an intruder breaking into unclassified department IT systems, starting with embassies and offices in the East Asia/Pacific region and migrating to department headquarters.
State cybersecurity personnel took immediate steps when they detected the intrusion, and initial findings show that they prevented any loss of sensitive U.S. government information, a State spokesman said. When first detected, the intruder was at a location containing a small amount of data.
'This was a textbook example of how you protect, monitor, detect and immediately address challenges to the integrity of the computer system in terms of cybersecurity,' State spokesman Sean McCormick told reporters today at a briefing.
He tried to downplay the importance of the intrusion by noting that all public and private organizations must be vigilant against cyberintrusions every day. McCormick would not give a timeline of the event or State's response because he did not want to tip off hackers to department methodology, McCormick said.
'You have to assume that people are trying to [get] into your systems every day,' he said.
In response, State has taken administrative steps, which he would not disclose, and also changed the passwords for some personnel. A forensic examination is ongoing to determine what happened and learn from it .No gaps were found in cybersecurity policies, and no changes will result from the incident, he said.
The cyberintrusions were first detected at some U.S. embassies and offices in the East Asian and Pacific region, he said. Those offices work on issues relating to China and North Korea. As part of the interagency task force that cooperates on cybersecurity, State notified the appropriate agencies, including the FBI.
Mary Mosquera is a reporter for Federal Computer Week.