Washington, October 29 – In response to reports that the White House was the victim of a prolonged cyber breach, Center for a New American Security (CNAS) Technology and National Security Program Director Ben FitzGerald and Research Associate Amy Changhave written a new press note explaining the situation:
It’s unclear from the reporting how serious a breach this was. The fact that the intruder targeted the Executive Office of the President’s network, as opposed to hitting a soft target like the Easter Egg Roll sign up, implies a certain level of sophistication and intent. However, from the reporting, it would seem that no classified networks were compromised and it would appear that any service disruptions were caused by the response team’s clean up efforts – likely involving forensic analysis, password and account resets and perhaps patching some systems.
The White House is wise to work on the assumption that they will be constantly targeted and we should assume that breaches like this will continue to occur. Security efforts should be assessed on how quickly intrusions are detected and mitigated rather than whether or not they occur.
The most troubling point for us thus far is that the White House security team was notified about the breach by an ally. While such alliances are vital and show great information sharing, how is that an ally has a better understanding of the White House’s network security situation than the White House does?
This intrusion is another example of how defending networks is much more difficult than attacking them. With the number of potential vulnerabilities (e.g., people with networked devices, points of entry on networks, physical points of entry such as USB ports, etc.) at the White House, it would be much easier to exploit the vulnerability than to detect it (before there is a breach).
This has major implications on the security of other government offices. Higher priority targets such as the White House or the Department of Defense may actually possess greater defensive capabilities because of the expectation of targeting and intrusion. Lower priority targets may actually be more vulnerable than the White House, given factors such as outdated software and infrastructure, suboptimal security protocols, and lack of operational support. Data exfiltration or intrusions may proliferate longer on systems without the tools to effectively detect and combat these threats.
To arrange an interview, please contact Neal Urwitz at firstname.lastname@example.org, or call 202-457-9409.