The White House has been forced to hurriedly issue new cybersecurity rules for government agencies, after it emerged late last week that a recently discovered breach of federal employee data is far worse than initially thought.
The Office of Management and Budget issued the ‘30-Day Cybersecurity Sprint’ document on Friday, hoping the advice contained within will help bolster government systems against further attack.
The list includes basic security best practice, including the immediate patching of vulnerabilities; multi-factor authentication for sensitive network access; and tighter policies for privileged users, according to the Washington Times.
“Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure,” the document apparently notes.
Officials confirmed to AP on Friday that hackers linked to China could have made off with highly sensitive data on as many as 14 million US government employees – far higher than the original estimate of four million.
Crucially it includes data from Standard Form 86 – which applicants for intelligence and military positions must fill out.
It apparently contains deeply sensitive information including whether the applicant has ever been arrested or forced into bankruptcy; their level of drug and alcohol use; and if they have a history of mental illness.
“That makes it very hard for any of those people to function as an intelligence officer,” former counterintelligence official, Joel Brenner, told the newswire.
“The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies.”
The hackers could also use the information for blackmail and coercion, or even to launch sophisticated spear phishing attacks designed to trick users into downloading malware without their knowledge.
It’s believed that the incident could also discourage individuals from applying for sensitive government positions in the future.