The White House on Friday announced details of a new push to beef up government cybersecurity systems amid growing fallout from the largest ever hack to hit federal systems.
As part of a 30-day “cybersecurity sprint” to improve government defenses, agencies across the administration are being ordered to patch critical vulnerabilities, tighten the number of people that can access privileged data, speed up the adoption of multi-factor authentication and deploy indicators to scan systems and check logs for malicious activity.
The frenzy of activity is the government’s first public reaction to a massive hack at the Office of Personnel Management (OPM) unveiled last month, which could affect as many as 14 million current, former and retired government workers.
As the White House announced details of the new response on Friday, news started to trickle out about a second mammoth hack at the agency, which handles background checks for workers across the government.
According to the White House, “recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure.”
“Cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century,” it added. “Technologies and systems of the past cannot keep pace with rapidly evolving and persistent cyber threats.”
The administration has come under fire from some corners for not taking a stronger approach in response to the latest hacking revelations, which officials have privately said stem from China.
Foreign hackers might be able to use data stolen from government servers to blackmail employees, turn them into spies or otherwise steal sensitive information.
Sen. Lindsey Graham (R-S.C.), who is running for president, has said that the incident highlights the weaknesses of the Obama administration’s apparent unwillingness to take an overtly offensive stance on cyber.
Senate Armed Services Chairman John McCain (R-Ariz.) this week told reporters that the administration “has not made a policy decision” about how to respond to cyber incidents, which he found troubling.
In addition to the new orders for federal agencies, U.S. Chief Information Officer Tony Scott is also leading a monthlong review of the government’s cyber policies and practices, along with officials from the Pentagon, Department of Homeland Security and National Security Council.
That process should culminate in a federal cybersecurity strategy for civilian agencies, the White House said, aimed at protecting data and staying on guard against future attacks.