We all have sensitive information on our computers and in the cloud, but it’s nothing compared to what the government has to manage. Even though the Obama administration announced their intent to use cloud-first policies in 2010, government entities have been slow to adopt new technologies due to concerns over cloud security.
Recent events would suggest that their concern is warranted. Some vendors have stated that they believe the government is being overly cautious, but given the potential risks that can occur while migrating information to the cloud, every precaution has to be taken.
Potential Risks If Government Cloud Services Are Breached
While many government agencies have already moved relatively simple systems like email and project management tools to the cloud, more complex functions and sensitive information are still on legacy IT systems. However, experts like representative Will Hurd, the chair of the oversight committee’s IT subcommittee, note that these legacy systems are also vulnerable to cyber attacks.
What can happen if there’s a security breach of the IT system or a new cloud-based environment? Here are some real-world examples that have occurred in the last few years:
The OPM Hack Disaster
The numerous security breaches that occurred in the Office of Personnel Management from 2014 to 2015 show just how vulnerable the current systems are. Chinese hackers are the suspected culprits that stole information, including usernames and passwords, for 21.5 million current, past and prospective employees as well as contractors. They were also able to steal sensitive security clearance information and server information. Not surprisingly, earlier this year analysts noted that the Chinese military is investing heavily in cyber espionage.
While this is certainly troubling, if it had been an intelligence gathering agency the repercussions could have been even worse. The identities of CIA and FBI agents could be compromised, which could put their lives in danger.
Public Health Records Hacks Put Citizens at Risk
The personal information and medical records of citizens are also at risk. Recently committee chairmen of the Senate and Congress questioned how HealthCare.gov was able to be hacked 316 times between October 2013 and March 2015.
Worse still is the fact that the Health and Human Services department is unsure how many people were potentially impacted. These security breaches put thousands at risk of having their identities stolen. Their credit can be ruined, and their money can be stolen. The hackers could even have home addresses and personal information that could be used for extortion.
Hackers Can Get Their Cyber Hands on Satellites
The effects of security breaches can even extend into outer space. In 2014, the National Weather Service systems were hacked, which led to a disruption in satellite data delivery. These satellites deliver information to a variety of industries across the globe, including the aviation industry.
The incident showed that the vulnerabilities lay far beyond servers. Today satellites are critical components for everything from cell phone service to military defense systems. Terrorist groups could even hijack satellites to control communication systems. There’s also the potential that a satellite’s orbit could be disrupted altogether. Recent incidents have called satellite cyber security into question and prompted officials to call for increased security measures.
Even the White House Isn’t Safe
Another security breach in 2014 affected systems at the White House. While officials said it only affected non-classified systems, the breach still shut down the network preventing staff from being able to access systems. Imagine this happening during a national disaster or terrorist attack. Having White House staff cut off from networks and communications systems could be detrimental and delay action.
The Fear That Defense Systems Can Be Compromised
For the government, a financial loss isn’t the biggest concern connected with cyber attacks. National security is what they are most worried about.
The worst outcomes could come if defense systems are breached. In 2013, information was released about a cyber hack into the U.S. missile defense system. The event ultimately compromised the designs for more than two dozens weapon defense systems. Again, China was to blame.
This is important because many of the weapons systems that were compromised were for military aircraft. China has been attempting to build their own air force, which means they could have potentially stolen our information to create weapons that could be used against our country in the future.
Military communication systems were also compromised in the hack. As a result, those communication systems had to be reconfigured to prevent any potential disruption.
The government has expressed the desire to adopt cloud technology, but security remains their top concern. The security breaches in recent years make it apparent that the current IT systems don’t offer enough protection. Moving forward, government officials say the key to cloud implementation is going to be improving transparency between agencies and cloud vendors.
Numerous cloud service providers already meet government regulations, now they just have to prove that they can be trusted to protect the country’s most sensitive information.