Rather than discovering that the federal government is full of Edward Snowdens, a new report from the Associated Press concluded that around half of federal cyber breaches and leaks were caused by the bad habits of employees and contractors. Federal employees and contractors would click on spam emails, get diverted to malware sites or provide information to scammers.
The AP analyzed records of government data leaks since 2010 and discovered that accidents and losing equipment, in addition to intentional leaks, were behind half of the breaches. The report includes the case of a federal contractor who left data tapes containing the health records of around 5 million Pentagon employees and their families. Compared with other sectors, federal data breaches were higher than expected, the AP reported, citing the nonprofit Privacy Rights Clearinghouse. Since 2006, more than 87 million sensitive or private federal records have been leaked or exposed compared with the exposure of 255 million records for retail businesses and 212 million records for financial and insurance services.
In 2013, the U.S. Computer Emergency Readiness Team responded to 228,700 incidents, according to the AP. A White House review determined 21 percent of the breaches were caused by federal employees violating policies, 16 percent due to lost or stolen equipment, 12 percent from mishandled printed information and 8 percent from malicious software. The review found that 6 percent of breaches were caused by intentional sharing of information.
"No matter what we do with the technology ... we’ll always be vulnerable to the phishing attack and ... human-factor attacks unless we educate the overall workforce," Eric Rosenbach, assistant secretary of defense for homeland defense and global security and Department of Defense cybersecurity adviser, said to the AP.
The Snowden leaks, detailing how the National Security Agency spied on citizens and foreign governments, and data breaches from Target and Home Depot have led to an increased focus on data security. In addition to employee education, the government also runs simulated attacks to determine any flaws. Recently, the government hacked Healthcare.gov and found the federal and state-run sites were relatively secure but could be improved with better encryption and elimination of remote access vulnerabilities.