‘Contractors – You are the Weakest Link!’

This week, a US government contractor released a statement regarding the latest in a line of security breaches involving the theft of personal data of government employees from it this year. The contractor, which is active in carrying out employee background security checks on behalf of the US Office of Personnel Management, stores sensitive information about millions of individuals. The fact that the attacks were aimed at a contractor highlights a trend by hackers to attack what is perceived at the most vulnerable link in a government’s data security chain.

Unsurprisingly, the US government is doing everything in its power to help organisations in their on-going battle against cyber security threats. Their latest effort is the publication by the National Institute of Standards & Technology of a Guide to Cyber Threat Information Sharing. This publication, currently in draft form, is intended to assist organisations in their computer security incident-response capabilities. It provides guidance around coordinated incident handling and information sharing with peer organisations, together with the protection of data security incident-related data.

Across the Trans-Atlantic pond, the European Commission recently announced a cyber-security exercise, the biggest of its kind so far in Europe. On 30 October, a daylong simulation was carried out to test the capabilities of over 400 cyber security professionals and 200 organisations to withstand cyber-attacks. The exercise – involving internet service providers, cyber security agencies, national computer emergency response teams and financial institutions – simulated large-scale crises to critical information structures. A report by the European Network and Information Security Agency of the key findings from the exercise is expected soon.

Alison Knight