Uncle Sam’s Russopobia got a shot in the arm from a recent Department of Interior (DoI) Inspector General report.
It flagged seismic cyber tension at the U.S. Geological Survey (USGS) where a compromised workstation on the network regularly trying to communicate with IP addresses of “known malware command and control websites in Russia.” What caused the compromise? Seems a USGS employee had visited pornographic websites. And, it seems USGS has been turned into an illicit Netflix. The IG report found additional machines at USGS actively streaming pirated media from Russian and Ukrainian websites.
USGS event logs showed that a machine was regularly transmitting Network Basic Input/Output System (NetBIOS8) lookup requests to computers in Russia–an indicator of malicious activity. While the NetBIOS traffic was blocked before leaving USGS network, it seems the agency failed to analyze the alerts.
Driving to the heart of the cyber challenges, the IG flags that DoI failed to implement the National Institute of Standards and Technology (NIST) 2012 guidance for agencies on how to manage incident detection and response programs. Further, the report states that DoI lacks an enterprise-wide view of incidents occurring within its network and has not established roles and responsibilities, or shared guidance with the bureaus and offices within the agency.
Tough on the Inside
DoI concurred with the report’s 23 recommendations and provided target dates for solutions and officials responsible for implementation. However, the IG conceded that it’s tough on the inside…
“We understand that some of these recommendations may require significant investment in cybersecurity infrastructure as well as the recruitment of additional staff, but the intended timeframe to implement these recommendations remains a concern,” said Mary L. Kendall, deputy inspector general, OIG, DOI. “Five recommendations will not be addressed for more than five years, and four recommendations will not be addressed for more than three years. In the interim, the department should consider additional temporary or partial solutions.”
Sometimes you get the bear–and sometimes the bear gets you.