A Quick Take on the Treasury Hack

Certain moments in time offer a wonderful synchronicity, a set of parallel events that offer greater insight into the general state of affairs than any one episode can provide. I believe we are at such a moment right now. Within two weeks of the President signing the new IoT cybersecurity standards law, a welcome and impressive effort, the firm FireEye made the embarrassing announcement that some of its most important secrets had been stolen in a brazen hack.

Then, yesterday, the media reported the shocking (but not shocking, really) news that Russian hackers had penetrated deep inside the US Department of Treasury. The hackers also evidently got into the Commerce Department’s National Telecommunications and Information Administration and may have breached other government agencies. More attacks could be on the horizon.

What can these parallel events tell us about the state of affairs in cybersecurity and national security? One takeaway is that the US government cannot move quickly enough, even if its intentions are good and its processes are working. The IoT bill is exactly the kind of legislation the country needs to defend itself against nation state actors. However, as reality demonstrates, the legislative and regulatory processes simply can’t keep up.

How bad is the damage? According to Theresa Payton, the former White House Chief Information Officer who now serves as CEO the cybersecurity consultancy Fortalice Solutions, “At this point, we don’t know what exactly these cybercriminals had access to, but it’s very likely that they have access to months’ worth of data—Which means staffer emails, messages, documents and more have been monitored, read, copied, intercepted for months.”

Payton, who recently published a book on the media manipulation side of this story, finds the Treasury breach to be, as she put it, “scary, even for seasoned professionals like myself.” She noted, “These hackers had enough technical skill and finesse to force their way right past Microsoft platform’s authentication controls. Microsoft authentication controls are the key to many organizations. If these hackers can access those controls, then anyone could be at risk.”

Her recommendations, while sound, however, suffer from the very difficulties that underpin the entire situation. She explained, “While we don’t know how damaging this breach will prove to be, it will present a significant challenge to the incoming Biden administration as officials investigate what information was stolen and try to ascertain what it will be used for. These large-scale investigations can take months or even years to be complete—and a lot of damage can be achieved during that time.”

Indeed, as the government proceeds methodically with an investigation, which may or may not uncover any legally viable or enforceable evidence, the foreign hackers will continue to operate with little impedance. It is of course possible that clandestine branches of the US government will pursue a counterattack of their own against Russia. One can only hope, however, that whatever they do will be visible and demonstrably painful for the Russians. It’s not a tit for tat moment. It should rather be epoch-making-disaster-for-Russia for tat moment. That might make these little escapades less common in the future.