The Naval Postgraduate School & The U.S. Department of Homeland Security

Federal Government’s Track Record
on Cybersecurity and Critical Infrastructure

CybersecurityThe Senate Committee on Homeland Security and Governmental Affairs released today a new report that outlines the recent failures of the federal government to prevent cyberattacks on the nation's critical infrastructure. The report, "The Federal Government's Track Record on Cybersecurity and Critical Infrastructure", looks into the cyber vulnerabilities of six major government agencies as well as a few major cyberattacks that occurred over the past year.

Throughout its investigation, the Senate Committee found that certain cyberattacks were the result of "real lapses" of the federal government, especially in regard to storing and securing sensitive information. A few of the main security breaches cited in the report affected the Nuclear Regulatory Commission, Securities and Exchange Commission, U.S. Army Corps of Engineers, and the National Institute of Standards and Technology (NIST).

One of the most notable cyberattacks, however, was on the nation's Emergency Broadcast System. According to the report, hackers broke into the System last February and "caused television stations in Michigan, Montana and North Dakota to broadcast zombie attack warnings. 'Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living,' an authoritative voice stated in the hacked broadcast message, while the familiar warning beep sounded. “Do not attempt to approach or apprehend these bodies as they are considered extremely dangerous.'”

Upon reviewing these cyber breaches and the devastating destructive potential they have on critical infrastructure, the report maintains that ensuring cybersecurity is often as easy as remembering to update your software. "While cyber intrusions into protected systems are typically the result of sophisticated hacking, they often exploit mundane weaknesses, particularly out-of-date software. Even though they sound boring, failing to install software patches or update programs to their latest version create entry points for spies, hackers and other malicious actors."