Between 150 to 200 cyberattacks hit U.S. government agencies and departments using .gov every single day, Larry Zelvin, director of Homeland Security‘s cybersecurity division, told the House subcommittees on cybersecurity and counterterrorism Wednesday.
The numbers follow this week’s indictment against a group of alleged Chinese hackers charged with cyber-espionage against American companies. However, state-sponsored attackers are far from the only adversaries the American government is wary of. Politically motivated hackers and profit-motivated hackers routinely target .gov networks and have catalyzed immense inter-agency cooperation to fend off future attacks.
The intrusions are detected by the EINSTEIN program, a monitoring system designed to find unauthorized traffic on American government networks. EINSTEIN was designed by the U.S. Computer Emergency Readiness Team (US-CERT) in 2004 and has since received two major updates, to version 3 where it stands today.
When an incident occurs, the attacks are ranked from low to high. High threshold attacks occur when hackers enter database systems, access sensitive identifiable information, or otherwise cause a disruption or destruction event.
For high-level events, Homeland Security reaches out to victimized agencies and offers investigative assistance in partnership with the FBI. US-CERT then spreads news of the attacks across the government.
“Adversaries are going after any vulnerability they can find,” Zelvin told the panel. “It doesn’t matter what state you’re in, what critical infrastructure you’re in. If there’s an opening, there’s an adversary that’s going to see where they can go and what information they can steal.”
Screenshot via C-SPAN