Uncovering cyber security

Financial Times reporter Gina Chon discusses the depth and implications of cyber security.

TRANSCRIPT

SOPHISTICATED HACKERS FROM ACROSS THE GLOBE ARE PUTTING CYBER SECURITY IN THE U.S. TO THE TEST.

UP NEXT, WE'RE JOINED BY REPORTER GINA CHON TO DISCUSS THE DEPTH OF THIS DATA-BREACH CRISIS.

REPORTER ANDREA VASQUEZ HAS THE INTERVIEW VIA GOOGLE HANGOUT.

ALL RIGHT, AND, GINA CHON, THANK YOU SO MUCH FOR JOINING US.

YEAH, THANKS FOR HAVING ME.

SO NASA, THE FEDERAL RESERVE, THE DEPARTMENT OF ENERGY, HAVE GOTTEN HACKED.

HOW ARE HACKERS GETTING AWAY WITH THIS?

WELL, SADLY, IT'S PRETTY SIMPLE FOR THEM.

A LOT OF THESE AGENCIES DON'T HAVE AS STRONG OF DEFENSES ON THE CYBER FRONT AS THEY SHOULD.

SO AGENCIES LIKE THE STATE DEPARTMENT DON'T EVEN HAVE TWO-FACTOR AUTHENTIFICATION, WHICH MOST PEOPLE HAVE ON THEIR GMAIL ACCOUNTS.

SO A LOT OF TIMES IT'S ACTUALLY QUITE EASY FOR HACKERS TO GET IN.

WOW, AND THERE ARE 24 AGENCIES THAT HAVE TO REPORT THEIR CYBER SECURITY.

IS THAT RIGHT?

YEAH, THAT'S THE MAJOR CIVILIAN AGENCIES.

AND YOU FOUND THAT HALF OF THOSE ARE NOT TAKING THE BASIC STEPS.

WHY ARE THEY SEEMING TO NEGLECT THESE BASIC PREVENTATIVE STEPS?

YEAH, YOU WOULD THINK IT WOULD BE A HIGHER PRIORITY, AND I THINK AFTER SOME OF THE RECENT BREACHES, IT IS MOVING UP THERE, BUT, YEAH, A LOT OF THEM SPEND A VERY SMALL AMOUNT OF THEIR I.T.

BUDGET -- A LOT THEM, MAYBE IT'S 2%, 1%, EVEN, ON CYBER SECURITY, AND A LOT OF THEM HAVE REALLY ANTIQUATED SYSTEMS, SO THEY CAN'T EVEN HANDLE ENCRYPTION OR OTHER MODERN TECHNIQUES OF FIGHTING AGAINST HACKERS.

AFTER A DATA BREACH HAPPENS, WHAT DO GOVERNMENT AGENCIES DO TO ASSESS THE DAMAGE?

SO, THE BEST EXAMPLE'S PROBABLY THE RECENT BREACH AT THE OFFICE OF PERSONNEL MANAGEMENT, WHICH IS BASICALLY THE HUMAN RESOURCES ARM OF THE U.S. GOVERNMENT.

AND THEY HAD ABOUT 21 MILLION RECORDS OF PEOPLE WHO HAD SECURITY CLEARANCES AND BACKGROUND CHECKS FOR THOSE CLEARANCES THAT GOT BREACHED.

SO VERY SENSITIVE.

SO, AFTER THAT, THE DEPARTMENT OF HOMELAND SECURITY COMES IN, OBVIOUSLY BECAUSE OF THE KIND OF AGENCY IT IS.

A LOT OF THE INTEL AGENCIES GOT INVOLVED.

THE DEPARTMENT OF DEFENSE IS ACTUALLY ALSO INVOLVED, AS WELL.

BUT NORMALLY, HOMELAND SECURITY WOULD BE ONE OF THE MAIN ONES TO COME IN AND LOOK AT IT.

WOW, AND THEN THEY CAN GET A SENSE OF HOW MANY PEOPLE'S INFORMATIONS WERE COMPROMISED AND WHAT KIND OF INFORMATION?

YEAH, EXACTLY.

SO, LIKE AFTER THE OPM BREACH, THEY FOUND THAT THERE WERE A LOT OF PERSONAL RECORDS, AGAIN, FOR ALL THESE MILLIONS OF PEOPLE WHO HAD BACKGROUND CHECKS, BUT THEN BELATEDLY FOUND OUT THAT INSTEAD OF, I THINK, ABOUT 1 MILLION FINGERPRINT RECORDS, THEY ACTUALLY GOT 5 MILLION.

SO IT'S BEEN A PRETTY BAD AND EMBARRASSING BREACH FOR THEM.

OFFICIALS ARE LOOKING TOWARD RUSSIA AND CHINA FOR SOME OF THESE ATTACKS.

HOW ARE THEY ABLE TO TRACE WHERE THESE ARE COMING FROM?

THE ATTRIBUTION IS VERY DIFFICULT, SO THE GOVERNMENT'S VERY CAREFUL ABOUT WHEN THEY SAY WHO COULD BE RESPONSIBLE, AS THEY HAVE BEEN WITH THE OPM BREACH.

BUT IT TAKES A LOT OF, YOU KNOW, DIGITAL FORENSICS.

CERTAIN ATTACKERS HAVE CERTAIN KIND OF SIGNATURES OR MALWARE OR OTHER KINDS OF TACTICS THEY USE THAT ARE SORT OF UNIQUE TO HACKERS IN CHINA OR IN RUSSIA.

BUT IT DOES TAKE SOME TIME, AND SOMETIMES THEY DO GET IT WRONG.

AS FAR AS YOU CAN TELL, DOES IT SEEM LIKE THESE AGENCIES ARE ACTUALLY TAKING NOTE AND MAKING CHANGES AFTER SOME OF THESE HUGE BREACHES?

THEY ARE DEFINITELY TAKING IT MUCH MORE SERIOUSLY, BUT THEY'RE DEALING WITH DECADES OF OLD NETWORKS, OLD SYSTEMS THAT CAN'T BE EASILY FIXED.

SO EVEN THOUGH THEY KNOW IT'S A HUGE PROBLEM, IT'S STILL GOING TO TAKE A LONG TIME TO FIX IT.

SO WHAT DO YOU, REASONABLY, EXPECT TO SEE IN THE WAY OF CHANGE IN THE COMING YEARS?

I MEAN, THEY'RE TRYING TO FOCUS MORE ON GETTING IN SOFTWARE THAT CAN RECOGNIZE DIFFERENT INTRUSIONS AND TRY TO STOP THEM.

THEY ARE TRYING TO ALSO BEEF UP THEIR CAPABILITIES IN TERMS OF GETTING INFORMATION FROM THE PRIVATE SECTOR ABOUT CYBER THREATS, AND HOMELAND SECURITY'S ROLE IS BEING BEEFED UP IN THAT.

BUT FRANKLY, I MEAN, JUST GIVEN OUR OPEN SYSTEM AND THE WAY OUR GOVERNMENT IS SET UP, IT SEEMS LIKE IT'S GOING TO TAKE A LONG TIME.

AND THERE'S A CERTAIN AMOUNT OF KEEPING UP AS THE HACKERS GET MORE ADVANCED, AS WELL.

YEAH, NO, DEFINITELY.

I MEAN, THE HACKERS ARE BECOMING MUCH MORE SOPHISTICATED.

THE ORGANIZED CRIMINALS WHO OPERATE ON THE DARK WEB, I MEAN, THEY EVEN HAVE, LIKE, CUSTOMER SERVICE FOR PEOPLE WHO WANT TO BUY HACKING TOOLS.

THEY HAVE VERY DIFFERENT PRICING STRUCTURES.

IT'S ALMOST LIKE A VERY SOPHISTICATED BUSINESS OR CORPORATION, IF YOU WILL.

SO THEY'RE DEFINITELY GROWING IN THEIR STRATEGIES AND, YOU KNOW, WE DEFINITELY NEED TO KEEP UP.

WELL, WE'LL SEE.

HOPEFULLY WE'LL BE ABLE TO.

YEAH.

THANK YOU SO MUCH FOR JOINING US.

YEAH, THANKS FOR HAVING ME.