The director of the National Security Agency (NSA) said the U.S. government should expect more data breaches like the two that hit the Office of Personnel Management (OPM), in which the personal information of 22.1 million current, former and potential federal employees was stolen.
Data are becoming more valuable, and more malicious actors are trying to steal it, NSA Director Adm. Mike Rogers, who is also the head of U.S. Cyber Command at the Defense Department, warned while speaking at a Jan. 21 event at the Atlantic Council, a Washington, D.C.-based think tank.
“Big data analytics are now available at such a level that suddenly now data becomes attractive to a whole larger group of actors out there. So what you saw at OPM [likely Chinese accessing records of millions of current and former federal employees in April], my comment would be you’re going to see a whole lot more,” Rogers said, according to USNI News.
New Threats, New Responses
As Nextgov notes, Rogers placed the OPM hacks in the same category as the data breach that affected the health insurance company Anthem, in which an estimated 78.8 million people had their personal information compromised. The larger the data set, the more that data is in demand, he said.
"‘OPM, in some ways shows, although you could have said the same thing from the Anthem health insurance hack‘ of December 2014, that ‘data is increasingly a commodity of value all on its own,’ " Rogers said, according to Nextgov.
Rogers said he did not look at the challenges NSA and the command face as solely preventing “a digital Pearl Harbor,” but one that also keeps a focus on the danger. “We are becoming increasingly vulnerable” to attacks like the one on Sony Entertainment and the Office of Personnel Management.
While these attacks have been “an inconvenience to date,” he added, “It’s going to get worse before it gets better” because they can be attacked by nation states sometimes working together with outside hackers that mask who launched the strike or individual actors.
"Actors change; we have to change” with them.
As Reuters reports, “Officials have privately blamed the OPM data breach on China, though security researchers and officials have said there is no evidence Beijing has maliciously used the data trove.”
The Encryption Debates Continues
Rogers also waded into the ongoing debate about encryption technologies. FBI Director James Comey suggested during testimony Dec. 9 before the Senate Judiciary Committee that tech firms like Apple and Google should consider whether they should change their business model regarding encryption, especially on smartphones,. Modern smartphone encryption means law enforcement agencies cannot access the communications of suspected terrorists or criminals even if they have warrants. Tech companies have argued that providing a so-called back door for law enforcement and federal authorities would destroy the purpose of encryption, undermine privacy protections and leave customers vulnerable to malicious hackers.
Rogers, arguing in favor of encryption, seemed to indicate that the debate was not worth having. "Encryption is foundational to the future," he said, according to FCW. "So spending time arguing about, hey, encryption is bad and we ought to do away with it — that's a waste of time to me."
“Given that foundation, what is the best way for us to deal with it? And how do we meet those very legitimate concerns,” Rogers said, according to USNI News. “There are people out there who exploit that vulnerability… some with good reason, some without.”