M1D1: Encryption, Authentication, and OPM Breach
This activity will address module outcomes 1, 2, 3, and 4. Upon completion of this activity, you will be able to:
- Identify elements of computer security and controls. (CO 1, 2)
- Examine encryption concepts and their application. (CO 1, 2)
- Recognize the process and importance of authenticating user identity. (CO 1)
- Analyze the importance of information security and the potential consequences following a breach. (CO 1, 2, 5)
In the not-so-distant past, hackers were able to gain access to information systems at a multitude of organizations and US agencies, including the US Postal Service, the IRS, and the Democratic Party. Though each of these attacks was significant, the loss of data as a result of the breach at the Office of Personnel Management (OPM) was unlike any other, and it may take years to fully understand the consequences related to the loss of such critical information.
According to a report released by the Committee on Oversight and Government Reform (U.S. House of Representatives, 114th Congress), the data breach at the OPM was the result of a series of gaps that included poor decisions by senior leadership, outdated technology, and challenges surrounding authentication. Multi-factor authentication can make a significant difference in securing an environment. Though this is just one solution, proper implementation could have made a difference at the OPM. A report released by the Committee on Oversight and Government Reform U.S. House of Representatives 114th Congress listed a series of gaps in security that left the OPM vulnerable to the attack of sensitive information. One of these gaps was related to two-party authentication. Read the articles listed below and discuss the questions related to the OPM breach. You will also be prompted to explore gaps related to encryption and authentication. Use outside references if required.
- Mohamed, T. S. (2014). Security of Multifactor Authentication Model to Improve Authentication Systems (Links to an external site.). Information and Knowledge Management, 4(6). Retrieved from http://www.iiste.org/Journals/index.php/IKM/article/viewFile/13871/13939.
- Krebs on Security. (2016, September). Congressional report slams OPM on data breach (Links to an external site.). Retrieved from https://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/
- Andersen, T. (2014, September 25). Why multi-factor authentication is a security best practice (Links to an external site.). Retrieved from http://www.scmagazineuk.com/why- multi-factor-authentication-is-a-security-best-practice/article/373462/
- Oversight & Government Reform. (2016, September 7).The OPM data breach: How the government jeopardized our national security for more than a generation (Links to an external site.) [PDF file size 42 MB]. Retrieved fromhttps://web.archive.org/web/20160930153838/https://oversight.house.gov/wp- content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized- Our-National-Security-for-More-than-a-Generation.pdf(Links to an external site.pdf
- SC Media. (2014). Understanding encryption and key management (Links to an external site.) [Video file] [6 min 07 sec]. Retrieved from https://youtu.be/I_fGaB0HjFM