This week, the U.S. House Oversight & Government Reform Committee concluded in a report based on the timeline of the events that led to the OPM breach - “OPM jeopardized U.S. national security for more than a generation”, the White House appointed the first Federal CISO and Acting Deputy CISO to increase cybersecurity within the government and it’s reported that TPG acquired 51% of McAfee from Intel.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Cyber-Security Need

A Congressional report broke apart the OPM breach in a 241-page analysis that magnifies OPM's wrong course of action that lead to the breach.  "U.S. House Oversight & Government Reform Committee, blames OPM for jeopardizing U.S. national security for more than a generation."

why is this signficant?

  • US-CERT notified OPM on March 20, 2014 that data had been exfiltrated from the OPM network.  It is unclear how long the hacker/s had been accessing the network.
  • The US-CERT and OPM agreed on a strategy to observe the hacker that exfiltrated the data and corner the hacker.  Unfortunately, there were two teams of hackers that were working simultaneously but they had identified just one, "Hacker X1".  OPM thought that when they blocked "Hacker X1" on May 27, 2014 that would end the risk of the breach. From that point, the second hacker team, “Hacker X2” were able to severely penetrate the OPM's database.
  • There is still not anyone being accounted for exfiltrating files and personal background reports on more than 21.5M and also 5.6M individual's fingerprint data…
  • It is noted that if the OPM had the minimum cybersecurity and did not invest in any up-to-date security products that could have possibly delayed, lessened the degree of the exfiltrated data or potentially prevented the breach. Unfortunately that’s the state with a lot of government and commercial institutions. Theory aside, practice shows that patching and updating software is a complex and tedious process. We need to adapt our security practices to learn how to work securely also in an environment with outdated software.

Read the full story on KrebsOnSecurity

Cyber-Security Demand

 The White House announces the first federal CISO and Acting Deputy CISO to collaborate together bringing implementation to cybersecurity policy and planning within the government.

why is this signficant?

  • Greg Touhill, is the newly appointed CISO. Currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS), he will begin his new role next month.
  •  Grant Schneider is currently the Director for Cybersecurity Policy on the National Security Council staff at the White House until next month when he will be promoted to Acting Deputy CISO.

  • Together, Touhill and Schneider could help the influence and enforce cyber policy.  The emphasis of cybersecurity with the protection of not only national security, but hopefully the security of individuals. The latter seems to be taken for granted given the continuous data breach news that range from passwords to more personal and financial data. The sad state shows that companies are simply writing off these breaches with credit monitoring and identity protection for a few years as the only solution. 

Read the full story on TechCrunch

Cyber-Security Value

TPG acquires McAfee through a joint venture with Intel an TPG will take a 51% stake in $4.2B deal.

why is this signficant?

  • Intel acquired McAfee for 7.68 billion in August 2010 in hopes to keep up with the fast pace evolution of the security landscape.  Roll forward 6 years and Intel hasn't had much success integrating the McAfee products as what was originally thought for whatever reason.
  • "51% stake in the IT security firm and run it as a new independent company. Intel will hold onto a 49% stake in McAfee and provide $2 billion in short-term financing to TPG’s purchase, which values McAfee at an enterprise value of $4.2 billion when including debt."
  • As the threat landscape evolves, cybersecurity value is increasing and TPG identifies the huge potential in making a deal win with McAfee.

Read the full story on on Bloomberg