Security Hacking Stories

Compliance is not Security.

Compliance Is Not Security

Risk, Governance and Compliance are totally different than Security.


This Summer (July 2015), it was announced that yet another United States Government agency was hit with a security breach.  The Federal Census Bureau released that the breach did have data related to census and surveys done by the fed, although no personal information of those surveyed was infiltrated by hackers.

Almost immediately, the group responsible for the hacking, Anonymous, took responsibility for the stolen data.  The global hacking group often takes responsibility for hacks in protest of various government agreements and actions.  This time, their protest was in the Trans-Pacific Partnership.

The day after this hack, Anonymous then took advantage of secret files from the Canadian government, exposing sensitive documents pertaining to parliament meetings.

Just earlier this month, over 22 million people in the U.S. became victims of the hack on the Office of Personnel Management.  This time, Chinese hackers accessed the personal information of people who work inside and outside of the U.S. Government.  Data included personal details down to fingerprints of those victims.

What is worse is that the Chinese hackers had hacked into the OPM files within the past year, combing through the database until they found what they had been looking for.

Protection Trouble

With the recent hacks, it is obvious and safe to say that even the United States government is unsafe from cyber attacks.  How can it be that government agencies, in their separate environments, all be susceptible to multiple attacks?

Inside of each environment of security for the federal government, each has its own form of compliances to protect against security hacks and other forms of malicious activities.  However, it is blatantly obvious that these protocols are falling short against foreign eyes and attacks.

As the Office of Personnel Management and the Federal Census Bureau had faults in their security systems, it is important to note that both of these hacks involved several other nations.  For the OPM attack, it was China.  And the Census Bureau, a combination of hackers around the world with a motive against decisions made within our government.

Simply, this type of hacking has lead to a new type of terroristic threat to our nation’s security, whether is be in cyber or otherwise homeland terms.

More disturbingly, the same Chinese hackers accused of the OPM hack are responsible for attacks on United Airlines and Anthem Health services databases as well.  The more information hackers are able to gather on federal employees, or others relating to the government, the more likely attacks outside of the cyber world will follow suit.

The collection of stolen data can lead to inside attacks, making our nation’s security more uncertain than ever.  At risk of exposing flight information, health information, and other personal records of those working inside of the government, it is absolutely vital for those in cyber Security to step to the plate and take a swing at furthering our domestic protection.

Evolution of Protection

In our modern society, and the rate of which other nations catch up or advance in technology over the United States, there must be a call to action against future attacks within our own agencies.

This includes taking matters back into our own hands.  With cyber security now becoming a universal need, it is a necessity that our government agencies continue to chance with the times, including updating policies to further the protection of classified documents.

Although a retaliation in data hacking may be one of the first steps the federal government takes in response to both of these incidents, it must take a more aggressive move in protection over such retaliation.

As hacking changes on an almost daily basis, so must the evolution in protecting our personal and federal security against future attacks. While the government has developed Compliance guidelines to protect our National Critical Infrastructure, the compliance guidelines being mandaated are not effective as the overall security endpoint. Government agencies must immediately begin to review the holes within the notion of being compliant, and being secure. We need to implement our current cybersecurity policies and continue to innovate in protecting our nation’s data.  Best practices in Cyber Security must be implemented now to plug the hole is our country’s information security dyke.

IT Security, Inc. is experienced in both the regulatory compliance, as well as security solutions which are essential at protecting the environment from Security breaches, Data ex-filtration, and compromise.  When you expect results, IT Security's experience helps keep your networks and data, safe and secure.  The time to get started is NOW, before you identify that there is a breach.


Albert E. Whale is the President and Chief Security Officer for IT Security, Inc, a security consulting company focused on the Security of the Applications, Cloud, Internet & Network based resources. IT Security, Inc. works with organizations to assess and resolve issues with their enterprises, focusing on getting security done right.

View my LinkedIn Profile or contact IT Security, Inc. directly at 412-515-3010 or http://www.IT-Security-inc.com.