One Year from the OPM Breach: How the Federal Cybersecurity Landscape is Changing


It’s been nearly one year since the Office of Personnel Management (OPM) first noticed that it had been the target of the largest ever cybersecurity attacks on the U.S. government. That was April 2015 (it wasn’t until June 2015 that OPM actually disclosed the breach).

OPM aside, 2015 was a challenging year for the U.S. government’s cyber defenses – 67,000 system intrusions were detected and a record $12.5 billion was spent defending itself against attack.

What has transpired since OPM was critically breached? Here’s a recap:

• More and more facts have emerged about the attack.

• Some even found positives in the breach, such as the realization that two-factor authentication (smartcard and password) had to increase across the federal government.

• The Department of Defense weighed in on its lessons learned from the OPM breach.

• Back at OPM, new cybersecurity adviser, Clifton Triplett, warned that ISIS could have its sights set on breaching the Office’s systems too.

• And then, of course, we had the federal cyber sprint.

On the policy side, The White House and China agreed to establish a dialog on fighting cybercrime in September 2015.  While earlier this year, President Obama proposed a 35% increase in cybersecurity spending in his 2017 budget and announced a new federal position – the Chief Information Security Officer (CISO).

It’s About National Security, Not Just IT Security

Since the OPM attack, the U.S. has been in national emergency mode. And nearly one year since, President Obama renewed that declaration due to continued cyberattacks on U.S. interests.

“… significant malicious cyber-enabled activities continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.  For this reason, the national emergency declared on April 1, 2015, and the measures adopted on that date to deal with that emergency, must continue in effect beyond April 1, 2016.”

-President Obama, March 29, 2016.

The emergency declaration gives the administration continued authority to impose sanctions on foreign nationals (rather than the government or organizations they work for) committing cybercrimes against the U.S.

The Cyber Talent Drought Continues

According to Market Research Media, the annual cybersecurity spend is bigger than any other cyber market and is estimated to grow from $18 billion in 2017 to $22 billion by 2022.

While hefty budgets create big opportunities for cybersecurity vendors, federal agencies are still struggling to recruit and retain the cybersecurity talent needed to meet the threat (there are currently 10,000 openings across federal agencies). And there appears to be anything but a consistent strategy across agencies to deal with the staffing problem, says Politico.

So what will the remainder of 2016 bring? Watch this space.

Caron Beesley Government Writer

Caron Beesley is a technology writer with a specific focus on the government sector.