Postal Service takes restrained, methodical approach to cyberattack. Was this the right strategy
When US Postal Service (USPS) officials received word about a major network intrusion earlier this year, one of its first instructions was to take no immediate action.
In an effort to prevent the intruders from knowing they had been discovered, the postal service’s Office of the Inspector General advised the USPS’s corporate information security officer Charles McGann not to initiate any mitigation measures. That included such actions as network scanning, reimaging systems, resetting passwords, taking systems offline, or searching for IP addresses.
Instead, for several weeks investigators from the postal service, the US Computer Emergency Response Team (US-CERT), and the FBI Service worked quietly to determine the scope and nature of the intrusion before finally shutting it down almost two months later.
Without knowing the exact causes, it is difficult to speculate on why the USPS’s initial response was to allow the attack to continue, said John Pescatore, director of emerging security trends at the SANS Institute. “In order to be prepared to respond rapidly and effectively to an incident, you need to have some processes and controls in place,” he said in an email to InformationWeek.
Pescatore also recommended that organizations need to have a baseline, or a known good state that they can revert back to quickly in an emergency. “[It] sounds like some or all of that was missing with USPS, or they were depending on contractor services that couldn’t start right away.”
Incompetent
Reparations! Reparations! #CHA-CHING
The Post Office is seriously run by idiots. Instead of nipping the situation in the bud, they allowed it to get completely out of hand.
In other words he didn’t know what to do and decided to take the day off to have a few drinks and go fishing!
I’ll bet the first thing Donahoe did when he found out about the security breach was to protect his money. The second thing he did was nothing.