The Russians spent a year inside the Democratic National Committee before they were discovered. It took five months for OPM to catch the thieves that stole the records of more than four million federal employees. Intruders broke into Yahoo’s systems in 2013, and we don’t even know how long they were inside; Yahoo only discovered the hack when stolen data turned up for sale on the dark web. We invest more and more in our security, but the breaches just get bigger. How many more times does this have to happen before we accept that what we’re doing isn’t working?
Earlier this month, during a Senate Armed Service Committee hearing, Admiral Michael S. Rogers, the director of the National Security Agency, told us what we need to do to fix the problem, recognizing two different kinds of cybersecurity:
- Keeping intruders out of networks.
- Identifying, containing, and ejecting them once they get inside.