This from the excellent British IT site - The Register:
US mega-hack: White House orders govt IT to do what it should have done in the first place
No, you're not reading The Onion
In response to this week's data breach at the US Office of Personnel Management, the White House has ordered federal agencies to immediately deploy state-of-the-art anti-hacker defenses – things like installing security patches, and not giving everyone the admin password.
This groundbreaking cyber-edict comes after dossiers packed with highly sensitive personal information on American intelligence and military staffers were reportedly stolen from a government database.
In a statement today, officials at the White House's Office of Management and Budget said federal agency sysadmins have been told to take steps including:
-
- Install software patches for critical vulnerabilities "without delay."
- Use antivirus and check log files for "indicators" of malware infection or intrusion.
- Start using two-factor authentication.
- Slash the number of people with administrator-level access and limit what they can do and for how long per-login-session, and "ensure that privileged user activities are logged and that such logs are reviewed regularly."
"Recent events underscore the need to accelerate the administration’s cyber strategy and confront aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure," the White House officials added.
Sadly, there is more at the site. Want to see how the Federal Information Technology infrastructure is being run? Here is a great analogue from the very early 1900's - the Keystone Cops: