The OpSec Blog

Security and privacy information and advice at home and abroad.

Security Firm RSA Attacked

leave a comment »

RSA, designers of the SecureID authentication tokens, was reportedly the victim of a sophisticated cyberattack on Thursday (New York Times, Ars Technica, RSA Open Letter).  While they’ve determined (so far) that the SecureID tokens have not been directly compromised, the attack is just the latest in a string of highly sophisticated assaults on US-based companies involved in protecting National Security information.

This could have direct implications for the State Department, which was in the final stages of implementing the SecureID tokens for global mobile access to the unclassified Department network.

As a Security Engineering Officer not currently assigned as a Regional Computer Security Officer (RCSO), I don’t have much of a stake in this.  Cyber security is not part of our daily job; Information Resource Management (IRM) with the assistance of the RCSOs do a good job protecting State Department networks from attack.  I will say that two-factor authentication, a common security best practice, does not mean much if one factor is broken (such as the SecureID token).  I am sure IRM (…and numerous other government agencies) is following the story closely as it develops.


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: