Was it the Chinese? How about the Russians? The Iranians, maybe?

The question of “Who hacked the federal Office of Personnel Management?” is of great interest to diplomats, law enforcement officers and reporters. But for the information security professionals who will be meeting this week in Minneapolis, there’s a more pressing question: Why did it take OPM five months — from the penetration in December to its discovery in April — to realize that hackers were stealing personal data on 4 million employees, many of them in very sensitive jobs?

Five months is a very long time. The hackers — whoever they are — had ample time to insert their tools into OPM’s computer systems and watch the progress of these malevolent agents as they probed the government’s personnel records and automatically morphed to hide from common defensive measures. These intruders then identified the target data, figured out how to copy it without being detected and sent it to the bad guys using OPM’s own telecommunications networks.

The hackers don’t have to give their tools step-by-step instructions. The best hacker tools are stealthy and largely automatic and can disguise themselves as nonmalicious files.

The private sector is generally no faster at detecting cyberattacks than the government. Close to home, the hack at Target Corp. happened on Nov. 12, 2013, and wasn’t confirmed until Dec. 15. The delay in discovery meant that the intruders had access to customer credit card data during the busy holiday shopping season.

How can this happen? We know that there were plenty of alarms in the Target breach. Security professionals at the retailer were apparently overwhelmed by the number of threat alerts and unable to sort them out. (Think of what happens when a car alarm goes off in a parking lot: It happens so frequently that most of us ignore the alarms and consider them a nuisance.)

One health care company reports receiving 50 security alerts — per minute! There is no hope of humans processing that quantity of information and identifying the most serious threats.

My own company uses real-time machine learning and artificial intelligence to automate the detection of threats and identify the most serious ones for our customers. We use sophisticated computer systems to fight the very sophisticated hackers and their arsenal of malware. There really is a “Star Wars” aspect to it. Our tools quickly fight your hacking tools, with few orders from us.

“Who did it?” is an obvious question, but for security officers it’s a distraction. The question they should ask is, “Why didn’t we know about this quickly?”


Rick Geehan is vice president of Vectra Networks, a computer security company in San Jose, Calif. He is a native of Bloomington.