[1] For more information, see Riley Walters, “Cyber Attacks on U.S. Companies in 2014,” Heritage Foundation Issue Brief No. 4289, October 27, 2014, http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014.
[2] For earlier reports in this series, see Paul Rosenzweig and David Inserra, “Government Cyber Failures Reveal Weaknesses of Regulatory Approach to Cybersecurity,” Heritage Foundation Issue Brief No. 3968, June 13, 2013, http://www.heritage.org/research/reports/2013/06/weaknesses-of-a-regulatory-approach-to-cybersecurity; Paul Rosenzweig, “The Alarming Trend of Cybersecurity Breaches and Failures in the U.S. Government Continues,” Heritage Foundation Issue Brief No. 3772, November 13, 2012, http://www.heritage.org/research/reports/2012/11/cybersecurity-breaches-and-failures-in-the-us-government-continue; and Paul Rosenzweig, “The Alarming Trend of Cybersecurity Breaches and Failures in the U.S. Government,” Heritage Foundation Backgrounder No. 2695, May 24, 2012, http://www.heritage.org/research/reports/2012/05/the-alarming-trend-of-cybersecurity-breaches-and-failures-in-the-us-government.
[3] Hearing, “Cybersecurity, Terrorism, and Beyond: Addressing Evolving Threats to the Homeland,” Homeland Security and Governmental Affairs Committee, U.S. Senate, 113th Congress, 2nd Session, September 10, 2014, http://www.cq.com/doc/congressionaltranscripts-4544717?3 (accessed October 20, 2014).
[4] Seth Rosenblatt, “Nuclear Regulator Hacked 3 Times in 3 Years,” CNET, August 18, 2014, http://www.cnet.com/news/nuclear-commission-hacked-3-times-in-3-years/ (accessed October 10, 2014).
[5] Brian Honea, “Virginia Man Sentenced for Hacking Fannie Mae-Run Website,” DSNews, October 10, 2014, http://dsnews.com/news/10-10-2014/virginia-man-sentenced-hacking-fannie-mae-run-website (accessed October 15, 2014).
[6] Brian Brewin, “Hacker Attacks Defense Pharmacy Site,” Nextgov, January 24, 2011, http://www.nextgov.com/health/2011/01/hacker-attacks-defense-pharmacy-site/48356/ (accessed October 15, 2014).
[7] Press Release, “NOAA National Weather Service Employee Indicted for Allegedly Downloading Restricted Government Files,” U.S. Attorney’s Office for the Southern District of Ohio, October 20, 2014, http://www.fbi.gov/cincinnati/press-releases/2014/noaa-national-weather-service-employee-indicted-for-allegedly-downloading-restricted-government-files (accessed October 21, 2014).
[8] Siobhan Gorman, “Iranian Hacking to Test NSA Nominee Michael Rogers; Infiltration of Navy Computer Network More Extensive than Previously Thought,” Wall Street Journal (Online), February 18, 2014, http://online.wsj.com/news/articles/SB10001424052702304899704579389402826681452?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304899704579389402826681452.html (accessed March 31, 2013).
[9] Jim Finkle and Joseph Menn, “FBI Warns of U.S. Government Breaches by Anonymous Hackers,” Reuters, November 15, 2013, http://www.reuters.com/article/2013/11/15/us-usa-security-anonymous-fbi-idUSBRE9AE17C20131115 (accessed October 20, 2014), and Darren Pauli, “Aussies Hacked Pentagon, US Army, and Others,” itnews, October 29, 2013, http://www.itnews.com.au/News/362202,aussies-hacked-pentagon-us-army-and-others.aspx (accessed October 20, 2014).
[10] Press Release, “Two Admit Roles in Multimillion-Dollar International Cybercrime Scheme,” U.S. Attorney’s Office, District of New Jersey, May 20, 2014, http://www.justice.gov/usao/nj/Press/files/Gundersen,%20Richard,%20and%20Taylor,%20Lamar%20Plea%20PR.html (accessed October 20, 2014).
[11] U.S. Department of Energy, Office of Inspector General, The Department of Energy’s Unclassified Cyber Security Program—201, DOE/IG-0897, October 2013, http://energy.gov/sites/prod/files/2013/11/f4/IG-0897.pdf (accessed April 14, 2014).
[12] Finkle and Menn, “FBI Warns of U.S. Government Breaches,” and Privacy Rights Clearinghouse, “Chronology of Data Breaches,” https://privacyrights.org/data-breaches (accessed March 25, 2014).
[13] “Report: Chinese Hackers Attacked Crucial Government Election Website,” CNN, December 17, 2013, http://politicalticker.blogs.cnn.com/2013/12/17/report-chinese-hackers-attacked-crucial-government-election-website/ (accessed March 25, 2014).
[14] Government Accountability Office, Information Security: IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk, GAO–14–405, April 2014, http://www.gao.gov/assets/670/662371.pdf (accessed April 14, 2014).
[15] Privacy Rights Clearinghouse, “Chronology of Data Breaches.”
[16] Finkle and Menn, “FBI Warns of U.S. Government Breaches,” and Pauli, “Aussies Hacked Pentagon, US Army, and Others.”
[17] Denver Nick, “Obamacare Website Was Hacked in July,” Time, September 4, 2014, http://time.com/3270936/obamacare-website-was-hacked-in-july/ (accessed October 6, 2014).
[18] Jose Pagliery, “Security Hole Found in Obamacare Website,” CNN, October 29, 2013, http://money.cnn.com/2013/10/29/technology/obamacare-security/index.html?section=money_technology (accessed April 9, 2014).
[19] Elizabeth Harrington, “Hearing: Security Flaws in Obamacare Website Endanger Americans,” Washington Free Beacon, November 19, 2013, http://freebeacon.com/issues/hearing-security-flaws-in-obamacare-website-endanger-americans/ (accessed April 9, 2014).
[20] Devin Dwyer, “Exclusive: Security Risks Seen at HealthCare.gov Ahead of Sign-Up Deadline,” ABC News, December 20, 2013, http://abcnews.go.com/blogs/politics/2013/12/exclusive-security-risks-seen-at-healthcare-gov-ahead-of-sign-up-deadline (accessed April 9, 2014).
[21] Jeryl Bier, “Opportunistic Marketers Exploit Opening at Healthcare.gov,” January 23, 2014, https://www.washingtonexaminer.com/news/1169080/security-expert-attacker-can-host-any-content-under-healthcare-gov-umbrella/ (accessed April 10, 2014).
[22] Finkle and Menn, “FBI Warns of U.S. Government Breaches,” and Pauli, “Aussies Hacked Pentagon, US Army, and Others.”
[23] Michael S. Schmidt, David E. Sanger, and Nicole Perlroth, “Chinese Hackers Pursue Key Data on U.S. Workers,” The New York Times, July 9, 2014, http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html?hp&action=click&pgtype=Homepage&version=LedeSum&module=first-column-region®ion=top-news&WT.nav=top-news&_r=1 (accessed October 3, 2014).
[24] “Anonymous Says Attack Put CIA Website Offline,” BBC News, February 11, 2012, http://www.bbc.co.uk/news/world-us-canada-16993488 (accessed October 10, 2014).
[25] Josh Hicks, “VA Software Glitch Exposed Veterans’ Personal Information,” The Washington Post, January 22, 2014, http://www.washingtonpost.com/blogs/federal-eye/wp/2014/01/22/va-software-glitch-exposed-veterans-personal-information (accessed March 24, 2014).
[26] U.S. Department of Education, Office of Inspector General, The U.S. Department of Education’s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013, ED-OIG/A11N0001, November 2013, p. 10, http://www2.ed.gov/about/offices/list/oig/auditreports/fy2014/a11n0001.pdf (accessed April 10, 2014).
[27] Brian Fung, “Online Outage Cripples U.S. Court System,” The Washington Post, January 24, 2014, http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/24/online-attack-cripples-u-s-court-system (accessed March 25, 2014).
[28] Craig Timberg and Ellen Nakashima, “Government Computers Running Windows XP Will Be Vulnerable to Hackers after April 8,” March 16, 2014, http://www.washingtonpost.com/business/technology/government-computers-running-windows-xp-will-be-vulnerable-to-hackers-after-april-8/2014/03/16/9a9c8c7c-a553-11e3-a5fa-55f0c77bf39c_story.html (accessed April 10, 2014), and Ina Fried, “Some Businesses, Governments Still Getting XP Support From Microsoft, for a Hefty Price,” re/code, April 9, 2014, http://recode.net/2014/04/09/some-businesses-governments-still-getting-xp-support-from-microsoft-for-a-hefty-price/ (accessed October 23, 2014).
[29] U.S. Government Accountability Office, Information Security: Federal Agencies Need to Enhance Responses to Data Breaches, GAO–14–487T, April 2, 2014, http://gao.gov/assets/670/662227.pdf (accessed April 10, 2014).
[30] For a more detailed summary of our views on this, see Steven P. Bucci, Paul Rosenzweig, and David Inserra, “A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace,” Heritage Foundation Backgrounder No. 2785, April 1, 2013, http://www.heritage.org/research/reports/2013/04/a-congressional-guide-seven-steps-to-us-security-prosperity-and-freedom-in-cyberspace; David Inserra and Paul Rosenzweig, “Cybersecurity Information Sharing: One Step Toward U.S. Security, Prosperity, and Freedom in Cyberspace,” Heritage Foundation Backgrounder No. 2899, April 1, 2013, http://www.heritage.org/research/reports/2014/04/cybersecurity-information-sharing-one-step-toward-us-security-prosperity-and-freedom-in-cyberspace; and David Inserra, “Senate Cyber Information-Sharing Bill on the Right Track but Improvements Needed,” Heritage Foundation Issue Brief No. 4269, September 2, 2014, http://www.heritage.org/research/reports/2014/09/senate-cyber-information-sharing-bill-on-the-right-track-but-improvements-needed.