The cyber attack aimed at Sony Pictures two weeks ago was extremely sophisticated - so sophisticated, experts say, that the same attack could have made it through the defenses of almost any large organization, including ones now used by federal agencies.
"Hacks like the ones at Sony, Target and Home Depot are happening at a rate we've never seen," said Sean Moore, chief technical officer with cyber security firm Centripetal Networks' Portsmouth office. "This is a global problem. There are people being paid to try to get inside systems in this country 24/7. And the truth is, if they want to get in, they will. Honestly, they're probably already in there."
The numbers appear to back Moore up. There were almost 61,000 cyber attacks and security breaches across the entire federal government last year, according to a recent Obama administration report. And the number of cyber incidents involving government agencies has jumped 35 percent between 2010 and 2013, from roughly 34,000 to about 46,000, according to another recent report by the Government Accountability Office.
New Hampshire information technology officials are constantly assessing potential threats to state computers, said Leslie Williams, chief information security officer for the New Hampshire Department of Information Technology (DoIT).
"Threats are increasingly sophisticated and targets are broadening where everyone is a potential victim," wrote Williams. "We saw, and maybe you have experienced first-hand, the rise of targeted attacks, mobile threats, and risks with the use of social media. With the surge of mobile device offerings, just saying 'no' is no longer a valid security stance, so we must find a way to allow the secure use of these devices."
Wendy Pouliot, director of operations for the DoIT, said to help protect New Hampshire residents, her department has "a dynamic enterprise-wide cyber security program leveraging a defense-in-depth strategy.
"The security of the state's data is of paramount importance to us, and we are constantly working to improve our cyber security program," Pouliot said. "Our efforts include building security into the state's applications and databases from conception of the project, establishing and adhering to policies and procedures to appropriately harden our infrastructure, implementing controls and solutions that allow us to detect attacks and identify suspicious activities and responding to emerging software and hardware vulnerabilities as they are identified."
Pouliot said her department works closely with federal officials to try and stay one step ahead of hackers.
"We collaborate with the Department of Homeland Security's United States Computer Emergency Response Team (US-CERT), Center for Internet Security, Multi-State Information and Analysis Center, and various local and federal law enforcement agencies to address cyber threats," Pouliot said. "NH DoIT also actively participates in government-wide exercises and discussions around defensive tactics and strategies. Our goal is to protect our network, our data and our employees and ensure we are able to meet the state's mission in a safe and secure environment."
According to a Norton Cybercrime Report, 552 million consumer identities were stolen as part of retailer data breaches in 2013. Moore's company, Centripetal Networks, provides Active Network Defense programs, including RuleGate, which examines live traffic to identify threats.
"There's data out there saying there are 5 million active cyber criminal sites," said Moore. "Something like 15-20 percent of all Web traffic is thought to be criminal in nature. That's a lot. RuleGate scans the traffic looking for IP addresses identified as working with these sites and keeps them out."
The algorithm for RuleGate, as well as its boards and circuitry, were developed and manufactured in Portsmouth.
Unclassified networks at the White House and State Department were recently hacked, leading the State Department to shut down its email system for days last month.
Last July, hackers hit the Energy Department and took personally identifiable information from more than 100,000 people "that could be used to damage the financial and personal interests of many individuals," according to a report by the department's inspector general.
The data included names, dates and places of birth; Social Security and bank account numbers; along with information about their education and disabilities, according to the report. The hack cost the government almost $4 million in credit monitoring fees and lost productivity.