USPS issued a FAQ on the breach, saying only that it occurred “recently” but it emerged during a hearing before the House federal workforce subcommittee that the breach happened in September.
The Postal Service said that delaying announcement– speculation has centered on the Chinese government as the culprit – was necessary to help mitigate the problem and forego having to shut down its systems.
Miskanic told the committee that when it learned of the intrusion the USPS invoked its Mass Data Compromise Response Plan to ensure an appropriate level of technical, investigative and communications response.
Fewtechnical details on the breach are available but followsapparently similar breaches on an unclassified White House system, with the National Oceanic and Atmospheric Administration, and the State Department.
House Oversight and Government Reform Committee chair, Darrell Issa, R-CA, said the breach underscores the need for information security reform, and he vowed to press the Administration for details as to why the breach was not announced earlier.
The chair of the Senate Homeland Security and Governmental Affairs Committee, Tom Carper, D-Del., also cited the attack in calling on colleagues to move on cybersecurity legislation, including legislation designed to help the public and private sectors work together to tackle cyber threats more effectively.
The incident could also accelerate DHS’s growing role in continuous diagnostics and mitigation. OMB recently updated information security guidance to require the department to conduct regular and proactive scans of agency networks to improve incident response. More on that here: http://www.whitehouse.gov/omb/blog
