The Goldman Sachs technology M&A team, led by Sam Britton, has cashed in on its software focus and decades of experience to dominate 2019's biggest deals.Technologyread more
American small and medium-size companies that rely on China are scrambling to adjust their business plans in response to the escalating trade war.Traderead more
Here are the products that stand to be the most affected by China's new tariffs on $75 billion worth of U.S. goods.Marketsread more
The summit comes amid fears over a global economic slowdown, and U.S. tensions over trade allies, Iran and Russia.Politicsread more
The world's second biggest economy is past a point where it cannot ignore its enormous debt anymore, according to an analyst.China Economyread more
Carl Medlock used to work at Tesla. Now he's one of the few people in the U.S. that can fix the company's original Roadster electric vehicles.Technologyread more
Trump does have some powerful tools that would not require approval from U.S. Congress.Politicsread more
Stocks dropped after Donald Trump ordered that U.S. manufacturers find alternatives to their operations in China.US Marketsread more
As demand for lab monkeys continues to rise, U.S. scientists are reporting delays in research projects because they can't obtain enough animals, according to the National...Politicsread more
The European Union will respond in kind if the U.S. imposes tariffs on France over digital tax plan, EU chief Donald Tusk told G-7.Technologyread more
Trump said he will raise tariffs on $250 billion in Chinese goods to 30% and hike duties on another $300 billion in products to 15%.Politicsread more
The major data breach announced Thursday at the agency that handles security clearances and federal workers' records is only the most recent intrusion into a government system—and almost certainly will not be the last. (Tweet This)
Experts say the problem is twofold: Government networks are sprawling, outdated and require bureaucratic cooperation to fix. Meanwhile, federal agencies are facing attacks from sophisticated adversaries who know how to sidestep detection.
The Office of Personnel Management will send as many as four million current and former government workers notices that their personal information might have been compromised. Officials told NBC News the breach could be the biggest cyberattack in the nation's history, potentially affecting every agency of the U.S. government. U.S. officials identified China as the culprit, a charge Chinese officials vehemently denied Friday.
More from NBC News:
Officials: China suspected of U.S. data breach affecting millions
OPM data breach: China hits back at U.S. over federal cyberattack
IRS breach puts spotlight on the Internet's 'Costco of cybercrime'
The disclosure of the attack against OPM, which began months ago, came just one week after the Internal Revenue Service revealed hackers had potentially accessed personal information for more than 100,000 taxpayers.
"People don't realize that when you're talking about a government network, you're just talking about a big network -- and often the commercial side of things might be more decently funded," Bas Alberts, the head of special projects for the Federal Services Branch of cybersecurity company Immunity Inc., told NBC News.
The public tends to have a sense that government networks must be different, or at least better protected, Alberts said. But even as the Obama administration launches new cybersecurity initiatives and policies, and agency heads testify before Congress about improving security, taking actual steps to protect federal data fortresses is difficult.
"It's not even the money as much as the process involved; everything gets caught in government glue," Richard Blech, the CEO of cybersecurity firm Secure Channels, which works with several federal agencies, told NBC News.
Last year, an estimated 10 percent of government computers were still running the outdated Windows XP when Microsoft dropped support—as it had warned for years—in April 2014, leaving those machines vulnerable even to simple attacks.
And in April 2015, around the same time OPM discovered the attack, watchdog agency the Government Accountability Office released a report saying 23 of the 24 federal agencies— including OPM— "cited information security as a major management challenge for their agency" last year.
"I've worked with these guys, and you have to go through layers and layers of groups and committees to get anything done," Blech said. "It practically takes an act of Congress to change the computer system. "
By the time federal agencies get approval to make changes to their networks, install the new systems and set up administrators, hackers have already had ample time to lob attacks and figure out a new way in, Blech said.
"In the meantime, do the hackers care about the laws and regulations the government has to be careful of?" Blech said. "No, they'll do what they want. And that's the problem."
The problem runs deeper than simple bureaucratic quagmires. Government networks like OPM's tend to grow exponentially over time, becoming larger, more sprawling and increasingly complex, said Alberts, the Immunity Inc. federal services head.
Eventually, a team is deployed to add security measures retroactively—which is tough to do when agencies don't have a good handle on the size and scope of their networks.
"The problem is that step one is knowing your network," Alberts said. "How can you protect something if you don't know the size of it? It's like trying to find a needle in a haystack, but you don't know what the needle looks like and you don't know the size of the haystack."
That's a major issue, because even advanced cyberdefense technology depends on identifying odd behavior in a network. If there's suddenly an overall burst of activity, or a strange surge in a certain part of the network, detection software will flag it as a potential attack attempt.
"It's all dependent on setting a baseline of normal behavior for your network," Alberts said. "If you don't know what's normal, you can't determine what's anomalous."
Read More Why hackers want your health-care data
That may be why the Department of Homeland Security's EINSTEIN intrusion-detection system—which monitors Internet traffic at federal agencies—didn't detect the OPM attack until April 2015, by which time the agency's system was already breached.
OPM made the discovery after it had already taken steps to beef up its security system, the agency said. But Alberts isn't surprised EINSTEIN and OPM didn't detect the attack immediately.
"A sophisticated adversary will spend millions getting into that network, developing advanced malware that doesn't make a lot of noise and won't trip the wires," Alberts said. "Network defense is hard, and it's even harder to do at scale."
But it isn't all gloom.
Blech, the Secure Channels CEO, said he is heartened by his federal customers' newfound "proactive approach,"
"There's a proactive approach now," Blech said. "I don't think we're at the point where the government says, 'Wow! We have to change the entire model to fix this!' But we're getting closer."
In the meantime, Blech said, he is "mystified" the data in these federal breaches are not encrypted—that is, the stored information isn't scrambled so it's gibberish to anyone except those who have a key to decode it. (Blech's company sells encryption solutions.)
"Hackers go after low-hanging fruit," Blech said. "Every time, it's the same story: An insider steals data or someone gets in, and all this information stored in clear text is now out there. Everyone is focused on protecting the perimeter, but the data is the real target. Why aren't we protecting the real treasure?"
Alberts of Immunity agreed the focus on keeping hackers out is shifting: "The thought model needs to be, you are not going to keep people out of your network. That's the new hotness in security."
Lawmakers have been quick to release statements about the OPM attack, either to praise the EINSTEIN program or push for legislation to move through Congress—but even they no longer sound shocked by such breaches.
"You can have politicians getting out and saying this is outrageous, and it is," Alberts said. "But the advantage here goes to the offense, and that's the tough thing. That's why we need to act."