The cost of focusing on offense: The State Department still hasn't removed hackers from its network

JP Morgan's fear that the government can't defend against cyberattacks might be right.

The Wall Street Journal reports that the State Department hasn't been able to remove hackers from its unclassified email system three months after the breach was discovered in November.

The hackers are said to be changing their tactics to evade the department's efforts, according to Bloomberg, which also reported on the State Department's failure to secure the network.

Officials claim the hackers are tied to the Russian government, which is thought by some to have "espionage capabilities that are almost equal to those" of the National Security Agency.

But the hack didn't require much sophistication. As the Journal reported, the intrusion started when an employee "clicked on a bogus link in an email" that loaded malware on their device.

A simple oversight with disastrous consequences -- that sounds just like the data breach at JP Morgan that prompted the company to hire "military-grade cyberwarriors" at a rapid clip!

I thought JP Morgan's efforts, which also include the construction of a cybersecurity facility near the NSA's office in Fort Meade, might be a little overblown. Now I'm not quite so sure.

If the State Department's unclassified network is going to be open to hackers more than three months after an employee fell for the oldest trick in the hacker's book, maybe JP Morgan is right to think it needs to take matters into its own hands. Or, if not right, perhaps justified.

Coming on the back of a report that NSA and Government Communications Headquarters operatives compromised SIM cards around the world, this episode lends more support to the idea that the United States focuses too much on offensive capabilities, and neglects defense.

Should it come as a surprise, then, that private companies feel the need to defend themselves?

[illustration by Brad Jonas]