A Taxonomy of Data Breaches: Defining the Impacts of Digital Theft and Understanding its Threat to US Government Facilities Sector

Abstract:

On October 19, 1995, six months after the Oklahoma City bombing of the Alfred P. Murrah Federal Building, President Clinton issued Executive Order 12977, creating the Interagency Security Committee (ISC) to address continuing government-wide security for federal facilities. Twenty-five years after, the attacks on US government facilities have transcended physical attacks to digital thefts or data breaches. A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. These stolen data often involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security. Data breaches on US government facilities often involves brute-force efforts to crack passwords or “spearphishing” messages to trick unwitting email recipients to give up their credentials.