Until now, it might have been easy for government agencies that are not in the defense or intelligence business to think that state-sponsored cyberattacks were something they didn't have to worry about. But if there is any lesson from the news that Google and dozens of other nondefense companies were recent targets of sophisticated hacks run through China, it's that civilian agencies are not as safe from such threats as some of them might think. "These were regular old businesses being attacked," said Alan Paller, director of research at the SANS Institute, which provides cybersecurity training programs. "This means that regular old federal agencies are being attacked the same way, and they are, but their managers don't know it." What's worse, agencies have been required to take an approach to cybersecurity that makes it extremely difficult to protect themselves from these kinds of assaults, Paller and other security experts say.
