The U.S Is Losing the Cyber War

The huge theft from the Office of Personnel Management comes after years of Obama administration passivity despite repeated digital attacks.  The Obama administration has disclosed that for the past year China had access to the confidential records of four million federal employees.

This was the biggest breach ever, until the administration later admitted the number of hacked employees is at least 18 million. In congressional testimony it became clear the number could reach 32 million, all current and former federal workers.

The Chinese hackers managed to gain “administrator privileges,” allowing them full access to the computers of the US Office of Personnel Management. Among other things, they were able to download confidential forms that list “close or continuous contacts,” including those overseas—giving Beijing a new tool to identify and suppress dissenters.

That’s not the worst of it. The administration disclosed a separate intrusion that gave Beijing full access to the confidential background-check information on federal employees and private contractors who apply for security clearances. That includes the 4.5 million Americans who currently have access to the country’s top secrets. The potential for blackmail is chilling.
Since 1996 the Defense Department has considered 18,272 appeals from contractors whose security-clearance applications were denied. Decisions in these cases are posted, without names, on a Pentagon website under the heading “Industrial Security Clearance Decisions.” These are detailed case assessments on whether these individuals can be trusted or whether something in their background disqualifies them. China now knows who they are.

One man kept his security clearance despite admitting a 20-year affair with his college roommate’s wife, about which his own wife was unaware. Another accessed pornography on his work computer and didn’t tell his wife “because he feels embarrassed by his conduct.” Another admitted shooting his teenage son in the leg. Other cases detailed spousal abuse, drugs, alcoholism, tax evasion and gambling.

OPM director Katherine Archuleta tried to dodge blame for the security lapses. “I don’t believe anyone is personally responsible,” she told a Senate committee last week. “If there’s anyone to blame, it’s the perpetrators.”
That’s bunk. It’s normal for governments to spy on each other. “If I, as director of the CIA or National Security Agency, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice,” Michael Hayden, who has headed both agencies, told a Wall Street Journal conference recently. 

The Edward Snowden leaks distracted Washington from the pressing challenge of using intelligence better to prevent foreign hacking of Americans, a challenge only the NSA has the range of tools to meet.

The Obama administration passively endured years of cyber attacks leading to these most recent hacks. It only reluctantly named North Korea as the culprit in the hacking of Sony Pictures. A federal prosecutor indicted five Chinese military hackers, but the defendants remain safe in China. Mr. Obama got authority to order Treasury Department sanctions against anyone involved in a cyber attack that poses a “significant threat” against the US or an American company, but he has not used the power.

Mr. Clapper says it’s time for the US to get tougher by outlining in advance what the US response will be based on the seriousness of a hacking incident. He proposes specific punishments for crossing various hacking “red lines.” 
Americans expect their government to protect them in the digital, as much as the physical, world. The next president should accept the responsibility to fight back against cyber war before more is lost.

WSJ: http://on.wsj.com/1JsvPdL

« GCHQ Has Spied on Every Web User, Ever…
Xi Jinping At Seattle Tech Summit »

Directory of Suppliers

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

French Expert Center Against Cybercrime (CECyF)

French Expert Center Against Cybercrime (CECyF)

CECyF is a centre of excellence for countering cybercrime in France.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Pathway Forensics

Pathway Forensics

Pathway Forensics is a leading provider of computer forensics, e-discovery services and digital investigations.

LuJam Cyber

LuJam Cyber

LuJam Cyber is a cybersecurity company that provides protection to SME Networks.

Softline

Softline

Softline is a leading global Information Technology solutions and services provider focused on emerging markets of Eastern Europe, Americas, and Asia.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.