The U.S Is Losing the Cyber War

The huge theft from the Office of Personnel Management comes after years of Obama administration passivity despite repeated digital attacks.  The Obama administration has disclosed that for the past year China had access to the confidential records of four million federal employees.

This was the biggest breach ever, until the administration later admitted the number of hacked employees is at least 18 million. In congressional testimony it became clear the number could reach 32 million, all current and former federal workers.

The Chinese hackers managed to gain “administrator privileges,” allowing them full access to the computers of the US Office of Personnel Management. Among other things, they were able to download confidential forms that list “close or continuous contacts,” including those overseas—giving Beijing a new tool to identify and suppress dissenters.

That’s not the worst of it. The administration disclosed a separate intrusion that gave Beijing full access to the confidential background-check information on federal employees and private contractors who apply for security clearances. That includes the 4.5 million Americans who currently have access to the country’s top secrets. The potential for blackmail is chilling.
Since 1996 the Defense Department has considered 18,272 appeals from contractors whose security-clearance applications were denied. Decisions in these cases are posted, without names, on a Pentagon website under the heading “Industrial Security Clearance Decisions.” These are detailed case assessments on whether these individuals can be trusted or whether something in their background disqualifies them. China now knows who they are.

One man kept his security clearance despite admitting a 20-year affair with his college roommate’s wife, about which his own wife was unaware. Another accessed pornography on his work computer and didn’t tell his wife “because he feels embarrassed by his conduct.” Another admitted shooting his teenage son in the leg. Other cases detailed spousal abuse, drugs, alcoholism, tax evasion and gambling.

OPM director Katherine Archuleta tried to dodge blame for the security lapses. “I don’t believe anyone is personally responsible,” she told a Senate committee last week. “If there’s anyone to blame, it’s the perpetrators.”
That’s bunk. It’s normal for governments to spy on each other. “If I, as director of the CIA or National Security Agency, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice,” Michael Hayden, who has headed both agencies, told a Wall Street Journal conference recently. 

The Edward Snowden leaks distracted Washington from the pressing challenge of using intelligence better to prevent foreign hacking of Americans, a challenge only the NSA has the range of tools to meet.

The Obama administration passively endured years of cyber attacks leading to these most recent hacks. It only reluctantly named North Korea as the culprit in the hacking of Sony Pictures. A federal prosecutor indicted five Chinese military hackers, but the defendants remain safe in China. Mr. Obama got authority to order Treasury Department sanctions against anyone involved in a cyber attack that poses a “significant threat” against the US or an American company, but he has not used the power.

Mr. Clapper says it’s time for the US to get tougher by outlining in advance what the US response will be based on the seriousness of a hacking incident. He proposes specific punishments for crossing various hacking “red lines.” 
Americans expect their government to protect them in the digital, as much as the physical, world. The next president should accept the responsibility to fight back against cyber war before more is lost.

WSJ: http://on.wsj.com/1JsvPdL

« GCHQ Has Spied on Every Web User, Ever…
Xi Jinping At Seattle Tech Summit »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

Softtek

Softtek

Softtek provides comprehensive software Quality Assurance and Testing that identifies the correctness, completeness, and quality level of software products.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

DEFENTEK - National Security Informatics

DEFENTEK - National Security Informatics

Defentek (aka National Security Informatics) is a technology consortium covering a broad spectrum of intelligence computing solutions and interception technologies.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Nemstar

Nemstar

Nemstar is a specialist in Information Security & Cyber Training with over 25 years' industry experience.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.