The U.S Is Losing the Cyber War

Uploaded on 2015-09-28 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-Defence, FREE TO VIEW

The huge theft from the Office of Personnel Management comes after years of Obama administration passivity despite repeated digital attacks.  The Obama administration has disclosed that for the past year China had access to the confidential records of four million federal employees.

This was the biggest breach ever, until the administration later admitted the number of hacked employees is at least 18 million. In congressional testimony it became clear the number could reach 32 million, all current and former federal workers.

The Chinese hackers managed to gain “administrator privileges,” allowing them full access to the computers of the US Office of Personnel Management. Among other things, they were able to download confidential forms that list “close or continuous contacts,” including those overseas—giving Beijing a new tool to identify and suppress dissenters.

That’s not the worst of it. The administration disclosed a separate intrusion that gave Beijing full access to the confidential background-check information on federal employees and private contractors who apply for security clearances. That includes the 4.5 million Americans who currently have access to the country’s top secrets. The potential for blackmail is chilling.
Since 1996 the Defense Department has considered 18,272 appeals from contractors whose security-clearance applications were denied. Decisions in these cases are posted, without names, on a Pentagon website under the heading “Industrial Security Clearance Decisions.” These are detailed case assessments on whether these individuals can be trusted or whether something in their background disqualifies them. China now knows who they are.

One man kept his security clearance despite admitting a 20-year affair with his college roommate’s wife, about which his own wife was unaware. Another accessed pornography on his work computer and didn’t tell his wife “because he feels embarrassed by his conduct.” Another admitted shooting his teenage son in the leg. Other cases detailed spousal abuse, drugs, alcoholism, tax evasion and gambling.

OPM director Katherine Archuleta tried to dodge blame for the security lapses. “I don’t believe anyone is personally responsible,” she told a Senate committee last week. “If there’s anyone to blame, it’s the perpetrators.”
That’s bunk. It’s normal for governments to spy on each other. “If I, as director of the CIA or National Security Agency, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice,” Michael Hayden, who has headed both agencies, told a Wall Street Journal conference recently. 

The Edward Snowden leaks distracted Washington from the pressing challenge of using intelligence better to prevent foreign hacking of Americans, a challenge only the NSA has the range of tools to meet.

The Obama administration passively endured years of cyber attacks leading to these most recent hacks. It only reluctantly named North Korea as the culprit in the hacking of Sony Pictures. A federal prosecutor indicted five Chinese military hackers, but the defendants remain safe in China. Mr. Obama got authority to order Treasury Department sanctions against anyone involved in a cyber attack that poses a “significant threat” against the US or an American company, but he has not used the power.

Mr. Clapper says it’s time for the US to get tougher by outlining in advance what the US response will be based on the seriousness of a hacking incident. He proposes specific punishments for crossing various hacking “red lines.” 
Americans expect their government to protect them in the digital, as much as the physical, world. The next president should accept the responsibility to fight back against cyber war before more is lost.

WSJ: http://on.wsj.com/1JsvPdL

« GCHQ Has Spied on Every Web User, Ever…
Xi Jinping At Seattle Tech Summit »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

Bitdefender

Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Grypho5

Grypho5

Grypho5 offers managed packages to protect where threat actors strike most. We defend your infrastructure dynamically, leaving you to focus on other priorities.