The U.S Is Losing the Cyber War

Uploaded on 2015-09-28 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-Defence, FREE TO VIEW

The huge theft from the Office of Personnel Management comes after years of Obama administration passivity despite repeated digital attacks.  The Obama administration has disclosed that for the past year China had access to the confidential records of four million federal employees.

This was the biggest breach ever, until the administration later admitted the number of hacked employees is at least 18 million. In congressional testimony it became clear the number could reach 32 million, all current and former federal workers.

The Chinese hackers managed to gain “administrator privileges,” allowing them full access to the computers of the US Office of Personnel Management. Among other things, they were able to download confidential forms that list “close or continuous contacts,” including those overseas—giving Beijing a new tool to identify and suppress dissenters.

That’s not the worst of it. The administration disclosed a separate intrusion that gave Beijing full access to the confidential background-check information on federal employees and private contractors who apply for security clearances. That includes the 4.5 million Americans who currently have access to the country’s top secrets. The potential for blackmail is chilling.
Since 1996 the Defense Department has considered 18,272 appeals from contractors whose security-clearance applications were denied. Decisions in these cases are posted, without names, on a Pentagon website under the heading “Industrial Security Clearance Decisions.” These are detailed case assessments on whether these individuals can be trusted or whether something in their background disqualifies them. China now knows who they are.

One man kept his security clearance despite admitting a 20-year affair with his college roommate’s wife, about which his own wife was unaware. Another accessed pornography on his work computer and didn’t tell his wife “because he feels embarrassed by his conduct.” Another admitted shooting his teenage son in the leg. Other cases detailed spousal abuse, drugs, alcoholism, tax evasion and gambling.

OPM director Katherine Archuleta tried to dodge blame for the security lapses. “I don’t believe anyone is personally responsible,” she told a Senate committee last week. “If there’s anyone to blame, it’s the perpetrators.”
That’s bunk. It’s normal for governments to spy on each other. “If I, as director of the CIA or National Security Agency, would have had the opportunity to grab the equivalent in the Chinese system, I would not have thought twice,” Michael Hayden, who has headed both agencies, told a Wall Street Journal conference recently. 

The Edward Snowden leaks distracted Washington from the pressing challenge of using intelligence better to prevent foreign hacking of Americans, a challenge only the NSA has the range of tools to meet.

The Obama administration passively endured years of cyber attacks leading to these most recent hacks. It only reluctantly named North Korea as the culprit in the hacking of Sony Pictures. A federal prosecutor indicted five Chinese military hackers, but the defendants remain safe in China. Mr. Obama got authority to order Treasury Department sanctions against anyone involved in a cyber attack that poses a “significant threat” against the US or an American company, but he has not used the power.

Mr. Clapper says it’s time for the US to get tougher by outlining in advance what the US response will be based on the seriousness of a hacking incident. He proposes specific punishments for crossing various hacking “red lines.” 
Americans expect their government to protect them in the digital, as much as the physical, world. The next president should accept the responsibility to fight back against cyber war before more is lost.

WSJ: http://on.wsj.com/1JsvPdL

« GCHQ Has Spied on Every Web User, Ever…
Xi Jinping At Seattle Tech Summit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Mexis

Mexis

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Leaf IT

Leaf IT

Leaf IT are a pioneering cloud-first MSP, dedicated to helping businesses in the UK and Ireland. We focus on delivering tangible results for our clients through IT transformation.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

AppSentinels

AppSentinels

Appsentinels are a group of security and technology experts with a mission to fix gaps in application security.