USNEWS
OPINION
Hacker's Paradise
China's hack of federal employee records could be just the beginning of the U.S.'s cybersecurity problems.
By Peter Roff
July 1, 2015 | 1:30 p.m. EDT
+ More
The end of the week before a long weekend is always a good time to get rid of a nettlesome employee without anyone taking very much notice. Most people are headed out of town, newspapers operate with skeleton staffs and bloggers are at the beach.
Knowing this, it would probably be a good idea if Katherine Archuleta, the director of the U.S. Office of Personnel Management, started polishing her resume and getting her affairs in order. In her current position, she's probably not long for the world.
Congressional Republicans are calling for her head. The media is asking penetrating questions. Most ominously, for her anyway, the White House is making a point of standing behind her. White House Press Secretary Josh Earnest defended her last week saying "the administration and the president continue to believe that she's the right person for the job."
If anyone has yet to figure it out, Archuleta is being set up to take the rap for the hack, probably by the Chinese, of sensitive U.S. computer systems that let the unredacted records of millions, if not tens of millions, of federal employees out into the open.
[SEE: Chinese Hacking Cartoons]
There are a lot of reasons this is bad, most of them obvious. Some are not. According to one former senior U.S. government official with expertise in cybersecurity with whom I spoke, the hack may have exposed the covert identities of intelligence officers working undercover as U.S. government employees in non-security related agencies.
According to the Government Accountability Office, the number of "information security incidents" in which federal data was compromised – which is a softer way of saying stolen – has risen from 5,503 in 2006 to 67,168 in 2014. That information was conveyed to the U.S. House Homeland Security committee by Gregory Wilshusen, the GAO information security director, who, according to the Washington Times, also said the National Cybersecurity Protection System may just not be effective at keeping intruders out of government data.
What happened on Archuleta's watch is as damaging as the leaks coming from Edward Snowden and others who have managed to penetrate America's cybersecurity shield. Someone has to be held accountable, and it's probably going to be her. But there's a more outrageous problem that very few have heretofore noticed: Federal, state and local governments are already doing business with the Chinese in the cybersecurity arena.
ChinaSoft is a Chinese-owned company that provides a plethora of IT services including strategic consulting to over 60 industries. According to its website, these services include e-government. In November 2013, it merged with a company called Catapult Systems. The combined company has a client base that includes the United States Air Force Space Operations Center, ERCOT (which runs the Texas electric grid), the Federal Reserve Board, the U.S. Department of Treasury, the U.S. Army and the U.S. Department of Education.
[SEE: Congress Cartoons]
Does it matter that a Chinese-owned company is performing work on U.S. government systems? The short answer, especially in light of the most recent hack, is almost unambiguously yes. Hiring a foreign owned firm increases the risk that insiders with access to some parts of the system may acquire the information necessary to hack the rest.
This is the debate surrounding Huawei, a Chinese-owned telecommunications company that wanted to supply the government with telecommunications equipment and services. In October 2012, the U.S. House Permanent Select Committee on Intelligence went so far as to issue a report on the threat this Chinese company posed to our national security. The report went so far as to recommend that private sector companies steer clear of it. ChinaSoft and Catapult Systems aren't Huawei, but it doesn't take a great leap to be concerned about the risk to the integrity of U.S. systems in cyberspace posed by foreign-owned companies.
It is a mistake, one that Congress should look into, to have critical cyberspace infrastructure responsibilities protecting personal information and sensitive data run by companies that are not owned and based in the United States. Otherwise it's like asking Willie Sutton to not just guard the bank but to design its security measures to boot.
Peter Roff is a contributing editor at U.S. News & World Report. Formerly a senior political writer for United Press International, he's now affiliated with several public policy organizations, including Let Freedom Ring and Frontiers of Freedom. His writing has appeared in National Review, Fox News' opinion section, The Daily Caller, Politico and elsewhere. Follow him on Twitter @PeterRoff
***
Chân thành cám ơn Quý Anh Chị ghé thăm "conbenho Nguyễn Hoài Trang Blog".
Xin được lắng nghe ý kiến chia sẻ của Quý Anh Chị trực tiếp tại Diễn Đàn Paltalk: 1Latdo Tapdoan Vietgian CSVN Phanquoc Bannuoc .
Kính chúc Sức Khỏe Quý Anh Chị .
conbenho
Tiểu Muội quantu
Nguyễn Hoài Trang
03072015
___________
Cộng sản Việt Nam là TỘI ÁC
Bao che, dung dưỡng TỘI ÁC là ĐỒNG LÕA với TỘI ÁC
Thursday, July 02, 2015
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment