Nothing short of mass resignations and a major mea culpa from President Obama himself will suffice after the humiliating and debilitating hack of the federal human resources database by suspected Chinese cyberterrorists.
How is it possible that a federal agency with critical national security information has fewer safeguards than Hotmail? How is it possible that such laxity exists at the highest levels of our government over the known, growing threat of hacking?
For over a year, and possibly longer, hackers have tapped into the Office of Personnel Management’s database of millions of workers. And all because too many accounts lacked two-factor password authentication. It’s universally known within the IT community that a password alone fails to protect information, but when paired with another method of authentication — a drawn code, biometric scan, etc — the ability to fend off a cyberattack greatly increases.
The foreign intruders hacked users’ passwords and gained administrator privileges over the year, allowing them to mimic the credentials of people who run the OPM systems. Government workers now must live with the fear that their Social Security numbers and identifying information will flood the black market of identity theft. The potential damage to national security is untold.
Incredibly, systems security for the giant database was left to “Designated Security Officers” who weren’t certified IT professionals and who were performing their DSO duties in addition to their full-time jobs. That’s according to an audit by the hacked department’s inspector general released in November — ironically in the midst of the attack.
Here’s who needs to go:
• Inspector General Patrick E. McFarland has held that job since August 1990 and had nearly a quarter-century to uncover a lack of IT security within the OPM.
• Dr. Phyllis Schneck, deputy under secretary for cybersecurity & communications, has to go. The Obama administration describes her as “the chief cybersecurity official for the Department of Homeland Security” tasked with supporting the “mission of strengthening the security and resilience of the nation’s critical infrastructure.” Clearly, she has failed.
• It’s almost comical that OPM’s top tech official, Chief Information Officer Donna Seymour, still has her job.
• Why the president hasn’t demanded and received OPM Director Katherine Archuleta’s resignation, one can only guess. She has blamed antiquated security systems for the breach — which has nothing to do with a failure to ensure all agency workers use two-factor identification.
But it’s not just the administration. Budget cuts forced more than 300 OPM layoffs. Republicans who are now decrying the attack are responsible for implementing the draconian budget cuts that likely increased our vulnerability to it.
Obama overhauled cybersecurity policy and created the first chief information officer, but we’ve gone though four of them since 2009. An absurd level of turnover.
No one is clean here. Unless we start taking cybersecurity seriously — and hiring gritty IT professionals instead of Washington bureaucrats — the suspected Chinese attack is just the beginning.
View the original content and more from this author here: http://ift.tt/1BGm5Ke
from cyber security caucus http://ift.tt/1BGm3Cb
via IFTTT
No comments:
Post a Comment