First, this has nothing to do with whether you like Trump or Obama and whether one of them is a better or worse President. This isn’t about partisan politics; it’s about Cybersecurity preparedness and the lack of any serious programs addressing global threat in our nation’s capital.
Back in August, eight members of the twenty-eight member National Infrastructure Advisory Council (NIAC), which advises Homeland Security on matters of cybersecurity, resigned en-masse and the media reacted with predictable hysteria. Many publications cited their resignation letter as further proof that the Trump administration is lost in the wilderness.
The resignation letter claimed that President Trump doesn’t give enough attention to the country’s cyber vulnerabilities and said, “You have given insufficient attention to the growing threats to the cybersecurity of the critical systems upon which all Americans depend, including those impacting the systems supporting our democratic election process.”
Included in the letter was the astonishing claim that Trump’s failure “to denounce intolerance and violence of hate groups” was one of the reasons they were resigning and that they also didn’t appreciate his move to withdraw from the Paris Agreement.
These are the same bureaucrats who were appointed and served under the last two administrations and have done absolutely nothing during the past sixteen years to either improve our nation’s Cybersecurity or to apply and leverage the technologies that would be appropriate to improve our cyber-defenses of the “critical systems” about which they complained.
Unless you have been living under a rock, you will recall, the horrific cyber-attack on the Office of Personnel Management (OPM) that was discovered on April 15, 2015 and resulted in the theft of detailed security-clearance-related background information on millions of federal employees, and 5.6 million sets of fingerprints of those serving in classified counter-espionage roles around the world, occurred under this group’s very watch.
The technology that was used to protect those records was a weak perimeter defense system known as Einstein that was developed nine years before the breach, the equivalent of an entire millennium in cyber-years.
Over the past two administrations, the OPM had been warned multiple times of security vulnerabilities and failings. A March 2015 OPM Office of the Inspector General semi-annual report to Congress warned of “persistent deficiencies in OPM’s information system security program,” including “incomplete security authorization packages, weaknesses in testing of information security controls, and inaccurate Plans of Action and Milestones.”
The Director of the OPM had no background in information systems or human resources management but instead had served as the national political director of Barack Obama’s 2012 re-election campaign and as the head of something called the Latina Initiative. Instead of being punished appropriately, she and others were allowed to quietly resign and go on with their lives while millions of compromised federal agents had to completely re-boot their identities and were rendered useless to their missions.
There were many breaches on both public and private entities during the time when the magnificent eight served on the NIAC, but the OPM breach was the most illustrative of the breadth of Cybersecurity incompetency that is rampant throughout the federal government. The past decade has demonstrated a dismal failure across all agencies in the defense of our national information assets and trade secrets.
On the subject of the mass exodus, one editorial opinion warned with gravely furrowed brow that “The Trump administration chose to dissolve both the Manufacturing Council and the Strategic and Policy Forum after many of their members left, and if the same thing happens to the NIAC, no one can say for sure what the ramifications will be for the U.S.’s Cybersecurity.”
I can say for sure. It will be the best thing that ever happened to U.S. Cybersecurity.
And in another publication, a writer who apparently just discovered the world of Cybersecurity threat informed us that “Cybersecurity isn’t just email hacking or personal identity theft. Corporations and governments alike are vulnerable to information theft, infiltration, and any number of other cyber-crimes. Not only could these crimes cost corporations a lot of money, without the proper defenses and protocols, entire governments could be subject to immense disruption.”
He must not have heard about the OPM breach and was in what, Bora-Bora, during the Equifax disaster? That must have been one great vacation.
In response, the Trump administration rightfully claimed that the NIAC panel is just fine despite the loss of the incompetents and is continuing its business as usual, which of course is political nonsense.
I was hoping instead that they would all resign so that maybe someone in Washington could get started on the business of securing our nation’s information assets and put an end to the continuous draining of secrets, identities and intelligence into the hands of enemy hackers.
I still believe Trump will dump some liquid plumber into this thing, but I’m running out of patience. How about you?
This is a Security Bloggers Network syndicated blog post authored by Steve King. Read the original post at: News and Views – Netswitch Technology Management