We
already know that dedicated hackers can pretty much have their way with
individuals’ Internet and computer accounts. There are constant reminders from
some of the biggest commercial and non-profit organizations that their encrypted
data, usually containing some very personal information concerning ordinary
consumers, is increasingly hacked. Data, credit card information, medical
histories, sensitive personal information, etc. is then bought and sold on the
dark Web by nefarious traders, many of whom are in distant lands or living in a
virtually untraceable anonymous cyber world.
Each
year, billions and billions of dollars are stolen from cyber-linked accounts.
Gone, gone, gone! Ransomware generates additional revenues for the criminal
element. Not to mention governments – like North Korea – that generate massive
income for themselves by cracking into private accounts (bitcoin theft is quite
popular) to siphon off money. OK, so we know that the private cybernet world is
rather dramatically vulnerable. Our financial systems could fall fast. A
hardened enemy is also currently able to take down most of our power grids
(inflicting damage that would take years to fix), as several “from Russia with
love” exploratory intrusions have proven. All that is pretty terrible, but we
have to have consummate security in our government’s most secret information,
right?
We’ve
seen how federal personnel records have been purloined, compromising
information that a foreign power could easily use to figure out our weak links,
where the most vulnerable federal agents live and what their weaknesses are.
WikiLeaks has released thousands of pages of supersensitive governmental
communications to the world. Some of most secret military weapon systems have been
hacked, compromising us at every level. Russia, China and North Korea are the
most cited culprits, but the Russian cyber-espionage force (overt and
clandestine) are far and away the most advanced operators.
Apparently
to avoid having to admit that Russia materially aided his 2016 election, even
as the Trump-Putin Helsinki summit planned for July 16th approaches,
Donald Trump still takes Putin’s word that Russia did not, is not and will not
use its hacking skills and ability to spread malicious disinformation to
further polarize the American body politic and influence our elections… even as
Congress and our every national security and intelligence agency says Russia is
escalating its efforts even beyond their wild success in 2016. The net impact
is that Russia does not have to worry about Trump’s prioritizing constraining
their planned cyber-political disruptions anytime soon.
That’s
a problem. A very, very big problem. Not only does this threaten our democratic
institutions and open biased individuals to vent their often “conspiratorial”
biases within the political process, but the kinds of defenses we need – those
that would parallel containing cyber-political interference – are insufficient
within our own governmental agencies to halt data breaches and internal
manipulations as to some of this nation’s most vital military and national
security interests. You just might be surprised at how governmental agencies
are interconnected… and how easy it is to use one agency’s vulnerabilities to
access sensitive data in another governmental agency.
Barbara George, PhD, retired military office and executive
director of the Washington Cyber Roundtable with a background in national
security, cybersecurity and communications, and strategic planning, writing for
the June 29th The Cipher Brief, explains:
“Protecting the technology networks connecting more than two million employees
working in over 400 government agencies serving about 325 million Americans is
a herculean feat. In May, the Office of Management and Budget (OMB) released a
report stating 74 percent of these federal agencies are at ‘high risk or risk’
of facing a cyberattack. However, because of the interconnected missions and
nature of government networks, if one agency is vulnerable then all are in
jeopardy. The solution is not simply for one cyber czar to shepherd those on
the National Security Council (NSC) towards sound cyber policy, but rather
broadly fostering a government leadership culture that automatically considers
cybersecurity when discussing security issues and policy actions.
“While
it may initially seem beneficial to have a cyber champion in the room during
national security discussions with the president, it is better if everyone at
the table is a cyber advocate. This means department secretaries should be in
lockstep with their own cyber experts. Chief Information Officers (CIOs) and
Chief Information Security Officers (CISOs) need to have a seat at the table
with department leadership. Unfortunately, in the government most CIOs do not
report directly to the secretary or deputy secretary, which is considered
industry best practice, and it will take more than just issuing an executive
order to make this a reality. By not including CIOs and CISOs in enterprise
discussions, agencies are not exercising holistic approaches to cyber security…
“The
key stakeholders based on role are:
•
For asset response: the National Cybersecurity and Communications Integration
Center (NCICC) within the Department of Homeland Security (DHS)
•
For threat response: the National Cyber Investigative Joint Task Force (NCIJTF)
within the Federal Bureau of Investigations (FBI)
•
For intelligence support: the Office of the Director of National Intelligence
(ODNI) through the Cyber Threat Intelligence and Integration Center (CTIIC)
•
For managing incident effects on operations, customer and workforce the
government will turn to the private sector
“The
Cyber Incident Coordination plan was created in 2016, about seven years after
the creation of the White House cybersecurity coordinator role, and has since
shown tangible results. Following the PPD-41 protocols prevented the U.S.
government from being significantly impacted by the WannaCry cyberattacks in
2016, one of the largest cyberattacks that impacted at least 150 countries and
200,000 computers. These efforts were spearheaded by DHS through the NCCIC, not
the White House cybersecurity coordinator. As presented at the RSA Conference,
the NCCIC credits strategic relationships and global information exchange as
key to the successful WannaCry response.
“Rather
than focusing on correcting embedded obstacles and praising proven processes,
response to the Trump Administration’s decision to eliminate the cybersecurity
coordinator role honed in on politics. Nevertheless, agencies with the
responsibility and mission will continue to build capacity to address
cybersecurity challenges. DHS is continuing to improve its approach to
cybersecurity and released its cybersecurity strategy the same day the White
House eliminated the cybersecurity coordinator position. Interagency
cooperation is not a new concept and together the government can and will move
forward to reduce the Nation’s risk of systemic cybersecurity and
communications challenges.”
So
what does this all mean? While we are improving slightly, we are still woefully
uncoordinated and unprepared for cyber-penetration into our federal systems by a
determined and sophisticated intruder. Even as recently updated, our legacy
systems and practices remain ill-suited to the task at hand and too influenced
by political considerations that place the personal interests of the President
over the obvious efforts needed for an effective response.
I’m Peter Dekom, and none of this
really matters… until it really does on a massive scale.
No comments:
Post a Comment