So, the penetration of the Office of Personnel Management computer systems is even more pervasive than previously reported.
CNN reported yesterday: “The personal data of an estimated 18 million current, former and prospective federal employees were affected by a cyber breach at the Office of Personnel Management – more than four times the 4.2 million the agency has publicly acknowledged. The number is expected to grow, according to U.S. officials briefed on the investigation.”
The hack is not only gigantic and appalling but also inexplicable. CNN also reported:
OPM’s internal auditors told a House Oversight and Government Affairs Committee last week that key databases housing sensitive national security data, including applications for background checks, had not met federal security standards.
“Not only was a large volume (11 out of 47 systems) of OPM’s IT systems operating without a valid Authorization, but several of these systems are among the most critical and sensitive applications owned by the agency,” Michael Esser, OPM’s assistant inspector general for audits, wrote in testimony prepared for committee.
Yet, faced with this terrible failure, which exposes the most intimate data of countless Americans (including pretty much all of our national security officials, past and present) to Chinese espionage, what has been the Obama administration response?
Yesterday an official identified only as “senior State Department official” was asked about the issue at a press conference — and specifically what the US is doing to redress this Chinese intrusion. Here is what he or she said:
So we have had discussions ongoing with the Chinese in multilateral fora, in bilateral fora about all of the various aspects about cyber security, the activity of IT companies in China, in the United States, et cetera. It’s a very wide-ranging, obviously, topic. It’s a fast-changing area, and it’s an ongoing topic of discussion. We’re the two biggest users of the internet. We both have huge global sort of interests in seeing the internet be secured. I understand that iPhone – more iPhones were sold in China last year than in the United States. So it’s a huge area of interest for both of our countries, and we have ongoing conversations about all aspects.
That’s weak even by State Department standards. The notion that the U.S. and China have shared interests on the Internet is farcical, since China has emerged as the No. 1 hacker of American computer systems for both commercial and national security advantage. Saying that Washington and Beijing have a shared interest in Internet security is like saying that a cop and a robber have a shared interest in law enforcement.
Little wonder that members of Congress, Democrats as well as Republicans, are frustrated with the administration attempts to minimize the size and severity of this breach. At a hearing last week in the House, Rep. Stephen Lynch (D., Mass.), told OPM chief Katherine Archuleta: “I wish that you were as strenuous and hardworking at keeping information out of the hands of hacker as are at keeping information out of the hands of Congress.”
What’s truly dismaying here is that this is hardly the first breach of cyber-security experienced by this administration. Recall that the massive breaches committed by Bradley (now Chelsea) Manning and Edward Snowden occurred since President Obama took office. That’s not to suggest that the president is personally to blame for this negligence, but he is certainly as much to blame for these failures as President George W. Bush was for failures to respond to Hurricane Katrina and to a growing insurgency in Iraq. Yet, so far, the Obama administration has largely managed to avoid the kind of censure and wrath that the Bush administration earned for its handling of Katrina and the Iraq War.
Granted, these cyber breaches have not resulted in massive casualties and catastrophes that can be seen in video footage and photos. But these are catastrophes nevertheless that have done great (if hidden) damage to American security, and it’s high time that the public took this more seriously and demanded that high-level officials be held to account. At least FEMA director Michael Brown was fired over Katrina and Secretary of Defense Donald Rumsfeld was ultimately ousted over Iraq. Who, if anyone, is going to be held accountable for the massive cyber-breaches the government has been suffering of late?