Is there anyone in the United States whose personal information has not been stolen, yet? Hard to tell. The government agencies seem slow in detecting such breaches, slower in reporting about them, and very slow in resolving problems arising from such thefts.
Take today’s Internal Revenue Service’s announcement of the latest breach. The agency said it will send notifications to those affected by last month’s breach into taxpayers’ accounts. According to the agency the hackers used “personal data stolen elsewhere outside the IRS.” Maybe.
In 2010, the Obama administration, spent about $12 billion on cyber security, said the General Accounting report. And a good chunk of that was spent on employees. So it comes as no surprise that President Obama’s 2017 budget proposal of more than $19 billion for federal security programs includes the hiring of new personnel. Accordingly, the new Cybersecurity National Action Plan (CNAP), will be presided by a new federal chief information security officer and new hires.
Earlier this week, in his testimony before the Senate Select Committee on Intelligence, Director of National Intelligence, James R. Clapper spoke of Russia’s and China’s “sophisticated cyber programs [and] ongoing economic espionage [and] Iran’s and North Korea’s continuing “cyber espionage as they enhance their attack capabilities.” He pointed out: “Non-state actors also pose cyber threats. ISIL has used cyber to its great advantage, not only for recruitment and propaganda but also to hack and release sensitive information about US military personnel. As a non-state actor, ISIL displays unprecedented online proficiency. Cybercriminals remain the most pervasive cyber threat to the US financial sector. They use cyber to conduct theft, extortion and other criminal activities.”
If this wasn’t enough, Clapper noted that the use of the Internet of Things, “will connect tens of billions of new physical devices that could be exploited.”
According to special assistant to the president and cybersecurity coordinator for the National Security Council, J. Michael Daniel, the government is “investing in the capability to do detection better through continuing to expand the Einstein program and the continuous diagnostics and monitoring program… [and in] agencies’ ability to respond to events and be more resilient,” he said. To do that the government is using an existing “ management framework in the form of the cybersecurity framework of standards and best practices ” However, according to a new GAO audit, Einstein, or National Cybersecurity Protection System (NCPS), which cost $6 billion to build and operate, “fails to detect 94 percent of current security threats.”
Clearly, this administration has failed to protect the country, its economy and its people from sophisticated electronic threats from within and without. Increasing government budgets proved useless, as has the patching of old systems. Instead of hiring new employees to train on the job, the government should hire those who are cyber savvy. Contractors who provide services to the government should be held responsible for securing their services.
The past seven years had seen our cyber vulnerabilities growing. Our civilian infrastructure, including the electric grid, transportation, communication, financial institutions, hospitals and all electronic devices are increasingly susceptible, as is our military.
With no time to waste, cybersecurity should be a major topic in Presidential candidates’ debates. They should present their plans for building the adequate fences to prevent intrusion into our systems and protect us from growing cyber attacks.