CybersecurityU.S. government networks vulnerable despite billons spent on protecting them
Experts say that cybersecurity has leaped over terrorism as the top threat to U.S. security, and with the awareness of the threat comes funding better to secure government systems. There are currently 90,000 information technology security professionals working for the government, 33 percent of them are contractors. The federal government is projected to hire more cyber professionals and spend $65 billion on cybersecurity contracts between 2015 and 2020, but today, federal cybersecurity officials are still struggling to keep sensitive data from hackers and cyber criminals. Some have warned of a “Cyber Pearl Harbor” — but Pearl Harbor was a surprise. No one in business or government today can continue to plead surprise when it comes to the possibility of cyberattack.
Experts say that cybersecurity has leaped over terrorism as the top threat to U.S. security, and with the awareness of the threat comes funding better to secure government systems. There are currently 90,000 information technology security professionals working for the government, 33 percent of them are contractors. The federal government is projected to hire more cyber professionals and spend $65 billion on cybersecurity contracts between 2015 and 2020, but today, federal cybersecurity officials are still struggling to keep sensitive data from hackers and cyber criminals, according to an APanalysis of records. The AP has filed dozens of Freedom of Information Act requests, interviewed hackers and cybersecurity experts, and obtained records describing vulnerabilities within government networks to learn that after forty years and more than $100 billion spent since the first federal data protection law was enacted, the U.S. government still lacks the manpower and proper measures to secure its network systems. “It’s a much bigger challenge than anyone could have imagined twenty years ago,” said Phyllis Schneck, deputy undersecretary for cybersecurity at DHS.
Systems at more than a dozen agencies, including the Pentagon and the National Weather Service, have been infiltrated via phishing e-mails, malware, and physical theft of data storage devices. Last year, the U.S. Computer Emergency Readiness Team (US-CERT) responded to 228,700 cyberincidents involving federal agencies and critical infrastructure firms; that figure is more than twice the number of incidents that occurred in 2009, and according to theMercury, federal employees are responsible for at least 50 percent of federal cyber breaches. One federal employee was redirected to a hostile site after clicking on a link that led to a video of tennis star Serena Williams. In September 2011, a parked car belonging to a Pentagon contractor was broken into by a thief who stole unencrypted computer backup tapes containing about five million Social Security numbers along with medical information of Pentagon employees. The federal contractor was tasked with securing those records.
According to an annual White House cybersecurity review, in 2013, 21 percent of all federal breaches originated from government workers who violated policies; 16 percent of breaches were linked to employees who lost devices or had them stolen; 12 percent to workers who improperly handled sensitive information printed from computers; 8 percent to workers who ran or installed malicious software; and 6 percent to employees who were enticed to share classified information.
Outsider and accidental threats are not the only risk federal computer systems face. Only a few intentional insider hacks like the one committed by former National Security Agency contractor Edward Snowden, have been reported or discovered. Since 2006, more than eighty-seven million sensitive or private federal records have been exposed by hackers or leakers, according to the Privacy Rights Clearinghouse, which tracks cyberincidents at all levels of government. TheWashington Post reported last month on a breach targeted at unclassified White House computers by hackers believed to be working for the Russian government. The Obama administration has not provided details of the attack, but many analysts consider it to be one of the many daily attacks that occur within the federal government. “Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” a White House official said. “We are still assessing the activity of concern.
Only a small percent of cyber criminals are caught. In 2013, the Justice department filed 146 cases under the government’s computer hacking statue. Former DHS chief Tom Ridge has called on Congress quickly to pass legislation that would better allow the private and public sector to share intelligence on cyber breaches, which will help catch cyber criminals in their early stages of planning an attack. “The constant drumbeat of headlines makes it clear that perhaps the greatest vulnerability this nation faces lies in cyberspace,” Ridge said.
Some have warned of a “Cyber Pearl Harbor” — but Pearl Harbor was a surprise. No one in business or government today can continue to plead surprise when it comes to the possibility of cyberattack. It is imperative that our political and private sector leaders work together to secure critical infrastructure and other networked systems from cyberpredators.”
