The New York Times has a story from yesterday that shows how deep Chinese hacking has gone into the Federal government infrastructure and how reluctant the administration is to admit it.
Three of my favorite reporters, Michael Schmidt, David Sanger, and Nicole Perlroth wrote the story, and all three of them have good sources for this kind of article, http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html?_r=0 They could make a series out of this one, and probably will before it is over.
Chinese hackers broke into the Personnel networks that have E-Qip, targeting people who were applying for Top Secret clearances. An honest-to-God chill went up my back when I read that part of it. Anyone with a security clearance knows what EQip is, and they know what information they had to put into it. The reaction so far, from Homeland Security and the White House, is the same as the one they had when the Obamacare website went live without any security testing: We have no reason to believe any personally identifiable information was taken from the system. How many intrusions have these official spokespersons ever handled, and who was on the other end of them? They have no reason to believe it because they wouldn't like the consequences of admitting it. It may be true they don't know if any was taken. I could believe that before believing that nothing was taken.
When DoD was handling the storage and processing of data for security clearances, I always had the idea that security was their number one concern. If they got hacked, they could put together a team and do a damage assessment pretty fast. They might not be able to stop the activity right away, because hackers put backdoors into the system after they hack it, but they do what they have to do to fix the problems. I don't get that same warm feeling, when the people at the Office of Personnel Management are handling these kind of things.
The article rightly points out that this is the system that handles our most sensitive personnel information. It shouldn't be a system accessible from the Internet. I remember why we went to a system that was automated; our defense contractors agitated for it because they had people sitting around waiting for clearances to be processed while paper floated from one office to another. They put software into their own contractor facilities to process the forms. Automation of the process hasn't speeded it up, and now we find the unintended consequences of putting all your eggs in one Internet-based basket, and handing that basket to OPM. If we don't have Congressional hearings on this by next Tuesday, Congress is not doing its job.
No comments:
Post a Comment