The cy­ber de­fense cri­sis

Mr. Obama must craft a more ro­bust re­sponse.

The Washington Post Sunday - - SUNDAY OPINION -

ANY­ONE WHO has ever filled out stan­dard form 86 will at­test that it is ar­du­ous. This 127-page “Ques­tion­naire for Na­tional Se­cu­rity Po­si­tions” is part of the process of be­ing cleared to han­dle the se­crets of the U.S. gov­ern­ment. It probes all kinds of sen­si­tive mo­ments in a per­son’s life: men­tal and emo­tional health, po­lice records, al­co­hol or drug use, fi­nances, em­ploy­ment history and friends over­seas. For ex­am­ple, on page 62: “Do you have, or have you had, close and/or con­tin­u­ing con­tact with a for­eign na­tional within the last seven (7) years with whom you, or your spouse, or co­hab­i­tant are bound by af­fec­tion, in­flu­ence, com­mon in­ter­ests, and/or obli­ga­tion?” A “yes” an­swer leads to more ques­tions about the for­eign con­tact.

This ex­plains why the breach of per­son­nel files at the Of­fice of Per­son­nel Man­age­ment is truly, as FBI Di­rec­tor James B. Comey de­scribed it to Congress, a “huge deal.” On Thurs­day, the OPM an­nounced that a foren­sic in­ves­ti­ga­tion has found that data was stolen from back­ground in­ves­ti­ga­tions cov­er­ing 21.5 mil­lion peo­ple, in­clud­ing cur­rent, for­mer and fu­ture fed­eral work­ers and con­trac­tors as far back as 2000. Among them are 19.7 mil­lion peo­ple who ap­plied for a back­ground in­ves­ti­ga­tion, and 1.8 mil­lion non-ap­pli­cants such as spouses or co-habi­tants, as well as 1.1 mil­lion fin­ger­prints. In June, the OPM an­nounced that in­trud­ers had taken per­son­nel data on 4.2 mil­lion fed­eral work­ers, some of whom were also com­pro­mised in the theft of back­ground in­for­ma­tion.

The breach, which took place last year and this year, is an in­tel­li­gence wind­fall for China, which U.S. of­fi­cials have iden­ti­fied as the lead­ing sus­pect in the hack. This trove of sen­si­tive in­for­ma­tion could be used for black­mail or lever­age against fed­eral em­ploy­ees with se­cu­rity clear­ances. Chi­nese es­pi­onage of­fi­cers might threaten to re­veal a pri­vate episode from some­one’s past in­volv­ing, for ex­am­ple, a men­tal break­down, or fail­ure to pay a credit card. Or, the Chi­nese might find a way to ex­ploit the lists of for­eign con­tacts— in­clud­ing, in some cases, notes from in­ter­views about them— to pres­sure the U.S. of­fi­cials and their friends abroad. Even more wor­ri­some, this data­base could al­low the Chi­nese to fig­ure out, in­di­rectly, who is serv­ing the U.S. in­tel­li­gence agen­cies un­der cover. Years of care­ful work to con­ceal in­tel­li­gence of­fi­cers’ iden­ti­ties may just have been tossed out the win­dow.

The res­ig­na­tion Fri­day of OPM Di­rec­tor Kather­ine Archuleta was over­due, but hardly suf­fi­cient. Pres­i­dent Obama needs to ad­dress more di­rectly how this breach came about, who car­ried it out, what the gov­ern­ment will do in re­sponse and, most im­por­tant, how to take cy­ber­se­cu­rity to a higher level. Put bluntly, ad­ver­saries are pum­mel­ing the United States. Nei­ther the pres­i­dent nor Congress has treated cy­ber­at­tacks as the na­tional cri­sis they have be­come. Mr. Obama has been way too pas­sive about China. He should sound a klaxon to Bei­jing, and if that does not get the regime’s at­ten­tion, re­tal­i­ate. The tech­ni­cal out­ages at United Air­lines and the New York Stock Ex­change in re­cent days un­der­score how de­pen­dent we are on data net­works. Leav­ing them vul­ner­a­ble to thieves and es­pi­onage is an act of in­ex­cus­able neg­li­gence.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.