14 July 2015

The cyber defense crisis

By Editorial Board 
July 11
A map of China is seen through a magnifying glass on a computer screen showing binary digits. (Edgar Su/Reuters)

ANYONE WHO has ever filled out standard form 86 will attest that it is arduous. This 127-page “Questionnaire for National Security Positions” is part of the process of being cleared to handle the secrets of the U.S. government. It probes all kinds of sensitive moments in a person’s life: mental and emotional health, police records, alcohol or drug use, finances, employment history and friends overseas. For example, on page 62: “Do you have, or have you had, close and/or continuing contact with a foreign national within the last seven (7) years with whom you, or your spouse, or cohabitant are bound by affection, influence, common interests, and/or obligation?” A “yes” answer leads to more questions about the foreign contact.

This explains why the breach of personnel files at the Office of Personnel Management is truly, as FBI Director James B. Comey described it to Congress, a “huge deal.” On Thursday, the OPM announced that a forensic investigation has found that data was stolen from background investigations covering 21.5 million people, including current, former and future federal workers and contractors as far back as 2000. Among them are 19.7 million people who applied for a background investigation, and 1.8 million non-applicants such as spouses or co-habitants, as well as 1.1 million fingerprints. In June, the OPM announced that intruders had taken personnel data on 4.2 million federal workers, some of whom were also compromised in the theft of background information.

The breach, which took place last year and this year, is an intelligence windfall for China, which U.S. officials have identified as the leading suspectin the hack. This trove of sensitive information could be used for blackmail or leverage against federal employees with security clearances. Chinese espionage officers might threaten to reveal a private episode from someone’s past involving, for example, a mental breakdown, or failure to pay a credit card. Or, the Chinese might find a way to exploit the lists of foreign contacts — including, in some cases, notes from interviews about them — to pressure the U.S. officials and their friends abroad. Even more worrisome, this database could allow the Chinese to figure out, indirectly, who is serving the U.S. intelligence agencies under cover. Years of careful work to conceal intelligence officers’ identities may just have been tossed out the window.

The resignation Friday of OPM Director Katherine Archuleta was overdue, but hardly sufficient. President Obama needs to address more directly how this breach came about, who carried it out, what the government will do in response and, most important, how to take cybersecurity to a higher level. Put bluntly, adversaries are pummeling the United States. Neither the president nor Congress has treated cyberattacks as the national crisis they have become. Mr. Obama has been way too passive about China. He should sound a klaxon to Beijing, and if that does not get the regime’s attention, retaliate. The technical outages at United Airlines and the New York Stock Exchange in recent days underscore how dependent we are on data networks. Leaving them vulnerable to thieves and espionage is an act of inexcusable negligence.

No comments: