Widgetized Section

Go to Admin » Appearance » Widgets » and move Gabfire Widget: Social into that MastheadOverlay zone

US fails to protect its data from hackers and thieves

WASHINGTON: The federal government has for years failed to take basic steps to protect its data from hackers and thieves, putting at risk everything from nuclear secrets to the private tax information of hundreds of millions of Americans, records show. In the latest example, the Office of Personnel Management is under criticism for allowing its databases to be plundered by suspected Chinese cyberspies in what is being called one of the worst breaches in US history. OPM repeatedly neglected to implement basic cybersecurity protections, its internal watchdog told Congress.

But the departments of Treasury, Transportation, State and Health and Human Services have significantly worse records, according to the most recent administration report to Congress under the Federal Information Security Management Act. Each of those agencies has been hacked in the last few years. “Last year, across government, we the American people spent almost $80 billion on information technology, and it stinks,” said Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee. “It doesn’t work.” While President Barack Obama’s latest budget plan called for a $14 billion increase for cyberdefenses, the House of Representatives proposed a budget in March that didn’t include specific funding for cybersecurity. The security lapses have persisted even as cyberattacks on government networks have increased. The federal government dealt with 67,196 cyber incidents in the last fiscal year, up from 57,971 incidents the year before, according to the White House report card, which was published in February. Missing from that document is an accounting of how many hacks were successful and what was stolen.

It’s not a new problem. The Government Accountability Office has labeled federal information security a “high-risk area” since 1997. But agency managers haven’t been punished for failing to secure their networks, and little sustained attention has been paid to the many intrusions. “No one is ever held accountable,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. The OPM debacle may change that. It has dealt the United States a major national security blow, experts say, by exposing the personal information, and foreign contacts, of millions of people with security clearances.

After the OPM attack, the federal chief information officer, Tony Scott, ordered agencies to speed implementation of new security measures and fix vulnerabilities. While anti-virus software alone won’t stop hackers from a foreign intelligence agency, the government often has also failed to take the harder steps that could deter those intruders, such as requiring a combination of smart cards and passwords for network access, and encrypting sensitive data. One of the agencies that rank lowest on the annual cyber report card holds some of the most sensitive data - the Department of Health and Human Services, which keeps records on health care billing, anti-poverty benefits and child abuse. Another potential cyber disaster area is the State Department, which had to shut down its email system this year in an attempt to clean out spyware linked to Russia. —AP

Pin It
This article was published on 24/06/2015