Millions of American government employees, former employees, contractors and more have had their most personal and private information breached by hackers, because the government failed to take the necessary steps to protect those records. According to Politico, “Administration officials have said privately that signs point to the first hack having originated in China, and security experts have said it appeared to be part of a Chinese effort to build dossiers on federal employees who might be approached later for espionage purposes.”
It is an outrageous and unacceptable breach of trust. The federal government, through the Office of Personnel Management (OPM), interviews everyone who requires any sort of security clearance, and asks the most detailed and personal questions about past associations, indiscretions and behavior, to make sure nothing in their past could subject them to blackmail or subversion. The interviews extend to friends and associates of those being vetted, and those people are also in the databases that have been breached. But now it has come to light that OPM failed to hold up the Obama administration’s end of the bargain by not doing everything they could to protect those records.
According to David Cox, the national president of the American Federation of Government Employees, in a letter to the OPM director, “We believe that hackers have every affected person’s Social Security number(s), military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; age, gender, race, union status, and more. Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.”
The Obama administration initially downplayed the cyber hack of the OPM, which centrally manages records for current and former federal employees. It did so even though it had missed the hack for at least four months, if not more, until a company, CyTech Services, which was conducting a sales demonstration, found malware in OPM’s system that could have been there for a year or more. The unfolding series of disasters has affected at least four million Americans—and perhaps as many as 14 million—including all current federal employees, retired federal employees, and a million former federal employees.
Reports of a second hack by China has added to the outrage, and compounded the problems. “Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged,” reported the Associated Press.
“The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.”
How many millions of Americans serving their country does this place at risk?
Under a Republican president, this newest administration scandal would have been front-page, round-the-clock news, with the most sinister of motives ascribed to them, probably for many days running. But as of Friday morning, The Washington Post had relegated coverage of this story to page A14, and several other news outlets began covering the story by simply reposting an AP article to their own websites. Television news has been dominated by stories of two escaped convicts, a local head of the NAACP who falsely represented herself as African American, and the reset, or re-launch, of Hillary Clinton’s presidential campaign.
Where are the talking heads, the pundits in the media, calling for President Obama—not agencies, not government bureaucrats, but President Obama—to show more care in protecting American citizens against cyberattacks? Such attacks violate our privacy and leave each of us open to hacking, blackmail, and targeting by China, which has been connected in most reports to the breaches. And it serves as a reminder how likely it is that Hillary Clinton’s private email server that she used during her tenure as Secretary of State was hacked by the Chinese, and possibly the Russians, North Koreans and Iranians. One can only imagine what they have on her.
“What’s more, in initial media stories about the breach, the Department of Homeland Security had touted the government’s EINSTEIN detection program, suggesting it was responsible for uncovering the hack,” reports Wired.com. “Nope, also wrong.”
“The OPM had no IT security staff until 2013, and it showed,” reports Wired.
Ken Dilanian’s AP article, despite its wide distribution, fails to mention the number of warnings that OPM, and the government as a whole, has received about its lack of adequate security. “U.S. Was Warned of System Open to Cyberattacks,” reported The New York Times on June 5, describing OPM’s 2014 security as “a Chinese hacker’s dream.”
The 2014 Inspector General’s report was based on an analysis conducted between April and September of last year. While the administration has said that the attack occurred in December of last year, The Wall Street Journal’s Damian Paletta and Siobhan Hughes wrote of the first reported attack: “Investigators believe the hackers had been in the network for a year or more” when it was discovered in April.
That IG report stated that OPM’s status was “upgraded to a significant deficiency” due to a planned reorganization, and that it had “material weakness in the internal control structure” of its IT program.
“The agency did not possess an inventory of all the computer servers and devices with access to its networks, and did not require anyone gaining access to information from the outside to use the kind of basic authentication techniques that most Americans use for online banking,” reported the Times. “It did not regularly scan for vulnerabilities in the system, and found that 11 of the 47 computer systems that were supposed to be certified as safe for use last year were not ‘operating with a valid authorization.’”
Neither the AP nor the Times noted that this situation reaches as far back as at least fiscal year 2007, with the 2013 IG report indicating that there was a “lack of IT security policies and procedures.” This worsened in fiscal year 2009, with some corrections in 2012, but as of fiscal year 2013 instituted reforms had “only been partially implemented.”
Clearly, this failure has been growing on President Obama’s watch.
The Times noted that “upgrades were underway” when the first reported attack happened, and cited an unnamed former Obama administration official as saying, “The mystery is what took the Chinese so long.”
When asked about the IG reports, White House press secretary Josh Earnest insisted on setting the cited reports aside, because “there is risk associated” with using any computer network. The U.S. government has been raising that risk by not securing its own networks.
One might question whether American citizens are any safer today, and if the Obama administration has made the necessary reforms following these attacks. Earnest, the White House press secretary, used vague language to describe security upgrades after the first cyber intrusion was reported. He cited “ongoing efforts” to “update our defenses and update our ability to detect intrusions” and blamed Congressional inaction.
“And the fact is, we need the United States Congress to come out of the Dark Ages and actually join us here in the 21st century to make sure that we have the kinds of defenses that are necessary to protect a modern computer system,” he said. “And we have not seen that kind of action in Congress.”
While cooperation with the private sector may help upgrade government information technology systems, it is the responsibility of the administration and the media to hold President Obama accountable for this debacle, which has been brewing over the course of his entire term in office. There should be a complete investigation, whether by Congress or an independent counsel,
into the failure of the Obama administration to protect the privacy and personal information of millions of Americans. What did they know, when did they know it, and who or what is to blame? What can be done to ensure this doesn’t happen again? People should be held accountable.
“If OPM is behind on cybersecurity, which it is, it has plenty of company,” reported the Post on June 7. Almost all, 23 of 24, major agencies cited these security issues as a “major management challenge for their agency,” it reported. The GAO indicated last year that the number of breaches involving personally identifiable information has more than doubled between 2009 and 2013, according to the Post.
With the mainstream media intent on championing all the benefits of Obamacare amidst an upcoming Supreme Court decision over subsidies, coverage of the security deficits within the health care exchanges has virtually disappeared. “Independent agencies such as the Government Accountability Office and the HHS inspector general have warned of continued security problems,” wroteRep. Diane Black (R-TN) for The Wall Street Journal last November. “This is concerning for Americans, as HealthCare.gov houses vast amounts of sensitive personal enrollment information—from full, legal names, to Social Security numbers, dates of birth and even income information.” She notes that Healthcare.gov has been “described by experts as a ‘hacker’s dream.’”
Just like OPM. How soon will we hear that the millions on the Obamacare exchanges have also had their personal information compromised by foreign hackers, and will the mainstream media also then blame that future disaster on a bureaucrat, and not Obama?
Our nation also remains vulnerable to an electromagnetic pulse attack, which could involve exploding a nuclear weapon at high altitude in the atmosphere. With Iran seeking nuclear capability, this becomes even more of a threat.
A report by the Department of Homeland Security indicates “that a massive electromagnetic pulse event caused by a solar flare could leave more than 130 million Americans without power for years,” reported WorldNetDaily last December.
“President Obama could sign an executive order mandating [that] DHS add EMP to its emergency planning, but he has not done so, even though he reportedly is aware of the consequences.”
When are the mainstream media going to hold President Obama accountable for the many scandals, and bungling incompetence, plaguing his administration? Our veterans are at risk because of scandals and incompetence at the VA, and our flying public because of scandals and political correctness at the FAA and TSA. Obama’s security policies are jeopardizing the safety and welfare of millions of Americans. If the Chinese government is really behind these attacks, which is still being investigated, do we plan to retaliate in any way? Or is there no price to pay? The mainstream media, once again, appear to be more interested in preserving their access to the halls of power, and in avoiding at all costs attributing any of the blame for this catastrophe to the Obama administration’s ineptitude and incompetence.
Roger Aronoff is the Editor of Accuracy in Media, and a member of the Citizens’ Commission on Benghazi. He can be contacted at roger.aronoff@aim.org.