America Has a Major Technological Weakness (and It's Not Missiles)

August 30, 2017 Topic: Security Blog Brand: The Buzz Tags: CybersecurityNukesMilitaryTechnologyTrump

America Has a Major Technological Weakness (and It's Not Missiles)

Old computers are an Achilles Heel.

 

Dial-Up, that sound doesn’t exactly engender innovation and the latest technology. In fact, quite the opposite.

The current status of the federal government’s cyber defenses are too often stuck in a time that harkens back to that horrible screeching sound. The government still operates computers from the 1970’s. Some systems use COBOL and Fortran programming languages that seem from another time. Floppy disks are actually still in use in your nation’s Capitol.

 

Uncle Sam desperately needs a comprehensive technology upgrade, and the outsider, disruptive, do-big-things-at-low-cost approach of the Trump Administration is tailor-made to finally make significant progress in the critical area of cybersecurity.

The United States government features quite a dichotomy when it comes to cybersecurity. On the one hand, with the intelligence agencies like the National Security Agency, it boasts the most effective cyber minds on the planet – government or private sector. Yet on the other, valuable databases like the one at the Office of Personnel Management, sat unencrypted on government servers just waiting for someone to snatch them.

Of course, the U.S. government should have learned from the 2014 OPM hack. One of the largest data breaches in history. For over one year, Chinese hackers stole personal records, including social security numbers, from over 22 million people. Three years later, and there is still no good system in place to prevent another attack on government employee’s private information.

China now has the most sensitive information of millions of federal employees, many of whom are doing important work in sensitive areas. The Chinese are sitting on the type of database that would have the most annoying email phishing campaign authors drooling. No Nigerian prince needed here.

In 2015, House Intelligence Committee Chairman Devin Nunes stated that the Department of Energy alone had been hacked 159 times. Last year alone, there were 19 major data breaches carried out by hackers against U.S. companies and government agencies, including state voting records, the Department of Homeland Security, the FBI, the Democrat National Committee and the Treasury Department.

Cyberattacks are also now a weapon utilized by state and non-state actors. Countries use them against other countries to threaten their national security, gain inside information, and influence their citizens. Georgia, Estonia, and Ukraine have been the subject of several Russian government-sponsored attacks. Following each of those attacks, the Russians have learned and adapted their military doctrine to incorporate the lessons learned for potential future conflict.

With all of this in mind, in 2008, Congress wisely ordered the creation of the National Cybersecurity Protection System (NCPS) and tasked it with protecting the “.gov” domain from cyberattacks. NCPS capabilities, operationally known as the EINSTEIN program, has existed as a discontinuous set of contracts with a variety of contractors charged with different tasks assigned to different internal operators. This has ultimately yielded jurisdictional challenges, lack of cooperation between competing entities, with no one entity responsible for the total effectiveness of the system. Sound about right?

This patchwork system has led to glaring holes in the federal government’s security, exposing a vast number of government sites to cyber risks. While initially intended only for federal agencies at the cabinet level, the availability of .gov has since expanded to lower agencies, as well as all governments in the U.S. including individual states and local government sites - multiplying the amount of sensitive and classified information at danger of being hacked.

Understanding that with no one entity responsible for securing the safety of the .gov domain, each of these roughly 5,300 sites are in danger of cyberattack, Congress directed the Department of Homeland Security to lead the effort to centralize .gov’s cybersecurity. This led DHS to launch the Development, Operations, Maintenance (DOMino) security program in 2014, to overhaul the EINSTEIN program.

 

The common-sense goal of DOMino is to provide the much-needed cybersecurity cover to at least 100 civilian agencies to defend networks, websites, and email addresses on the .gov domain while keeping up with the critical maintenance of the system and development of new protection tools in a holistic, centralized manner. The DOMino program could be an important solution to help bolster our nation’s cyber defenses, but it’s stuck in the throughs of bureaucratic red tape and has been for the past two years.

Rogue nation states, terrorists and organized criminals are operating their cyberattacks in high-speed broadband. Unfortunately, many of the U.S. government’s defenses are stuck in dial-up, and it’s time for that to change. The new administration has the ability to fast track essential programs and know where is that more important than for cybersecurity needs.

Andy Keiser is a former Deputy National Security Senior Advisor to the Trump for America transition team, and a former Senior Advisor to the House Intelligence Committee. Mr. Keiser is currently a Principal at Navigators Global and a Senior Advisor to the Center for the Study of the Presidency and Congress. Follow him on Twitter @andykeiser.

This article originally appeared on Real Clear Defense.

Image: Reuters