What is more appalling than the fact that someone
(probably the Chinese) has hacked into US government, military and intelligence
files is that fact that the US government’s system security is so bad that someone COULD hack into them. It is hard to make current internet-connected
systems completely hack-proof, because the commercial software used has many
flaws. But it can be done, and certainly
for military and intelligence systems it should have been better.
Cases like Edward Snowden’s are different. Systems
are always susceptible to insiders accessing them. But there is no excuse for remote users in
another part of the world, without inside access, to be able to hack into these
systems. I assume it is just another
case of government ineffectualness. They
probably don’t pay enough to get the best IT people, they probably don’t fund
the security efforts adequately, and no doubt the whole thing is fraught with
the usual bureaucratic turf battles and infighting.
UPDATE
A little more research found this information:
UPDATE
A little more research found this information:
The OPM (Office of Personnel Management, one of the groups that was hacked) had no IT security staff until 2013, and it showed. The agency was harshly criticized for its lax security in an inspector general’s report released last November that cited its lack of encryption and the agency’s failure to track its equipment. Investigators found that the OPM failed to maintain an inventory list of all of its servers and databases and didn’t even know all the systems that were connected to its networks. The agency also failed to use multi-factor authentication for workers accessing the systems remotely from home or on the road........
At the time, OPM said the breach was discovered as the agency “has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.” But four people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or moreUnbelievable!! But will anyone get fired for this???? Probably not.