Friday, September 11, 2015

Protecting America is not high on this regimes list of to do's

Obama Administration Yawns As Energy Dept. Gets Hacked 159 Times 


By JOHN MERLINE
INVESTOR'S BUSINESS DAILY
Two reports on Thursday should send alarm bells clanging to beef up the government's cybersecurity. Whether anyone in the Obama administration will hear them is another question.

USA Today obtained federal records showing that the Department of Energy was successfully hacked 159 times between 2010 and 2014 ) — potentially putting the nation's power grid at risk and nuclear stockpile at risk.

A third of these intrusions were "root compromises," the paper found, which means that the hackers gained administrative privileges, giving them wide access to the Energy Department network.

The USA Today investigation also found that 19 of the successful attacks involved the National Nuclear Security Administration, which is responsible for managing the nation's nuclear weapons stockpile.

All this comes in the wake of repeated warnings from auditors about severe vulnerabilities at the Energy Department. Last year, for example, the department's inspector general found that 41 servers and 14 workstations "were configured with default or easily guessed passwords."

Later that same day, National Intelligence Director James Clapper told the House Intelligence Committee that the massive hack of federal employee data collected by the Office of Personnel Management — which came to light in mid-June — poses a "significant counterintelligence threat."

He added that cyberattacks are likely to increase in frequency and destructiveness because attackers face few consequences.

"The muted response by most victims to cyberattacks," he said, "has created a permissive environment in which low-level attacks can be used as a coercive tool short of war, with relatively low risk of retaliation."
Muted is right. The Obama administration is still dithering over how to respond to the OPM hack. But the problem is deeper than that. The government's inept efforts at deterring attacks in the first place are encouraging hackers as well.

Like the Department of Energy, the OPM had been repeatedly warned that its network was vulnerable, but did next to nothing to fix it.

Is it going to take a cataclysmic cyberattack before the Obama administration takes these threats seriously?

No comments: