By Jim Geraghty
Monday, December 14, 2020
Back in 2015, I quoted an unnamed defense contractor’s
assessment of the hack of the U.S. Office of Personnel Management: “The
OPM hack was just the start and it won’t be the last.” That hack was widely
described as the “cyber Pearl Harbor” and yet . . . most Americans didn’t
notice. A bunch of Russian ads on Facebook stirred more Americans to anger than
hackers — believed to be affiliated with the Chinese government — stealing
personnel data and Social Security numbers for every federal employee.
This
morning, we awaken to the sequel:
The Trump administration
acknowledged on Sunday that hackers acting on behalf of a foreign government —
almost certainly a Russian intelligence agency, according to federal and
private experts — broke into a range of key government networks, including in
the Treasury and Commerce Departments, and had free access to their email systems.
Officials said a hunt was on to
determine if other parts of the government had been affected by what looked to
be one of the most sophisticated, and perhaps among the largest, attacks on
federal systems in the past five years. Several said national security-related
agencies were also targeted, though it was not clear whether the systems
contained highly classified material.
The Washington Post had
more details:
Russian government hackers breached
the Treasury and Commerce departments, along with other U.S. government
agencies, as part of a global espionage campaign that stretches back months,
according to people familiar with the matter.
The Russian hackers, known by the
nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service,
the SVR, and they breached email systems in some cases, said the people
familiar with the intrusions, who spoke on the condition of anonymity because
of the sensitivity of the matter. The same Russian group hacked the State
Department and the White House email servers during the Obama administration .
. .
SolarWinds products are used by
more than 300,000 organizations across the world. They include all five
branches of the U.S. military, the Pentagon, State Department, Justice
Department, NASA, the Executive Office of the President and the National
Security Agency, the world’s top electronic spy agency, according to the firm’s
website.
Its clients also include the top 10 U.S.
telecommunications companies.
Protecting government systems is part of the job of the
Department of Homeland Security’s Cybersecurity and Infrastructure Security
Agency — which in fact responded Sunday night by telling all federal civilian
agencies to “review
their networks for indicators of compromise and disconnect or power down
SolarWinds Orion products immediately.”
You probably heard that President Trump fired CISA
director Christopher Krebs on November 17, after Krebs publicly declared that
the election systems were secure and that there was no evidence that
Venezuelans or anyone else had gotten into the software and changed votes from
Trump to Biden.
There’s been a lot of turnover at CISA since the
election. Deputy director Matthew Travis resigned after Krebs’s firing.
According to the Wall Street Journal, “Assistant Director
Bryan Ware was recently forced out by WH, too — though not due to the election.”
CISA’s acting director is Brandon Wales.
Beyond CISA, almost the entire top-level of the Department
of Homeland Security is operating in an acting capacity right now, and has done
so for many months. DHS has an acting secretary, an acting deputy secretary, an
acting chief of staff, an acting general counsel, an acting undersecretary of
management, an acting undersecretary for science and technology, an acting
undersecretary for intelligence and analysis, an acting director of U.S.
Citizenship and Immigration Services, an acting commissioner of U.S. Customs
and Border Protection, and an acting director of U.S. Immigration and Customs
Enforcement. As of September, at
least 15 officials in the executive branch had served in “acting” capacity
longer than the time allotted under the Federal Vacancies Reform Act — 210 days.
The president doesn’t care about who is in these jobs, and it shows.
Apparently, no one around him can get him to care, either.
Russian hackers would have targeted U.S. secure computer
systems whether the president had formally nominated those acting officials or
not, and whether the Senate had confirmed those DHS officials or not. And this
hack appears to have started months ago, on the watch of some of those recently
dismissed officials.
But in the Trump administration, we have a more extreme
version of the problem of cybersecurity in most administrations: No one whose
duties don’t specifically involve cybersecurity cares about the topic until
something goes wrong. But the way you prevent something going wrong is to care
about it before something goes wrong. The president’s preeminent focus
is what is being said about him on cable-news networks and in the New York
Times. Everyone under him knows that this is what matters to him.
Everything else . . . is way down on the priority list and easily ignored.
On Saturday, the day the National Security Council met to
discuss the hack, President Trump insisted
he won reelection in a landslide, complained
about Attorney General William Barr not telling the public the truth, and
asked his Twitter followers which Republican governor was worse: Doug Ducey or
Brian Kemp, contending the two governors “fought
against me and the Republican Party harder than any Democrat.”
There’s an old Arab proverb: “The dog barks, but the
caravan moves on.”
No comments:
Post a Comment