July 8, 2017

Military and government historians will define our current time as the largest failure of American cybersecurity. It’s not just about the Russian hacking of the DNC or DCCC. It’s not even limited to states’ voting systems. Every single government agency uses some sort of computer program. From the Social Security Administration to your local DMV, from military records to municipal permit offices, system after system is vulnerable.

And though it’s true that given enough time and ill will, someone, somewhere will be able to hack any system, it’s an entirely different concept to just do nothing about it. That’s exactly what our government agencies from federal to state to local are doing...nothing.

Andrew Hickey of A10 Networks uses the data breach of 2015 that snatched records from the Office of Personnel Management (OPM) to demonstrate this lack of interest. Thanks to my former job with the feds, my name, address, social security number, fingerprints, etc. are out there being used for God knows what. Over 21.5 million records were stolen in that breach, and as Hickey points out, the government has done little to address the situation.

Now I’m no computer wonk, but even I know that if the lock has been picked, change the damn lock. As it turns out, the hackers used an “SSL encryption” to hide their crimes. Hickey states that around 70% of web traffic is encrypted, yet “the majority of agencies do not have the proper solutions or processes in place to break and inspect the SSL/TSL traffic.”

This means our government agencies are not even bothering to look for hacks.

Add to this that many government agencies are still using Kaspersky software, a Russian company that is currently being investigated by intelligence services for being involved in hacking, and you have to wonder if anyone in the government knows anything about “the cyber.”

Congress only has subcommittees on cybersecurity

The House has a subcommittee that falls under the Homeland Security Committee as does the Senate’s version. Senators Cory Gardner, Chuck Schumer, John McCain and Lindsey Graham have all argued for a committee and not a subcommittee on cybersecurity for the senate, but Senator Mitch McConnell, majority leader, refuses to allow it for fear it would expose the Trump administration's ties to Russian hacking. To date, both the house and senate subcommittees appear to just be holding hearings to discuss the lack of security. Little progress has been made concerning what should be done to address the issue.

Forget about Trump and Russia for a minute. How have our lawmakers not addressed this issue that’s been around for decades now? Are our 70 and 80-year-old lawmakers unable to understand the threat? Is it just a lapse in defense? Have they all been paid to ignore the threat? Seriously, I don’t understand how we can be so behind in this area of security.

It’s not like anyone in the Trump administration will take on this topic. Although… apparently Trump stated at the recent G20 meeting in Germany that he’d like to work with Russia on cybersecurity. A fox in the hen house came to mind when I heard this.

Democrats have an opportunity here to take on this problem and run with it. Whether or not Republicans get behind it shouldn’t determine whether or not to do it. Just do it! This is a cause to rally around. Whomever can organize a plan to solve or consistently address these issues and assist state and local governments as well will go down in history for it much like Kennedy was known for the space program, Reagan for the supposed end of the Cold War and Obama for the ACA.

Forget the Republicans and just do it!

Can you help us out?

For 17 years we have been exposing Washington lies and untangling media deceit, but now Facebook is drowning us in an ocean of right wing lies. Please give a one-time or recurring donation, or buy a year's subscription for an ad-free experience. Thank you.

Discussion

New Commenting System

Our comments are now powered by Insticator. In order to comment you will need to create an Insticator account. The process is quick and simple. When registering you will also be presented with the option to tie all your old Disqus comments to your new Insticator account. Please note that the ability to comment with a C&L site account is no longer available.

We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service (revised 3/17/2016) for information on our posting policy.