Listening to Obama this week, one might wonder if he realizes that he is the president of the United States. Addressing reporters at the G-7 Summit in Germany, Obama spoke of ISIS and healthcare as though musing on the job performance of another administration. When it came to the Chinese cyberattack on the Office of Personnel Management, he took the same aloof approach that has come to characterize his presidency.
“We haven’t publicly unveiled who we think may have engaged in these cyberattacks,” Obama said. “But I can tell you that we have known for a long time that there are significant vulnerabilities and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector.”
Right. And, just to follow-up, Mr. President…uh…what are you actually doing about it?
Perhaps Obama is stuck in limbo when it comes to cybersecurity, much the way he has yet to think up a strategy for defeating ISIS. Just one more thing he’s going to kick down the road for another president to worry about. It’s been known for a long time that Democrats aren’t thrilled about the concept of personal responsibility, but it’s still shocking to see this level of apathy from the White House.
Republicans are coming out in force. Presidential contender Mike Huckabee advised the U.S. to “hack the cellphones of some prominent Communist party leaders, hack the bank accounts of intelligence officials, publicly humiliate Chinese families for political corruption, or wipe out a few critical Chinese computer systems.”
South Carolina Senator Lindsey Graham was harsh as well, taking to Facebook to warn that we could be facing a “cyber Pearl Harbor” if we don’t take steps to shore up our security methods.
The attack on OPM is thought to be the largest cybersecurity breach in history, leading to one of this nation’s largest leaks of government personnel data. Security analysts have said that two Chinese hacker groups were likely behind the attack, including one called “Deep Panda.” This group is also believed to have been the primary actors in the attack on Anthem. While China denies having any part in the attack, U.S. officials believe that an attack of this scope would be impossible without state sponsorship.
A Lagging Response
President Bush saw the writing on the wall more than a decade ago. Advised that using simple username/password systems for authentication was going to leave gaps in security, he signed a directive ordering all federal agencies to switch to personal identification cards. These cards are intended to give the agencies a secure second way to authenticate employees on the network. Eleven years later, only about 40 percent of non-Pentagon federal employees have been issued these cards.
In the meantime, spending has increased on cybersecurity. But much of the budget goes to the Defense Department, where it is an obvious priority to keep access under lock and key. That still leaves much of the federal government exposed to sophisticated attacks, and it puts data of varying classification levels at risk.
This needs to be a priority for both parties and the president. We can’t afford to wait for Graham’s “cyber Pearl Harbor” before we take the threat seriously.