National Security & Defense

Hackers Hit the Federal Government Hard


The latest big computer hack, apparently launched from China, strikes straight to the heart of the federal government. Both the network and data of the Office of Personnel Management (OPM) have been badly compromised. More than 4 million sets of detailed Personally Identifiable Information (PII), all belonging to present or former federal employees, have been taken. It’s identity theft on a massive scale. Current and ex-federal employees may have trouble sleeping for quite some time. An even bigger worry, however, are the national-security problems the hackers may create.

OPM’s first announcements said that only basic information was lost. But even “basic” information is pretty significant stuff, including names, positions, pay scales, Social Security numbers, and more. That alone should be considered a failure of security. And it could get much worse. Though the first report said security-clearance information was not compromised, we don’t yet know if that is true.

While the initial announcements claimed it was the work of Chinese hackers, they couldn’t say whether it was a state-sponsored intelligence operation or “merely” a criminal enterprise. Cyber-intrusion attribution (determining “who did it”) is very difficult in the best of circumstances. And when the activity comes from China, it’s almost impossible to know for sure whether the hacking is being done by the government, a group of criminals, criminals working for the government, or the government helping friendly criminals. Many specialists in Chinese studies will tell you that it hardly makes any realistic difference, as those lines are regularly blurred.

China and Russia are America’s two biggest and most dangerous cyber adversaries. Of the two, Russia is a bit more sophisticated, particularly with regard to cyber-attacks and spying. Beijing is not that far behind Moscow, however, and the Chinese dedicate a great many more people and other assets to their cyber activities. Both excel at the offensive side of things, which is easier and requires less code to do.

As far as offensive capability goes, America is a match for either Russia or Beijing. And America’s defenses are good, but not perfect. Defending a complex network is a 24/7–365 effort. Attacks and spying have to “slip through” only occasionally to be successful. Russia and China are clever and capable, and both have very strong cyber-criminal allies. This is a dynamic battle that the U.S. has to keep fighting over a long, long term.

As for the latest attack, Americans should be very concerned that we still don’t know the full truth. Is what has been announced really the extent of it, or are other federal agencies affected? The Department of Homeland Security’s Computer Emergency Response Team (U.S. CERT) had been called in to check OPM’s system. To their credit, they found the intrusion. Now they need to check everywhere else. This could be a much wider problem than we now believe.

Additionally, many of the affected employees have high-level security clearances. Can their identities be spoofed? Can some be influenced through this data theft into “helping” Beijing? Both these dangers must be watched and mitigated. Frankly, doing that will take more than issuing a new credit card, replacing money lost in an account, or offering a credit-monitoring service.

Yes, our government spokesmen have all assured us that no security-clearance information was taken. But the records that have been compromised are very detailed, with information going back to the subjects’ childhoods. Are Uncle Sam’s “assurances” accurate, or just wishful thinking?

In the past, when private-sector firms such as Target, Sony, and Anthem Insurance have suffered data breaches, some politicians have called for harsh punishment of the “negligent” firms. They seem to think that if you fine private companies often and severely enough, they’ll secure themselves. One hopes that those lawmakers now understand that they have a log in their own governmental eye. OPM is a premier federal agency with access to help from the Department of Homeland Security. If OPM can’t defend itself, is beating up on commercial companies really the right thing to do?

Clearly, putting the federal government in charge of cybersecurity through regulatory rule-making and enforcement is not the answer. There are no silver bullets (yet), either technical or procedural. The best that can be done is to build the best relationships we can between the government and the private sector, share threat information, share best practices, and lower the risk as much as we can.

In the face of a very dynamic threat, fueled by very skilled adversaries, the key question is not “How could this happen?” Far better to ask: “How can we minimize the occasions of it, and the damage it does to our citizens and infrastructure?” This will not be the last major data breach — for the feds or in the private sector. What matters is that every time this happens, we learn from the experience, we share what we’ve learned, and we work together to get better at defending ourselves from the cyber-bad-guys.

Most Popular

PC Culture

Defiant Dave Chappelle

When Dave Chappelle’s Netflix special Sticks & Stones came out in August, the overwhelming response from critics was that it was offensive, unacceptable garbage. Inkoo Kang of Slate declared that Chappelle’s “jokes make you wince.” Garrett Martin, in the online magazine Paste, maintained that the ... Read More
Film & TV

Joker: An Honest Treatment of Madness

When I saw that the New York Times and The New Yorker had run columns berating the new Joker movie, criticizing it not simply on cinematic grounds but instead insisting that the film amounted to a clandestine defense of “whiteness” in an attempt to buttress the electoral aim of “Republicans” — this is a ... Read More

The Democrats’ Disastrous CNN LGBT Town Hall

A few days after Donald Trump committed the worst foreign-policy blunder of his presidency by betraying America’s Kurdish allies in northern Syria, former vice president Joe Biden, the elder statesman and co-frontrunner in the Democratic presidential primary, was on a national stage talking to CNN’s primetime ... Read More

The Origins of the Transgender Movement

Editor’s Note: This article has been adapted from remarks delivered at a Heritage Foundation summit. I’ve been asked to talk about the origins of transgenderism and how it relates to children and their exploitation. But first, I would like to start with a little story. Yesterday I was wandering around ... Read More
White House

What Is Impeachment For?

W hat is impeachment for? Seems like a simple question. Constitutionally speaking, it also appears to have a simple answer: to cite and remove from power a president guilty of wrongdoing. Aye, there’s the rub. What sort of wrongdoing warrants removal from power? I’d wager that the flames of ... Read More

CNN’s Anti-Religious Town Hall

LGBT activists gathered last week for CNN’s “Equality” town hall with the Democratic presidential candidates. The advocates present were, in the words of Human Rights Campaign President Alphonso David, the “tip of the spear in our fight for full equality.” The “spear” metaphor grew more apt as ... Read More