U.S. government incompetence seems to grow by the month, and now we know it’s becoming a threat to national, and even individual American, security. The ObamaAdministration announced last week that Chinese hackers made off this year with personnel files that may have included those of all 2.1 million federal employees, plus former employees going back to the 1980s.
This is no routine hack. The Office of Personnel Management (OPM) lost background-check data to the Chinese nine months before this breach and still hadn’t locked the cyber front door. OPM’s inspector general issued a damning report last November that parts of its network should be shut down because they were riddled with weaknesses that “could potentially have national security implications.” You can’t ring the alarm much louder than that, but the failure to take basic precautions continued.
Opinion Journal Video
In other words this isn’t a James Bond movie. It’s a Dilbert cartoon. Despite years of warnings, and after the Bradley Manning andEdward Snowden debacles, the federal bureaucracy can’t protect its most basic data from hackers. Private companies like Target are pilloried, not least by politicians, for their data leaks. But the feds have $4 trillion to spend each year plus access to the most advanced encryption systems. Will anyone in government take responsibility for this fiasco?
Speaking of Snowden, bipartisan Washington has been congratulating itself this month for supposedly protecting American privacy from the potential abuse of National Security Agency collection of metadata—that is, phone logs but not the content of calls. In the case of OPM we have an actual data breach of Social Security numbers and other records by malevolent foreign actors. Which do you worry more about?
The episode is one more confirmation that China is waging an unrelenting if unacknowledged cyber war against the United States. The main targets have been universities and private companies with the goal of stealing intellectual property, but attacks on the government are increasingly brazen.
Beijing can use the stolen OPM files to target employees with security clearances, current or past. It can attack their personal financial accounts, perhaps with blackmail in mind. It can trick them into helping hackers infiltrate other networks.
Michael McCaul, Chairman of the House Homeland Security Committee, said on CBS’s “Face the Nation” Sunday that “it was done to get to personal information on political appointees in the federal government and federal employees to exploit them so that later down the road they can use those for espionage.” Do Senators Rand Paul and Ron Wyden have some suggestions for countering this privacy threat?
The need for better defenses is obvious, but the Obama Administration has responded mainly with diplomacy and some indictments against Chinese hackers whom China’s government won’t even stop, much less arrest and extradite to the U.S. for trial.
Maybe President Obama still hopes to reach a “gentleman’s agreement” with Chinese Supreme Leader Xi Jinping on hacking. He tried at the Sunnylands summit two years ago, but Mr. Xi refused even to admit the existence of his government’s hacking.
White House spokesman Josh Earnest isn’t much more forthcoming. He tried to change the subject last week by urging Congress to pass legislation that would allow information-sharing between companies and the government. But that has nothing to do with the OPM breach.
The main obstacle to the bill in the past two years has been Mr. Obama’s insistence that it include new and costly government mandates on private companies. Congress seems poised to overrule the White House this year and pass the info-sharing bill without the mandates—if Mr. Obama and Democrats in the Senate will get out of the way.
By the way, what message does it send the rest of the federal bureaucracy when the rank-and-file read that Hillary Clinton was allowed to set up a personal email server for her official communications as Secretary of State in violation of her own department’s rules?
***
The reality is that defenses alone won’t work against determined adversaries like the Chinese, Russians and Iranians. The best cyberdefense is a good offense. U.S. intelligence services and the Pentagon will have to demonstrate the ability to punish Chinese institutions that continue to steal American secrets. That won’t end the threat, but it might give the governments that are underwriting these hackers some pause.
The U.S. is already in a cyber war. The problem is that the Obama Administration doesn’t want to admit it.