A new government report shows the computer networks of 24 federal agencies still do not have adequate security systems in place and are vulnerable to cyber attacks, and former CIA Director R. James Woolsey says it’s completely unacceptable
“It needs to improve a great deal and it needs to improve fast,” said Woolsey, who served as the nation’s top intelligence official from 1993-1995. He is now chairman of the Foundation for the Defense of Democracies.
At issue is a Government Accountability Office, or GAO, study showing the government is still playing catch-up when it comes to cyber security.
“The GAO found ‘persistent weaknesses’ at 24 federal agencies, including deficiencies in how organizations prevented inappropriate access to computer networks, identified intrusions and planned for a network disruption,” reported The Hill newspaper, which also quoted the report’s diagnosis of the problem.
“These deficiencies place critical information and information systems used to support the operations, assets, and personnel of federal agencies at risk, and can impair agencies’ efforts to fully implement effective information security programs,” according to the GAO.
Woolsey says the feds continue to drag their feet on an issue proven by recent hackings to be a national priority.
“It is frustrating to find these things, report after report after report. Such and such a group is behind, such and such a group has not gotten started,” said Woolsey. “As MacBeth said, ‘Tomorrow, tomorrow, tomorrow.'”
In June, the Office of Personnel Management reported a major hack of personnel files, most likely by the Chinese. Over the ensuing weeks, the government admitted nearly 20 million personnel files were compromised along with more than five million fingerprints.
So is the sluggish response by the federal government simply the result of the time needed to implement major changes? Woolsey thinks there is still not enough urgency.
“I think there’s still a kick in the pants needed. I think people have not really zeroed in on how serious it is,” he said.
And if the government networks have suspect security, Woolsey says it stands to reason the private server emails of officials such as Hillary Clinton make an especially inviting target that our adversaries almost certainly pursued.
“Whoever discovered that and began to exploit it would be the toast of the town within Moscow or Beijing or wherever they found out about it,” said Woolsey.
The urgency also takes on greater importance when considering Chinese ambitions in their sphere of influence and Russian aggression that now includes bombing the non-ISIS opponents of Syrian President Bashar al-Assad.
“We’re in a situation now that is stunning, with Russia ordering us to stay out of their way in the Middle East. Try to imagine what the response of Teddy Roosevelt or Harry Truman or Andrew Jackson would have been if the Russians has said, ‘Stay out of X,'” said Woolsey.
The former CIA boss says it is imperative that President Obama personally and publicly demand better from our government right away..
“This is something people are only going to pay attention to if the president makes it a high priority. The problem is now, because he’s been running a weak foreign policy, he’s got to have a lot of priorities. He’s got to put his finger in a lot of different dikes,” said Woolsey.
“One that he’s got to plug the leakage on is this and he needs to make it a personal matter that he brings home to all the agency heads in homeland security and defense and elsewhere,” said Woolsey.
While Woolsey sees no good excuses for government inaction, there are obstacles to progress, both political and technical.
“Some of it is concern about civil liberties that I think is manageable. Some of it is the nature of the web. Some of it is government bureaucracy not responding well and quickly to serious dangers because it interferes with the normal path of business,” said Woolsey, who adds that officials in the public and private sectors are sometimes reluctant to spend additional money on cyber security because they consider other issues more pressing.
Aside from the bureaucratic nightmares, Woolsey says it’s hard to keep developing tools to fend off the ever-changing cyber threats.
“You’re starting from a position in which you’re walking uphill in trying to make transitions and so forth on the web secure. But it’s not impossible. There’s a lot we can do that we’ve been slow on, but it’s a frustrating undertaking for a lot of people and it’s easier to play offense than defense,” said Woolsey.