The latest round of embarrassing federal data breaches struck the very agencies charged with protecting us, evidence one leading member of Congress believes is proof that throwing money at a problem doesn’t solve much unless there’s accountability to go with it.
Days later the story took on additional embarrassment when authorities arrested the perpetrator, a 16-year-old boy in Great Britain. The teen said he gained access to the information through weak security in the Department of Justice email system.
House Oversight and Government Reform Subcommittee on Government Operations Chairman Mark Meadows, R-N.C., says this case offers another sobering national security reminder.
“It shows two things. One is that no agency is immune from the attacks. But, more specifically, in spite of spending some $80 billion a year in IT provisions, that that money is not necessarily directed towards not only the most up-to-date encryption but cyber defenses,” said Meadows.
As the details of the attacks on the FBI and Homeland Security emerged, President Obama spelled out his prescription for shoring up U.S. cyber security efforts.
“I’m announcing our new Cybersecurity National Action Plan, backed by my proposal to increase federal cybersecurity funding by more than a third, to over $19 billion. This plan will address both short-term and long-term threats, with the goal of providing every American a basic level of online security,” wrote Obama in the Wall Street Journal.
“First, I’m proposing a $3 billion fund to kick-start an overhaul of federal computer systems. It is no secret that too often government IT is like an Atari game in an Xbox world. The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way,” he added.
Meadows agrees that U.S. infrastructure is badly in need up an upgrade and that will cost money, but he says just spending more money isn’t going to solve the problem.
“Some $80 billion is spent annually on IT. That doesn’t include some of those offline budget items that some would suggest is another 20 billion. A hundred billion spent and yet what we’re seeing is the resources that could be deployed have not been,” said Meadows.
“We found that tools were available for use yet weren’t turned on,” said Meadows, who will be holding hearings on the subject soon. “It’s time that we not only get serious about it but we have to be more prudent in where we put our resources.”
Meadows believes the president is serious about beefing up our cyber defenses but two major problems are impeding any progress. The first is simply the realities of Washington.
“Obviously, bureaucracy and politics get in the way of almost everything in Washington, D.C. So to suggest that did not have a role would be disingenuous,” said Meadows.
But he says there are some more deliberate sticks in the mud too.
“Where we have a real breakdown is with some of our CIO’s, our chief information officers,” said Meadows, noting he was particularly unimpressed with testimony following the massive breach at the Office of Personnel Management in 2015.
He says across the government the performance levels are very poor.
“We give them a grade and most agencies got an ‘F’ initially. So we’re not only going to be tracking this on a quarterly basis but holding hearings every sixth months to make sure that we make progress,” said Meadows.
The congressman says achieving results all comes down to a simple concept.
“It’s really more accountability from an oversight standpoint, but also making sure those doing a good job are rewarded and those who don’t actually are held accountable,” said Meadows.
And improving competence and performance, says Meadows, starts with appreciating the scope of the threat.
“My trouble with so much of this is that the attacks continue to come on a daily and hourly and minute-by-minute basis. Yet, what we’re doing is assuming we’re immune to those attacks from our foreign enemies,” said Meadows.
If the federal government, at all levels, truly committed to addressing the cyber threat, Meadows believes it wouldn’t take long to put us on much more solid footing.
“There’s enough, not only financial resources, but commitment there that we could see drastic improvement in a very short window, six to nine months,” said Meadows.
Meadows says the FBI and Homeland Security breaches only intensify an existing commitment from congressional Republicans to protect the American people and their information.
“Chairman (Jason) Chaffetz and myself are committed, both at the subcommittee level and the full committee, to continue to keep the pressure on until we get this problem resolved so that all Americans and our federal records can rest assured that we’re being vigilant about it,” said Meadows.