Federal govt. turns cybersecurity over to the military in wake of massive OPM hack

(Cyberwar.news) The federal government is turning over the role of cybersecurity to the U.S. military in what many observers see as a snub to the government’s civilian sector following the massive hack of Office of Personnel Management systems discovered last year, TechEye reported Monday.

The site noted that some U.S. officials believe that the OPM hack was engineered by China, in which more than 21 million records of current and former U.S. government employees were compromised. Data breached include fingerprints and forms used to provide security clearances.

Officials have said that the breach of OPM systems was one of the worst hacks of a government database in U.S. history, but whether or not the military – which stood up U.S. Cyber Command based at Fort Meade, Md., home of the NSA, in June 2009 – will do much better is subject to debate in some analytic sectors.

Nevertheless, the Pentagon will take the lead in overhauling the federal government’s ailing security clearance process with the formation of a new office called the National Background Investigations Bureau, which will be charged with “running background checks on all federal employees, contractors and others,” TechEye noted.

The NBIB’s systems will be designed, built and operated by the Defense Department, and they will store and process government applicants’ personal information, according to Director of National Intelligence James Clapper, the web site reported.

The Obama administration opted to have the Pentagon take the lead in cybersecurity because of its expertise in protecting secrets and overall national security – a decision that may also have been influenced by the alleged mishandling of classified materials by former Secretary of State Hillary Clinton, who used a unsecured private server to send and receive sensitive information, internal watchdogs have reported.



TechEye noted further:

The computer networks that hackers breached last year had been left vulnerable for years without basic cybersecurity protections, its internal watchdog told Congress. 

In the new system, the Pentagon will encrypt data where appropriate and consider which information should be kept separate from the rest of the network.

Experts told Cyberwar.news the decision to hand over cybersecurity to the Defense Department was a good move.

“We believe that moving the cybersecurity initiative to the military is a good option for all government agencies,” said Carl Wright, general manager of TrapX Security, a cyber defense firm.

“Attackers include both organized crime and nation states. There is often too much inertia across the multitude of federal agencies to hire the necessary experts, make  architectural decisions, implement through rapid procurement and then deploy state-of-the-art cyber defense,” Wright, a former chief technology officer for the U.S. Marine Corps, added.

“Going forward, a critical factor will be to have top level teams in place in all of these agencies – and human capital is key. The centralized move to the military is a good option and one that will pay benefits for all of us,” he said.

Wright noted that the Pentagon and the Intelligence Community have been working on a solution to this issue for a number of years, and as such both understand the nature of threats and what is required to defeat them.

“What’s more,” he said of the Pentagon, “they are tied closely to our intelligence agencies, where leading edge technology already is already implemented.”

Natalie Lehr, the Yale-educated vice president of Analytics at TSC Advantage, an enterprise risk and cybersecurity firm that works with government and the private sector, agreed.

“Handing over cybersecurity to the military will bring with it costs and benefits,” she told Cyberwar.news

“On the positive side, the U.S. military is renowned for its ability to efficiently shift existing resources to combat new threats. That being said, cyber is a threat with special skills required to deter, disrupt and defeat it,” she continued. “There are only small pockets of relevant expertise, even in the military, relative to the scale of vulnerabilities in the digital landscape.

“In addition, the involvement of the U.S. military will create intangible costs to multinational corporations, as information sharing and defense of their assets and systems is unresolved from a policy perspective,” Lehr noted.

See also:



Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.

REUSE POLICY: You are free to reuse-republish articles that appear on this site in a digital format, because we believe the more people they reach, the larger the impact. All we ask is that you please include a direct link back to our site. Thank you in advance.




comments powered by Disqus