- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Today 8:30 AM
- Amazon sends customers condoms and soap instead of Nintendo Switch Today 8:28 AM
- How to live stream Jermall Charlo vs. Dennis Hogan Today 8:00 AM
- Apple TV’s ‘Truth Be Told’ is a criminally dull drama Today 6:00 AM
- Thousands of Uber users have reported sexual assaults, company says Friday 5:40 PM
- ‘Astronomy Club’ reformats the sketch show Friday 4:58 PM
- Trump is concerned America’s toilets too weak Friday 3:53 PM
- Twitter users claim Billie Eilish is ‘over’ because she didn’t like Lady Gaga’s meat dress Friday 2:53 PM
- Nikki Haley says the Confederate flag was fine until Dylann Roof ‘hijacked’ it Friday 2:49 PM
- How emotional labor discourse spawned multiple memes Friday 2:22 PM
- Video of YouTuber Onision threatening ex-girlfriend resurfaces Friday 2:03 PM
- Marianne Williamson embraces anti-vax stance on Facebook Friday 1:58 PM
- Peloton Husband is worried memes will have ‘repercussions’ for his career Friday 1:55 PM
- ‘The Mandalorian’ stumbles as it returns to a familiar planet Friday 1:47 PM
- The best app controlled Christmas lights for the holidays Friday 1:04 PM
U.S. counterintelligence center bucks responsibility for OPM hack
The buck stops… somewhere else.
The U.S. agency responsible for guarding computer networks against security threats says that it wasn’t responsible for failing to stop the largest-ever breach of U.S. government systems.
The National Counterintelligence and Security Center’s powers and responsibilities “do not include either identifying information technology (IT) vulnerabilities to agencies or providing recommendations to them on how to secure their IT systems,” William Evanina, the head of the NCSC, wrote in a letter to Sen. Ron Wyden (D-Ore.).
Wyden wrote to Evanina in August to ascertain the NCSC’s role in securing the networks of the Office of Personnel Management. Hackers believed to be associated with the Chinese government broke into OPM’s servers and stole the personnel records of more than 22 million current and former federal workers.
“The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job.”
In a statement, Wyden slammed the NCSC for offering “a bureaucratic response to a massive counter-intelligence failure,” one that he called “unworthy of individuals who are being trusted to defend America.”
“The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job,” Wyden said. “While the National Counterintelligence and Security Center shouldn’t need to advise agencies on how to improve their IT security, it must identify vulnerabilities so that the relevant agencies can take the necessary steps to secure their data.”
Wyden also asked Evanina whether the breach would lead the NCSC to reconsider the length of time for which OPM retains personnel records, including sensitive background-check forms. The NCSC head said that OPM’s decades-long records retention “has value for personnel security purposes” because it lets the government “assess the ‘whole person’ over a long period of time” when determining whether to grant a security clearance.
Wyden has used the OPM hack to illustrate the need to address federal network security before passing cybersecurity legislation, known as CISA, that would let private companies send the government vast troves of cyber threat data, which could include Americans’ private information.
“The way to improve cybersecurity is to ensure that network owners take responsibility for plugging security holes,” he said, “not encourage the sharing of personal information with agencies that can’t protect it adequately.”
Wyden is a senior Democrat on the powerful Senate Intelligence Committee, which oversees the work of the NCSC and more than a dozen federal intelligence agencies. A Wyden spokesman said that there were no immediate plans to pursue hearings on NCSC’s role in securing government networks.
Evanina’s response to Wyden can be found below.
Photo via Perspecsys Photos/Flickr (CC BY SA 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.