- How to stream Eagles vs. Ravens in NFL preseason action 4 Years Ago
- How to create your very own Instagram hoax 4 Years Ago
- ‘Spider-Man’ fans want to ‘storm’ Sony’s office in New York to protest him leaving the MCU 4 Years Ago
- White House proposing ‘Minority Report’-style office to use data to predict crime 4 Years Ago
- Streamer OnlyUseMeBlade accused of sexually assaulting a sleeping woman 4 Years Ago
- How to stream Raiders vs. Packers in NFL preseason action Today 10:07 AM
- Say hello to ‘antira,’ the far-right’s answer to antifa Today 9:28 AM
- Bernie Sanders proposes sweeping plan to combat climate change Today 9:11 AM
- Is ‘Save Spider-Man from Sony’ fueled by pro-Disney bots? Today 8:41 AM
- ‘Jawline’ takes a stunning look at influencers and the social media gold rush Today 7:00 AM
- Here’s what’s coming and going on Netflix in September 2019 Today 6:58 AM
- The biggest conspiracy theories around Area 51 Today 6:30 AM
- How to listen to YouTube music in the background on your phone Today 6:00 AM
- Lyft received a whopping 7 sexual assault lawsuits in a day Wednesday 10:00 PM
- High school reopens investigation into Nazi salute video after other racist videos emerge Wednesday 7:14 PM
U.S. counterintelligence center bucks responsibility for OPM hack
The buck stops… somewhere else.
The U.S. agency responsible for guarding computer networks against security threats says that it wasn’t responsible for failing to stop the largest-ever breach of U.S. government systems.
The National Counterintelligence and Security Center’s powers and responsibilities “do not include either identifying information technology (IT) vulnerabilities to agencies or providing recommendations to them on how to secure their IT systems,” William Evanina, the head of the NCSC, wrote in a letter to Sen. Ron Wyden (D-Ore.).
Wyden wrote to Evanina in August to ascertain the NCSC’s role in securing the networks of the Office of Personnel Management. Hackers believed to be associated with the Chinese government broke into OPM’s servers and stole the personnel records of more than 22 million current and former federal workers.
“The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job.”
In a statement, Wyden slammed the NCSC for offering “a bureaucratic response to a massive counter-intelligence failure,” one that he called “unworthy of individuals who are being trusted to defend America.”
“The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job,” Wyden said. “While the National Counterintelligence and Security Center shouldn’t need to advise agencies on how to improve their IT security, it must identify vulnerabilities so that the relevant agencies can take the necessary steps to secure their data.”
Wyden also asked Evanina whether the breach would lead the NCSC to reconsider the length of time for which OPM retains personnel records, including sensitive background-check forms. The NCSC head said that OPM’s decades-long records retention “has value for personnel security purposes” because it lets the government “assess the ‘whole person’ over a long period of time” when determining whether to grant a security clearance.
Wyden has used the OPM hack to illustrate the need to address federal network security before passing cybersecurity legislation, known as CISA, that would let private companies send the government vast troves of cyber threat data, which could include Americans’ private information.
“The way to improve cybersecurity is to ensure that network owners take responsibility for plugging security holes,” he said, “not encourage the sharing of personal information with agencies that can’t protect it adequately.”
Wyden is a senior Democrat on the powerful Senate Intelligence Committee, which oversees the work of the NCSC and more than a dozen federal intelligence agencies. A Wyden spokesman said that there were no immediate plans to pursue hearings on NCSC’s role in securing government networks.
Evanina’s response to Wyden can be found below.
Photo via Perspecsys Photos/Flickr (CC BY SA 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.