- 2020 Democrats refuse to answer our questions about ‘Cats’ Friday 4:14 PM
- Belle Delphine’s Instagram account removed after mass reporting campaign Friday 4:08 PM
- Mariah Carey refuses old-age FaceApp challenge Friday 3:19 PM
- Journalists horrified by consolidation of Gatehouse, Gannett Friday 3:12 PM
- Facebook and Google could be tracking you on porn sites Friday 1:42 PM
- 7 best sites for psychic love readings Friday 1:20 PM
- Driver demonstrates why you always need to read road signs Friday 12:58 PM
- Area 51 remix video proves it’s the summer of Lil Nas X Friday 12:26 PM
- ‘ICE will come’: Convenience store clerk threatens customers speaking Spanish Friday 12:11 PM
- Rand Paul dodges questions about 9/11 Victims Fund, says ‘watch Fox News’ Friday 11:51 AM
- Report: ‘Stranger Things’ season 4 to begin shooting in October Friday 11:03 AM
- AT&T paid Michael Cohen to consult on net neutrality, FBI documents show Friday 9:10 AM
- Mysterio’s ruse changes on a second viewing of ‘Far From Home’ Friday 9:06 AM
- Twitter overturns Barrett Brown’s third permanent suspension Friday 8:49 AM
- How to live stream Liga MX Friday 7:56 AM
U.S. counterintelligence center bucks responsibility for OPM hack
The buck stops… somewhere else.
The U.S. agency responsible for guarding computer networks against security threats says that it wasn’t responsible for failing to stop the largest-ever breach of U.S. government systems.
The National Counterintelligence and Security Center’s powers and responsibilities “do not include either identifying information technology (IT) vulnerabilities to agencies or providing recommendations to them on how to secure their IT systems,” William Evanina, the head of the NCSC, wrote in a letter to Sen. Ron Wyden (D-Ore.).
Wyden wrote to Evanina in August to ascertain the NCSC’s role in securing the networks of the Office of Personnel Management. Hackers believed to be associated with the Chinese government broke into OPM’s servers and stole the personnel records of more than 22 million current and former federal workers.
“The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job.”
In a statement, Wyden slammed the NCSC for offering “a bureaucratic response to a massive counter-intelligence failure,” one that he called “unworthy of individuals who are being trusted to defend America.”
“The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job,” Wyden said. “While the National Counterintelligence and Security Center shouldn’t need to advise agencies on how to improve their IT security, it must identify vulnerabilities so that the relevant agencies can take the necessary steps to secure their data.”
Wyden also asked Evanina whether the breach would lead the NCSC to reconsider the length of time for which OPM retains personnel records, including sensitive background-check forms. The NCSC head said that OPM’s decades-long records retention “has value for personnel security purposes” because it lets the government “assess the ‘whole person’ over a long period of time” when determining whether to grant a security clearance.
Wyden has used the OPM hack to illustrate the need to address federal network security before passing cybersecurity legislation, known as CISA, that would let private companies send the government vast troves of cyber threat data, which could include Americans’ private information.
“The way to improve cybersecurity is to ensure that network owners take responsibility for plugging security holes,” he said, “not encourage the sharing of personal information with agencies that can’t protect it adequately.”
Wyden is a senior Democrat on the powerful Senate Intelligence Committee, which oversees the work of the NCSC and more than a dozen federal intelligence agencies. A Wyden spokesman said that there were no immediate plans to pursue hearings on NCSC’s role in securing government networks.
Evanina’s response to Wyden can be found below.
Photo via Perspecsys Photos/Flickr (CC BY SA 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.