A new government report shows the computer networks of 24 federal agencies still do not have adequate security systems in place and are vulnerable to cyber attacks, and former CIA Director R. James Woolsey says it’s completely unacceptable
“It needs to improve a great deal and it needs to improve fast,” said Woolsey, who served as the nation’s top intelligence official from 1993-1995. He is now chairman of the Foundation for the Defense of Democracies.
At issue is a Government Accountability Office, or GAO, study showing the government is still playing catch-up when it comes to cyber security.
“The GAO found ‘persistent weaknesses’ at 24 federal agencies, including deficiencies in how organizations prevented inappropriate access to computer networks, identified intrusions and planned for a network disruption,” reported the Hill, which also quoted the report’s diagnosis of the problem.
“These deficiencies place critical information and information systems used to support the operations, assets, and personnel of federal agencies at risk, and can impair agencies’ efforts to fully implement effective information security programs,” according to the GAO.
Woolsey said the feds continue to drag their feet on an issue proven by recent hackings to be a national priority.
“It is frustrating to find these things, report after report after report. Such-and-such-a-group is behind, such-and-such-a-group has not gotten started,” Woolsey said. “As MacBeth said, ‘Tomorrow, tomorrow, tomorrow.'”
In June, the Office of Personnel Management reported a major hack of personnel files, most likely by the Chinese. In the ensuing weeks, the government admitted nearly 20 million personnel files were compromised, along with more than five million fingerprints.
So is the sluggish response by the federal government simply the result of the time needed to implement major changes?
Woolsey says there is still not enough urgency.
“I think there’s still a kick in the pants needed,” he said. “I think people have not really zeroed in on how serious it is.”
Listen to the WND/Radio America interview with R. James Woolsey:
And if the government networks have suspect security, Woolsey said it stands to reason the private server emails of officials such as Hillary Clinton make an especially inviting target that America’s adversaries almost certainly pursued.
“Whoever discovered that and began to exploit it would be the toast of the town within Moscow or Beijing or wherever they found out about it,” said Woolsey.
The urgency also takes on greater importance when considering Chinese ambitions in their sphere of influence and Russian aggression that now includes bombing the non-ISIS opponents of Syrian President Bashar al-Assad.
“We’re in a situation now that is stunning, with Russia ordering us to stay out of their way in the Middle East,” he said. “Try to imagine what the response of Teddy Roosevelt or Harry Truman or Andrew Jackson would have been if the Russians has said, ‘Stay out of X.'”
The former CIA boss says it is imperative that President Obama personally and publicly demand better from the U.S. government right away.
“This is something people are only going to pay attention to if the president makes it a high priority,” he said. “The problem is now, because he’s been running a weak foreign policy, he’s got to have a lot of priorities. He’s got to put his finger in a lot of different dikes.
“One that he’s got to block the leakage on is this, and he needs to make it a personal matter that he brings home to all the agency heads in homeland security and defense and elsewhere.”
While Woolsey sees no good excuses for government inaction, he says there are obstacles to progress, both political and technical.
“Some of it is concern about civil liberties that, I think, is manageable. Some of it is the nature of the Web. Some of it is government bureaucracy not responding well and quickly to serious dangers because it interferes with the normal path of business,” said Woolsey, who added that officials in the public and private sectors are sometimes reluctant to spend additional money on cyber security because they consider other issues more pressing.
Aside from the bureaucratic nightmares, Woolsey said it’s hard to keep developing tools to fend off the ever-changing cyber threats.
“You’re starting from a position in which you’re walking uphill in trying to make transitions and so forth on the Web secure. But it’s not impossible,” he said. “There’s a lot we can do that we’ve been slow on, but it’s a frustrating undertaking for a lot of people, and it’s easier to play offense than defense.”