The latest round of embarrassing federal data breaches struck the very agencies charged with protecting Americans, evidence one leading member of Congress believes is proof that throwing money at a problem doesn’t solve much unless there’s accountability to go with it.
Last week, the personal data of some 20,000 FBI employees and more than 9,000 Department of Homeland Security workers was released.
Days later, the story took on additional embarrassment when authorities arrested the perpetrator, a 16-year-old boy in Great Britain. The teen said he gained access to the information through weak security in the Department of Justice email system.
House Oversight and Government Reform Subcommittee on Government Operations Chairman Mark Meadows, R-N.C., said this case offers another sobering national security reminder.
“It shows two things. One is that no agency is immune from the attacks. But, more specifically, in spite of spending some $80 billion a year in IT provisions, that that money is not necessarily directed toward not only the most up-to-date encryption but cyber defenses,” Meadows said in an interview with WND and Radio America.
As the details of the attacks on the FBI and Homeland Security emerged, President Obama spelled out his prescription for shoring up U.S. cyber-security efforts.
“I’m announcing our new Cybersecurity National Action Plan, backed by my proposal to increase federal cybersecurity funding by more than a third, to over $19 billion. This plan will address both short-term and long-term threats, with the goal of providing every American a basic level of online security,” Obama wrote in the Wall Street Journal.
“First, I’m proposing a $3 billion fund to kick-start an overhaul of federal computer systems,” Obama added. “It is no secret that too often government IT is like an Atari game in an Xbox world. The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way.”
Meadows agrees that U.S. infrastructure is badly in need up an upgrade and that will cost money, but he said just spending more money isn’t going to solve the problem.
“Some $80 billion is spent annually on IT,” he said. “That doesn’t include some of those offline budget items that some would suggest is another $20 billion. A hundred billion spent, and yet what we’re seeing is the resources that could be deployed have not been.
“We found that tools were available for use yet weren’t turned on,” said Meadows, who will be holding hearings on the subject soon. “It’s time that we not only get serious about it, but we have to be more prudent in where we put our resources.”
Listen to the WND/Radio America interview with Rep. Mark Meadows, R-N.C.:
Meadows believes the president is serious about beefing up U.S. cyber defenses but two major problems are impeding any progress. The first is simply the realities of Washington.
“Obviously, bureaucracy and politics get in the way of almost everything in Washington, D.C. So to suggest that did not have a role would be disingenuous,” Meadows said.
But he said there are some more deliberate sticks in the mud, too.
“Where we have a real breakdown is with some of our CIOs, our chief information officers,” said Meadows, noting he was particularly unimpressed with testimony following the massive breach at the Office of Personnel Management in 2015.
He said the performance levels are very poor across the government.
“We give them a grade, and most agencies got an ‘F’ initially,” Meadows said. “So we’re not only going to be tracking this on a quarterly basis but holding hearings every six months to make sure that we make progress.”
The congressman said achieving results all comes down to a simple concept.
“It’s really more accountability from an oversight standpoint, but also making sure those doing a good job are rewarded and those who don’t actually are held accountable,” Meadows said.
And improving competence and performance, he said, starts with appreciating the scope of the threat.
“My trouble with so much of this is that the attacks continue to come on a daily and hourly and minute-by-minute basis,” Meadows explained. “Yet, what we’re doing is assuming we’re immune to those attacks from our foreign enemies.”
If the federal government, at all levels, truly committed to addressing the cyber threat, Meadows believes it wouldn’t take long to put us on much more solid footing.
“There’s enough, not only financial resources, but commitment there that we could see drastic improvement in a very short window, six to nine months,” he said.
Meadows said the FBI and Homeland Security breaches only intensify an existing commitment from congressional Republicans to protect the American people and their information.
“Chairman (Jason) Chaffetz and myself are committed, both at the subcommittee level and the full committee, to continue to keep the pressure on until we get this problem resolved so that all Americans and our federal records can rest assured that we’re being vigilant about it,” Meadows said.