Wednesday, March 15, 2017
IT Vulnerability : The Huge Problem Washington Ignores
Information Technology is filling the background space of almost every story in media headlines these days. What is going on? • • •
FORGET TRUMP'S TAX RETURN. It is really the biggest non-news of the young Trump administration. He paid $38 million in taxes in 2005. That dwarfs the taxes paid by his Progressive Democrat detractors and makes their charges that Trump is hiding his taxes because he didn't pay any look as ridiculous as it has always been for anyone with a brain. It is reminescent of the infamous Harry Reid accusation that Mitt Romney didn't pay any taxes. Romney released his tax returns and proved Reid was lying. Reid's answer : "Of course it was a lie, but it worked." That is the short-form verification that Democrats are critically flawed ethically. The trait must come from their deficient brains that believe socialism works -- despite the Soviet Union, Venezuela, Cuba and North Korea's economic collapses to the contrary. But, the ProgDems are never going to let facts get in the way of their socialist agenda -- it's the way they want to move America so that one day the all-powerful state can take all of Donald Trump's money and give it to illegal immigrants and Raoul Castro. Ain't never gonna happen friends, unless we give up and surrender our freedom to their mendacious -- in Big 'A' lying -- elite leaders. • • • A TALE OF CONGRESS PROGDEM IT STAFFERS. Fox News reported on Tuesday that : "A criminal investigation into IT contractors employed by dozens of House Democrats is sparking broader concerns about continuing access to sensitive government emails, amid new allegations of illicit activity beyond Capitol Hill." There it is again -- that IT story lurking in the background. This time it's an investigation announced last month by the US Capitol Police that, according to Fox, purportedly focuses on the contractors' access to House computers and whether they took hardware and made questionable IT-related purchases. A police spokesman declined to go into detail, but he told Fox News the case remains opens and focuses on “the actions of House IT support staff.” And, a high-level House staffer acknowledged Monday to Fox News that the probe has raised
concerns about emails being hacked. • Here are the Fox facts : "Official documents and multiple sources say at least five contractors -- including brothers Imran, Jamal and Abid Awan -- are the focus of the probe....The others supposedly involved are Imran’s wife, Hina Alvi, and Rao Abbas, who is not part of the family. They allegedly removed hundreds of thousands of dollars of equipment from offices, including computers and servers, and ran a procurement scheme in which they bought equipment, then overcharged the House administrative office that assigns such contractors to members. Sources told Fox the contractors, including one who worked for Florida Democratic Representative Debbie Wasserman Schultz, had “unauthorized access” to the House computer system. The connection to the former Democratic National Committee boss has sparked questions about whether the contractors could have ties to the DNC hack last summer, which was seen to hurt Hillary Clinton’s ultimately failed White House bid -- or whether Russia or other outside operatives accessed emails that the contractors allegedly put on a cloud server. There have been no reports or evidence so far showing the contractors were involved in a hacking incident." • Good Grief, there is that ProgDem use of certain phrases -- here it is 'so far' and 'hurt Hillary' -- to paste the odor of truth onto a completely factless allegation. There is No Evidence -- how mant times are we going to have to say it -- that Trump or anyone else lost the race for Hillary; she lost it all by herself because Americans don't like or believe her. • Anyway, House Democrats are standing by the contractors, privately and publicly suggesting their Moslem and Pakistani heritage prompted the probe and is contributing to fear-mongering. That is the true fundamental ProgDem position -- these alleged thieves and swindlers are being picked on because they are Moslem, not because there is probable cause to open a police investigation into their alleged wrongdoing. Wasserman Schultz as of last Friday was still
employing Imran Awan, 36, as an advisor, says Fox, but at least his access to the House computer system has been revoked. Democrat Representative Gregory Meeks kept Alvi, 33, employed until about two weeks ago. Meeks told Politico : “I have seen no evidence that they were doing anything that was nefarious. I wanted to be sure individuals are not being singled out because of their nationalities or their religion.” • But other troubling allegations have surfaced, says Fox : "Police in January were called to the northern Virginia home of a woman identified in the incident report as the stepmother of the Awan brothers, as first reported by the Daily Caller News Foundation. The woman alleged the brothers were keeping her away from her dying husband. Abid Awan told police her bedside visits were causing their father additional stress and that he had full power of attorney over him, then produced “an unsigned, undated document as proof.” A family member told a foundation reporter that the stepsons had kept the women in a “sort of illegal captivity” from October 2016 apparently until their father’s death in early February in a plot to get his life-insurance money. And they threatened her in an effort to get money that their father had stashed in Pakistan, the family member said. The Daily Caller story said the stepmother has filed a separate police complaint alleging insurance fraud." • Nice story about the brothers who were allegedly targeted by Capitol Police who profiled them as Moslems. • But, the real kicker is the story of the brothers salaries -- paid by US taxpayers. Fox reported : "According to LegiStorm.com, which tracks congressional pay, the contractors’ Capitol Hill work started in 2004 with at least two making six-figure salaries, including Abid Awan last year earning $166,944. But Awan also had money troubles, contributing to concerns about the contractors' access to sensitive emails and how that could be used. Awan declared bankruptcy in 2012 with more than $1.1 million in debt. Court documents show the debt included roughly $51,150 to the Congressional Credit Union, for two cars and a credit line. And Virginia court records show he has had 19 violations since 2009, mostly traffic-related offenses. Database searches found no major criminal charges for any of the contractors allegedly under
investigation." • And, this is just the tip of the IT iceberg. We have no information about how many IT loose canons there are floating
around in the federal government with clearances that make them possible data thiefs, IT manipulators, or targets for blackmail by
hackers and foreign govenrments. • • • THE PENTAGON AND THE ENERGY GRID. A recent Pentagon reports states that American infrastructure, including the energy grid, is and will remain vulnerable to cyber attacks from China and Russia for at least the next decade. The cyber vulnerabilities must be reduced while the Pentagon creates new deterrence capabilities ranging from low-level disruption to “catastrophic destruction and loss of life,” according to a report by a Defense Science Board task force. The report titled “Task Force on Cyber Deterrence” is based on a two-year study by a panel of defense and military experts and focuses on four countries: China, Russia, Iran, and North Korea, says the Washington Free Beacon. The report's warning is clear : "The unfortunate reality is that, for at least the coming five to ten years, the offensive cyber capabilities of our most capable potential adversaries are likely to far exceed the United States’ ability to defend and adequately strengthen the resilience of its critical infrastructures. The United States, as well as our allies and partners, are at serious and increasing risk of severe cyber attack and increasingly costly cyber intrusion. The requirement for enhanced deterrence is, in our view, not debatable. Nor is the need to accelerate the implementation of deterrence measures.” The report says that even if preventive measures are taken, it still won’t be able to prevent sophisticated attacks from China and Russia because “improvements are not on a pace to reduce risks to acceptable levels within the next decade." • First, anyone who can read and buy a book from Amazon knows that Ted Koppel long ago published an entire book about the insecure US energy grid, so the DOD report is not news, except for those who never buy or read books. This is not to belittle the Pentagon report, but surely these Defense Department IT experts are farther along on their timeline than just now announcing that America has an energy grid IT vulnerability problem. Does anyone know what the US government is actually doing to close the IT hacking hole? We know that the energy industry is working hard on the problem because they issue occasional reports about their progress. Would it be too much to ask the US government to do the same -- or must we wait for the inevitable blackout
hack before the government tells its citizens anything. • • • THE PENTAGON HAS AN IT SECURITY PROBLEM. American Thinker reported on Tuesday that : "Once again the U.S. government has failed to protect sensitive personal information, this time highly sensitive information on 4,000 Air Force officers. This information, contained in extensive 127-page individual security questionnaires known as SF-86 were found on a backup hard drive that was neither password protected or encrypted. In addition, extensive information on high-profile visitors to sites in Afghanistan was also on the same drive along with gigabytes of Outlook emails whose content has yet to be assessed. This follows other similar cases, the most notorious being the highly successful penetration of SF-86 files and other data held by the Office of Personnel Management in June, 2015. In that case, 21.5 million Americans' personal data was compromised, again involving the SF-86 security questionnaire. On top of that, 5.6 million fingerprints were also stolen. In applying for a security clearance, the government collects fingerprint data and photos." The SF-86 form is an especially frightening example because it contains everything from every place you may have worked, who your friends and colleagues are, to your business involvements and who your family members and relatives may be. An SF-86 provides hugely valuable information to potential adversaries who may be nation-states, but who also could be commercial data thiefs or terrorist organizations. • American Thinker asks the obvious question : "Does the government have any responsibility to protect sensitive information?" And the answer in the article is not encouraging : "Apparently, anyone who believes that the government has this responsibility is sadly misguided. Not only does the government not protect personal information, it hands it around to other agencies routinely and gives it to private contractors for 'processing.' " The American Thinker uses the process of getting a passport as the example of how personal data is not protected by the government : "You go to a passport office, fill out all the information, provide a birth certificate and all the requisite contact information, and you give the passport office photos, one of which will wind up embossed into your passport. Then, the Passport Office sends all that (how, by mail?) to a private contractor to "process." Who has access to it is anyone's guess. The information is not classified and therefore is not formally protected in any manner." And, says American Thinker, the same is true for tax returns -- as Donald Trump just found out. Today, you send your tax return to the IRS electronically. Maybe it is semi-encrypted when you electronically transmit the form, or your accountant does it for you, but when it arrives at the IRS, it is stored as an ordinary file with no protection, according to American Thinker. • • • DOES THE GOVERNMENT CARE ABOUT PERSONAL DATA HACKS? Two years after the OPM hack, we still have no idea what Congress has done. American Thinker says : "The answer is, absolutely nothing. What has been done by the executive branch to protect information? Once again the answer is absolutely nothing. Zero. Nada. Niente. What is wrong with Congress? • Okay -- that is another subject entirely -- but one piece of congressional uselessness is its lackadaisical approach to protecting the personal data of American citizens. • Maybe the federal government doesn't care about the personal data of its citizens because it routinely spies on them, too, without warrants and often without any discernable cause, or with nonsensical suspicions that often fail to be factual. So, why should the government consider it critically important to protect its citizens' exposure because of the electronic storage of their personal data. • The problem may exist because personal information is not classified information. Government separates everything into 'classified' and 'not classified.' And while it has recognized in recent years that some information is "sensitive but not classified," including technical information or law enforcement data, that label doesn't protect "sensitive" information in the same way classified information is protected. The use of encryption is not allowed because only classified information is supposed to be encrypted, and the encryption methodology is closely regulated by the spymaster of all spymasters when it comes to sweeping US citizen data off the interent -- the National Security Agency (NSA) which also holds the keys to decryption. That's the way it has been done since World War II. But, the world has changed dramatically. Today you don't need a spy to steal papers from a government file : the government office is on your computer anywhere in the world if you know how to access it, thanks to IT. The executive branch and Congress have failed to do the right thing, and Americans have tolerated this dangerous error far too long. It is time to demand that personal data be treated with the IT care it deserves. • • • DEAR READERS, after NSA contractor Edward Snowden stole files relating to US military capabilities, operations, tactics, techniques and procedures, and surveillance details, President Obama announced : “Nobody is listening to your telephone
calls.” [Right, Barack, and nobody is paying more for Obamacare.] Well, Americans didn't buy Obama's IT comment any more than they bought his Obamacare lie. In Spring, 2016 -- before Hillary Clinton’s and John Podesta’s emails were published by WikiLeaks -- the Pew Research Center survey showed that many Americans "do not trust modern institutions to protect their personal data -- even as they frequently neglect cybersecurity best practices in their own personal lives.” • For the past 10 years, cyber experts have been testifying in open and closed Congressional hearings on the escalation of hacking into US government agencies and private industries, communication, websites, and email. Everyone who testified warned about the short-term damages and the long-term threat of such hacking to US national security and interests, and to the American people, by Chinese, Iranian, Russian, and other cyber intelligence agencies, as well as criminal and terrorist organizations. In 2014, the Obama administration was tasked by Congress to develop cyber counter-measure policies. But in response to Senator. John McCain’s question : “Is it correct that these are policy-decisions that have not been made?” US Cyber Command Commander Admiral Michael S. Rogers responded : “The way I would describe it is, we clearly still are focused more on” an “event-by-event” approach to cyber incidents.” He urged an acceleration of "debate on how to balance security and privacy in the ever-changing digital realm.” Otherwise, Rogers warned, “an enemy could change and manipulate data -- rather than enter a computer system and steal -- that action would be a threat to national security.” • Very little has changed. We are just now learning that the DOD belatedly sees the vulnerability of the US energy grid to cyberattacks that could allow hackers to shut down the electric grid throughout the country, disable communications and the operations of the critical infrastructure, and other industrial systems. On March 2, 2017, Senator McCain warned again : “Treating every attack on a case-by-case basis, as we have done over the last eight years has bred indecision and inaction, and the appearance of weakness
has emboldened our adversaries.” In the meantime, as February's Defense Science Board’s report -- that started this blog -- shows,
Russia, China, North Korea, and with growing potential, Iran could launch such an attack today. • Yet, there has been no public
accounting of the damage already done to US defense capabilities, financial institutions, and the economy. The government, if it
knows, hides this information from the public. The private sector is, for many competitive and liability reasons, unwilling to speak
publicly about the damages it has suffered, and, becasue of its distrust in the government, private industry is often reluctant to
exchange information with the government. Protection against cyberattacks and GPS interference should be among the US government’s highest priorities. • President Obama failed the IT test miserably, making way for both attacks on US inioviduals and businesses and doing nothing to close the gaping hole in the protection of US IT data. It is now President Trump's turn. Will he assemble the brightest cyber and GPS experts in the nation to participate in a high speed “Manhattan Project," to develop an alternative to the Internet and to close US vulnerabilities to current IT systems. The team should consist of experts from government, academia, and the private sector, if it is to have public confidence. President Trump and some of his cabinet are masters at organization and the elimination of bureaucracy. They are visibly trusted by private business. What is still missing is the kick in the backside that gets Congress moving. Meanwhile, don't forget to do all you can individually to protect your personal data -- because you are pretty much on your own.
Subscribe to:
Post Comments (Atom)
ReplyDeleteSpace Odyssey 2001, 4 or 5 segments of Rod Serling Twilight Zone, numerous movies al with a like theme where 'computers' or AI (artificial intelligence) was able to take over the actions of man, do it better, and many times have bloodless coup d'etat over mankind.
Where these just entertainment dreams, or was it some well thought out reality.
If anyone has any knowledge of the mathematical genius work that spawned the Cryptographic communication age back in the early 1950 (and still being used today in Generation 12). This was and is still UN-breakable code. A NEVER repeating code that was therefore UN-breakable due to many qualifications.
Point is that if we set our minds to the development of "unbreakable encryption programs" the sometime weird thinkers in Silicon Valley and at DARPA Research could most likely have a working program within 6 months. The technology is there for a NEVER REPEATING system of continuous encryption.
Really 'Dave' it is (Space Odyssey 2001)!
From my lack of any such experience I would think it to be more difficult to break into a facility, get to the right office also under state of the art locks requiring retina and/or finger print scans, photograph specific documents (all of which are not in one central location) and retreat. -maybe not caught- but known to have been there; than to have one computer break into another which is far, far away.
ReplyDeleteSo is the quickest and most preventable method of securing documents, conversations, emails, incriminating evidence still the old lock & key?
No, not really. As good as the cyber thieves are today dictates firewalls that impenetrable. Therefore should our source be a cyber hacker that has turned to the 'good' side?
ReplyDeleteThe time is ripe for conservatives to step back and ask some of the bigger questions about the cyber domain: What is the nature of the Internet? How does that nature affect policy? What aspects of the cyber domain reflect conservative principles of limited government? To which policy recommenda- tions do these principles lead?
Before the Congress’s efforts become fraught with special interest group attention and before the heat of the political contest extinguishes the light of rea- son, it is useful to develop a set of background prin- ciples to guide the development of legislation. With a clear sense of principles, Congress will be better equipped to assess how well any piece of legislation addresses cyber intrusions.
Policymakers must deal with the world as it is, not as they wish it were. Any legislation must deal with the Internet as it is today, not as the U.S. hopes it will be in the future.
The task is a daunting one. No background review of cybersecurity that is of any readable length could hope to plumb the depths of the sub- ject. But it is important to start somewhere. Aristotle said, the nature of the thing “is the thing itself,” this examination begins with what is, not as we wish it were.