Handing Over The Crown Jewels
Cloud Computing And Classified Data
Published on July 28, 2018
This is just a sample of what the Russians have done within the last two years. Every day computer systems, private and governmental, are being attacked by criminal elements and by agents of multiple other foreign powers like China and Iran. The US government's record in withstanding these attacks and maintaining the security of sensitive data is abysmal.
A recent report on cyber security by the White House's Office of Management and Budget found that of 96 federal agencies assessed, 74 were deemed either "at risk" or "high risk" meaning that they need crucial and immediate improvements. Half of the agencies reviewed lacked the ability to determine what software they were running on their systems. Only one agency in four had the capacity to even detect a breach of its computer systems. In 38% of cases where government systems were hacked, no one was ever able to even identify who had perpetrated the attack or how.
One would like to hope that while the average government agency is woefully unprepared our intelligence and defense establishments would be on top of their game. Unfortunately, the record demonstrates otherwise. In 2013 Edward Snowden, a contractor working for NSA, stole a staggering 1.7 million classified documents. None of those documents has ever been recovered. They are all considered compromised.
In 2014 a British man hacked into the Pentagon's satellite phone system and stole information on 800 individuals and tens of thousands of satellite phones.
In 2015 the email system for the Joint Chiefs of Staff was hacked.
In 2016 a group calling itself the Shadow Brokers, according to press reports, hacked into computers associated with NSA and stole some of the world's most sophisticated cyber-attack software. That software has been used on multiple occasions since for attacks worldwide.
In 2017 a Pentagon database containing almost 2 billion documents was found to have no security whatsoever and be readily accessible via the internet.
In fact, a recent internal audit of the NSA found shocking cyber vulnerabilities. Those vulnerabilities included computer system security plans that were inaccurate or incomplete, removable media that not being properly scanned for viruses, and an inadequate process for tracking the job duties of National Security Agency cyber defenders to ensure they're qualified for the work they do. The agency was also found not to have properly implemented the "two-person access controls" on its data centers and equipment rooms mandated by the Director of NSA after the Snowden breach.
All of the incidents highlighted above are examples only. US government computer systems are under cyber-attack every day and compromises are frequent. All projections are that the pace of attacks will only intensify and that their sophistication will only increase. Now, defying all logic and all common sense, in the face of this onslaught we are in the process of handing information that represents literally the "crown jewels" of American intelligence and the American military over to private companies and trusting that they will maintain its security and prevent catastrophe.
A rational response to recent events and the actions of our adversaries would be to double down on serious accountability and strict security practices. Sensitive data should reside on government-controlled servers under the control of government personnel operating in accordance with strict, no nonsense rule and regulations. Individuals playing fast and loose with the security of classified information should have their access to such data revoked immediately. Individuals not enforcing procedure should be shown the door. This is not a game. It should not be treated as such.
That is what should happen. It is not what will happen. In the world of Washington, DC where accountability is elusive, and priority is placed on awarding big contracts and making big defense corporations even bigger "cloud computing" is the new cash cow. The companies in question will make vast sums of money, the JEDI contract alone is worth $10 billion, but we will pay the real price in damage to our national security.