At a time when intelligence officials say cybersecurity now trumps terrorism as the No. 1 threat to the U.S. — and when breaches at businesses such as Home Depot and Target focus attention on data security — the federal government isn’t required to publicize its own brushes with data loss.
Last month, a breach of unclassified White House computers, by hackers thought to be working for Russia, was reported not by officials, but by The Washington Post. Congressional Republicans complained even they weren’t alerted to the hack.
“It would be unwise, I think for rather obvious reasons, for me to discuss from here what we have learned so far,” White House press secretary Josh Earnest later said about the report.
To determine the extent of federal cyberincidents, which include probing into network weak spots, stealing data and defacing websites, the AP filed dozens of Freedom of Information Act requests, interviewed hackers, cybersecurity experts and government officials, and obtained documents describing digital cracks in the system.
That review shows that 40 years and more than $100 billion after the first federal data protection law was enacted, the government is struggling to close holes without the knowledge, staff or systems to outwit an ever-evolving foe.
“It’s a much bigger challenge than anyone could have imagined 20 years ago,” said Phyllis Schneck, deputy undersecretary for cybersecurity at the Department of Homeland Security, which runs a 24/7 incident-response center responding to threats.
(For the rest of the article, click the link.)