Unfortunately, those and other initiatives did not always achieve the desired results. Security failures over the past eight years are well known and, in some cases, have been catastrophic.
Perhaps the worst was the hack, attributed to China, of the Office of Personnel Management (OPM), which compromised the personal data of about 22 million current and former federal employees.
The level of cybersecurity that exists in government today would be disgraceful if it existed within large corporate America.
Aaron Tantleff, partner, Cybersecurity Practice, Foley & Lardner
Douglas R. Price, a board member of AFIO (Association of Former Intelligence Officers), called it, “a failure of epic proportion.”
The OMB launched a so-called, 30-Day Cybersecurity Sprint to improve everything from authentication to threat detection, but that came much too late – after the breach was disclosed.
Other high-profile lapses include:
- Leaks of millions of classified documents from US Army soldier Bradley (now known as Chelsea) Manning and former NSA contractor Edward Snowden, which not only undermined confidence in the administration’s claims that it wasn’t conducting surveillance on American citizens, but also illustrated that government couldn’t protect itself against insider threats.
- The president tried twice, in 2011 and 2015, to launch legislation that would, "improve cybersecurity for the American people, our nation’s critical infrastructure and the federal government’s own networks and computers.”
But neither proposal went anywhere, in part due to a divided Congress, but also because of opposition from civil rights and privacy groups.
- The federal “Einstein” cyber threat detection and prevention system, which has existed since 2004 and has gone through several iterations since then, was upgraded by DHS to "EINSTEIN 3 Accelerated (E3A" in 2015.
But it has been criticized by experts, former government officials and members of Congress for being hopelessly outdated before it is even fully implemented – the deadline for implementation was this past December.
Greg Touhill, deputy assistant secretary of cybersecurity operations and programs at DHS, famously said in November 2015 that, “Einstein 3 is really where we needed to be 15 years ago.”
- Hacks, attributed to Russia, of the Democratic National Committee (DNC) and the email account of John Podesta, chairman of the Clinton presidential campaign. Wikileaks released embarrassing information from them during the final weeks of the campaign.
There are a number of reasons given for the failures.
First, numerous experts have said it is essentially impossible for government to keep up with the evolution and expansion of the threats. As Rosenzweig put it in an interview with Nextgov, “government moves at 60 miles per hour and Internet innovation moves at 6,000 miles per hour.”
Sign up for CIO Asia eNewsletters.