Is the U.S. Lousy at Cyber Warfare?

A series of alarming data breaches over the last two years have cast doubt on our government’s competence with regard to cyber warfare. Glenn Reynolds writes about the most recent instance in USA Today:

“Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged.” …

Aside from regular federal personnel records, which provide a royal route to blackmail, intimidation and identity theft for present and retired federal workers, the hackers also stole a trove of military and intelligence records that could be even more valuable. The forms stolen were Standard Form 86, in which employees in sensitive positions list their weaknesses: past arrests, bankruptcies, drug and alcohol problems, etc. The 120 plus pages of questions also include civil lawsuits, divorce information, Social Security numbers, and information on friends, roommates, spouses and relatives.

The result? About 14 million current and former federal employees are in a state of collective panic over the loss of their information.

If the federal government can’t keep confidential sensitive information about its own employees, what reason is there to believe that it can keep secret the data it relentlessly collects about the rest of us? None.

Our government’s inability to prevent cyber hacks, or even detect them in timely fashion, is a serious national security issue:

[T]his trove of information is perfect for “fourth-generation warfare,” in which conventional strengths are bypassed in favor of targeted attacks on a stronger nation’s weaknesses. With this sort of information, China will find it much easier to recruit agents, blackmail decision-makers and — in the event of a straight-up conflict — strike directly at Americans in the government, all without launching a single missile.

That’s why experts are calling this security breach a “debacle” and “potentially devastating.” Some are even calling it a “cyber Pearl Harbor.”

I don’t see how one can disagree with Glenn’s conclusion:

The United States is highly vulnerable to cyberwar, and not very good about defending against it, especially in the lame-and-inept government IT sector, which has not distinguished itself in terms of competence. (Remember

This is particularly true, given that the Chinese intrusion was not the first. Shortly before the presidential election in 2012, it leaked out that a foreign power had successfully penetrated the White House’s computer system, as well as that of the State Department. We were tipped off to this by a reader, and were the only news outlet to cover the incident extensively. I suspect that mainstream reporters and editors downplayed the intrusion so as not to imperil President Obama’s re-election chances. It eventually was reported that the Russians were behind that breach, and our own government never did discover it. Rather, we were informed by an ally that the White House’s computers had been penetrated.

Glenn Reynolds proposes a rather radical solution, i.e., that the government re-discover the virtues of paper records. That is an interesting idea, especially for the very most secret data. (I wonder whether there is already a practice of keeping such information off government computers.) But it surely is not practical for the government to revert to the pre-email era for any but its most sensitive secrets. That being the case, our apparent incompetence at defending against cyber warfare is extremely worrisome. I can offer only one modest suggestion: perhaps the Obama administration should spend less time waging cyber and social media warfare against Republicans and identifying Democratic voters, and more time figuring out how to defend ourselves against hostile hackers.