'Incredibly Damaging': US Cyber Security Ranks Vacant After Massive Hacks
03:31 13.11.2017(updated 03:37 13.11.2017)
Many top cybersecurity top posts remain empty, according to White House cybersecurity coordinator Rob Joyce, as the NSA reports disastrous leaks of key assets.
Many top cybersecurity and technology positions remain vacant 10 months into the Trump administration, according to White House cybersecurity coordinator Rob Joyce, cited by Defense One.
The key positions remaining empty are a federal chief information officer, a federal chief information security officer, a chief for the Homeland Security Department's cybersecurity and infrastructure protection division, and numerous agency CIOs and CISOs.
And, asserts Joyce, the administration of US President Donald Trump is not keeping the seats vacant intentionally.
"It's not an intentional emptiness today and not an intentional decision to keep those empty going forward," Joyce claimed. "It's more stacking up the nominations and clearing the decks of the senior-most leaders and ambassadors we've got to get through.
One pillar remaining among the empty desks is Admiral Michael S. Rogers, director of the NSA and commander of its sister military organization, the United States Cyber Command, but his continued service is primarily due to coincidence.
The vacancies of key cybersecurity posts within the Trump administration appears to be just the top of a lurking iceberg, as employees have enthusiastically sought the havens of private enterprise away from state cyber agencies that were devastated by the Shadow Brokers – the notorious hacker group that accessed and then made public an enormous hoard of NSA malware tools and other proprietary cybertools.
According to an exhaustive report by the New York Times, the Shadow Brokers exposed so many NSA assets that entire projects were declared compromised and quickly shuttered.
"Some agency veterans have seen projects they worked on for a decade shut down because implants they relied on were dumped online by the Shadow Brokers," the report read.
"These leaks have been incredibly damaging to our intelligence and cyber capabilities," said Leon Panetta, a former defense secretary and director of the Central Intelligence Agency.
With the leak of NSA cybertools and intelligence methods, Panetta said, "Every time it happens, you essentially have to start over."
When software, particularly that used in implementing cybersecurity programs, it becomes useless. The arsenal of hacking programs and tools must then be renewed, and until that time when new assets are created, the NSA can do next to nothing to protect America.
As a result of the failures, the intelligence agencies have found themselves in a paralyzing witch hunt of finger-pointing, subjecting employees to polygraph tests in an atmosphere of deep suspicion.
"Morale has plunged, and experienced cyberspecialists are leaving the agency for better-paying jobs – including with firms defending computer networks from intrusions that use the NSA's leaked tools," Nytimes.com reported.
The impact of Shadow Brokers has been disastrous.
Seeking to lay blame outside of the US security community's own failures, spokespeople have blamed everyone but themselves.
"Snowden killed morale," an NSA analyst declared to reporters. "But at least we knew who he was. Now you have a situation where the agency is questioning people who have been 100 percent mission-oriented, telling them they're liars."
The leaks just keep happening.
"How much longer are the releases going to come?" asked a former NSA employee, who added, "The agency doesn't know how to stop it – or even what 'it' is," cited by Nytimes.com
Millions of people have seen their computers shut down by ransomware, with demands for payments in digital currency demanded to have their access restored as a result of malware released into the wild by the NSA leaks.
Tens of thousands of employees at Mondelez International, the makers of Oreo cookies, among other treats, saw their data completely wiped. FedEx saw an attack on a European subsidiary that had halted deliveries and cost the company some $300 million.
Things have only gotten worse as a result of US cybersecurity leaks: "hospitals in Pennsylvania, Britain and Indonesia had to turn away patients," cited by the New York Times.
"Attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide."
Cyber security agencies are helpless to stem the damage while the US intelligence agency conducts investigations of just three former employees.
The most outstanding is Harold T. Martin III, a contractor arrested last year after FBI agents "found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years."
But the report mentions "thousands" of others who have access to US intelligence agencies. As even the smallest thumb drive can contain a library's worth of data, the cybersecurity community cannot ensure that no one has sneaked something sensitive outside of 'secure' facilities.
And the top seats in the US cybersecurity ranks remain empty.
"The vacancies in top tech and cyber ranks have made it more challenging to make decisive changes," Defense One quoted the White House's Joyce saying.
|Join the GlobalSecurity.org mailing list|