As information slowly trickled out about Russian hacker attacks on major government systems — first the State Department, then the White House — it seemed only a matter of time until the Pentagon admitted it had been hacked as well.
That disclosure was made at last on Thursday, by Secretary of Defense Ashton Carter, as reported by The Hill:
Russian hackers broke into unclassified networks at the Department of Defense (DOD) earlier this year, Pentagon chief Ashton Carter disclosed Thursday.
The department was able to quickly identify the perpetrators and kick them off the network in a way that minimized the intrusion, Carter said.
The previously unacknowledged hack illustrates the threat from Russian hackers against U.S. government agencies.
Russians are considered responsible for the cyberattacks on the State Department and the White House, both of which are still recovering from the hacks.
Carter mentioned the hack of DOD’s networks during a speech at Stanford University, where he called for stronger ties between the Pentagon and Silicon Valley.
“We’ve had tensions before and we will likely have them again,” Carter said. “But those who work in the tech community are no strangers to intense grappling with ideas, and the same is true for those of us who work in the Pentagon.”
Why is poor Ashton Carter spending his time in Silicon Valley apologizing for what Jeb Bush describes as the very best part of the Obama Administration? Why don’t we learn the true extent of hacker penetration until the Administration decides to let it slip as part of a bid for sympathy from the tech sector?
That’s not an inference — it was explicitly presented as Carter’s mission at Stanford. “Washington’s courtship of the technology community can be partly explained by the rising threat from hackers around the world,” writes The Hill. “The government needs to recruit top talent from the private sector in order to improve its cybersecurity, but that task is difficult given the relatively lower pay and fewer perks involved in public service.”
Journalists should drop the canard about low pay and lousy perks working for the government, since at this point everyone knows Washington, D.C. has become one of the richest zip codes in America, and public employee union “perks” are nothing short of mind-boggling to private sector workers. But for the sake of argument, let’s assume cyber-security is one of the areas in which private-sector work is vastly more lucrative than manning the digital ramparts of the White House or Pentagon. Carter’s solution is to rebrand government computer security work as fun:
Carter, calling cybersecurity one of the world’s “most complex challenges,” urged Stanford students to think of military service as an exciting opportunity.
“The mission is compelling, but we have to make the environment less dreary,” he said, noting that younger workers do not want to be “tied down” in one workplace for their whole careers.
“We have to make ourselves an exciting and flexible and compelling place to work,” he said.
On the contrary, I think an awful lot of young people would love the security of long-term employment with appreciative employers, the sort of career that’s rapidly becoming an artifact of the past in their minds — something they can only find in the pop-culture museum of TV shows like Mad Men.
Doing battle with foreign hacker squads on the virtual battlefields of the First Cyber War sounds inherently exciting, doesn’t it? Conversely, is there any reason to think corporate security work isn’t “dreary?” Why do so many government officials seem wedded to the idea that young people have short attention spans, are allergic to productive hard work, and prize freedom from “job lock” above all else? Why does the political class assume private-sector jobs are non-stop laugh riots where having fun is the highest priority?
We need reinforcements on the Cyber War battlefield, no doubt about that. Disclosure is always slow and partial in government hacking stories, and big private sector companies aren’t exactly eager to describe the full extent of their data breaches, either. There are legitimate reasons for this reticence. Information is ammunition in electronic warfare, after all. You don’t want to help enemies figure out exactly how far they got, or how they got caught. But it’s still annoying how the truth about big government data breaches emerges at such a glacial pace, dropped off without warning in political speeches or low-profile press conferences months long after the fact… and it makes you wonder how much they’re still holding back.
No wonder the government is talking more openly about developing more aggressive, possibly even retaliatory, cyber-war capabilities. Playing pure defense isn’t quite good enough.