debate over cybersecurity

Hayden: Political culture limits government’s ability to protect IT systems

Last year’s hack at the Office of Personnel Management that led to the loss of more than 21 million personnel records was the result of poor cyber hygiene, according to Gen. Michael Hayden, the former director of the National Security Agency and CIA.  And the attack itself was rather impressive.

“The OPM hack was actually a legitimate instance of state espionage,” Hayden said in a keynote address at the recent Gigamon Cybersecurity Summit. “If I could have done this to the Chinese database when I was director of NSA, I would have done it in a heartbeat,” he said. “It was not an illegitimate state activity” on the part of the Chinese, Hayden said. “The only thing illegitimate was our ability to defend ourselves -- or more accurately the government’s ability to defend you.” Hayden added.

The OPM breach, along with other successful hacks on federal systems, has contributed to government workers losing faith in their agency’s ability to protect information systems from cyber intrusions. In a survey of 464 senior-level federal workers, only 8 percent said they were very confident in their agency’s ability to protect information systems.

The U.S. government needs to do a better job of fortifying its systems and securing sensitive data, but that’s not an easy task because we haven’t defined the rules of the Internet, Hayden said.  “We have hardly begun the cybersecurity conversation,” Hayden said. “The Internet is the largest ungoverned space in recorded history, and you and I have decided to put everything we have that’s valuable up there, so what could possibly go wrong?”

The privacy versus security debate also limits the government’s ability to protect its information. “You and I have not yet decided what it is we want -- or what it is we will allow our government to do -- to keep us safe in this domain,” he said.

“All governments have had trouble with cybersecurity, but our government will have particular trouble because of our political culture,” Hayden said. “Our commitment to the Fourth Amendment and our historical distrust of the government is going to keep our government off the field.”

About the Author

Derek Major is a former reporter for GCN.

inside gcn

  • smart city (jamesteohart/Shutterstock.com)

    Toolkit for building a smart city plan

Reader Comments

Thu, Jan 25, 2018 Michael L Monterey

It's not just political culture, it's commercial culture and the bambozzled culture of misinformed dupes. The Top Security Threats for 2018 are all caused by the Legacy illogic paradigm ensuring ongoing vulnerabilties and bad news that can only be stopped with a replacement, not a fortification of the existing quagmire threatening every agency, institution, business and person using the global IT network. Replacement with what? With a truly logical global logic infrastructure with hyper-secure coding and hyper-compression built-in from the kernel and core logic on up and out, at every level of IT. A big part of that is eliminating all unnecessary human access to what really requires no human access in a truly well-designed IT system architecture. As long as their are choices to be made by imperfect and illogical and/or ill-informed humans, there will be IT disasters. For example, the Equifax hack and theft of the personal-financial data of 180 million US consumers, a number nearly equal to the number of us over the age of 18. What's being done with all those records and identities? Seems a great bargaining chip for massive blackmail (of Equifax.gov), etc. How and when could we hope to get a truly efficient, secure global IT infrastructure? With truly effective AI-assisted system R&D and design, it may take a year or so. Yet, naturally, politicos, spooks, tyrants, fraudsters and dupes will try to prevent or obstruct progress. Why? To prevent change and maintain the status quo.

Thu, Jun 2, 2016

Hayden's statement about "you and I have decided to put everything we have that’s valuable up there" is not 'the whole truth' as it misses the involuntary choices about our data made by organizations. Many organizations collect data without giving their customers a choice (e.g. credit check to get power for your house, government forms that collect personal data, etc.) and have made that decision for their customers.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group