Gen. Michael Hayden, the former director of the National Security Agency and CIA, said the nation has hardly begun the cybersecurity conversation about what should be open and what should be protected.
Last year’s hack at the Office of Personnel Management that led to the loss of more than 21 million personnel records was the result of poor cyber hygiene, according to Gen. Michael Hayden, the former director of the National Security Agency and CIA. And the attack itself was rather impressive.
“The OPM hack was actually a legitimate instance of state espionage,” Hayden said in a keynote address at the recent Gigamon Cybersecurity Summit. “If I could have done this to the Chinese database when I was director of NSA, I would have done it in a heartbeat,” he said. “It was not an illegitimate state activity” on the part of the Chinese, Hayden said. “The only thing illegitimate was our ability to defend ourselves -- or more accurately the government’s ability to defend you.” Hayden added.
The OPM breach, along with other successful hacks on federal systems, has contributed to government workers losing faith in their agency’s ability to protect information systems from cyber intrusions. In a survey of 464 senior-level federal workers, only 8 percent said they were very confident in their agency’s ability to protect information systems.
The U.S. government needs to do a better job of fortifying its systems and securing sensitive data, but that’s not an easy task because we haven’t defined the rules of the Internet, Hayden said. “We have hardly begun the cybersecurity conversation,” Hayden said. “The Internet is the largest ungoverned space in recorded history, and you and I have decided to put everything we have that’s valuable up there, so what could possibly go wrong?”
The privacy versus security debate also limits the government’s ability to protect its information. “You and I have not yet decided what it is we want -- or what it is we will allow our government to do -- to keep us safe in this domain,” he said.
“All governments have had trouble with cybersecurity, but our government will have particular trouble because of our political culture,” Hayden said. “Our commitment to the Fourth Amendment and our historical distrust of the government is going to keep our government off the field.”
NEXT STORY: DHS calls for secure mobile app research