Ex-NSA Director Says America Has Too Many Secret Hacks

Fact checked

Former director of the U.S. National Security Agency (NSA), Michael Hayden says that the U.S. keeps too many cyber-attacks secret.

The retired U.S. Air Force four-star general said in an interview that the government and businesses keep cyber attacks a secret for their own reasons and that the country is ill prepared to deal with the ever increasing threat from hackers.

A joint venture between government and business is needed to take control of hacking in general; to be able to learn from it and deal with it, particularly when it comes to dealing with foreign hackers who could cause massive disruptions if they were to hack into public utility infrastructures.

To take control also allows to call out foul play by bad actors when it occurs, as opposed to remaining silent for political sensitivity, or lack of transparency.

CNN Money reports:

“The government hideously over-classifies it,” Hayden said. “And the private sector, for fiduciary reasons, is reluctant to share it.”

In November, a CNNMoney investigation detailed how Corporate America keeps huge hacks secret. Power plants, dams and other parts of America’s backbone hide hundreds of successful hacks from the public each year — and a little-known federal policy keeps it all under wraps.

This secrecy even limits the nation’s defenders, because instructors have less material to teach the cybersecurity teams that defend America’s energy, water and gas lines.

On Tuesday, Hayden told CNNMoney the reluctance to share information between companies and the government prevents America from figuring out how to deal with foreign spies and potentially destructive cyberattacks.

“We lack cyber policy,” he said. “We don’t have shared information on which to begin to base that adult conversation.”

President Barack Obama recently signed into law information-sharing measure for businesses and government investigators to voluntarily share details about cyberattacks. But the most significant attacks — the ones on the nation’s infrastructure — remain protected with a veil of secrecy from the American public.

Another particularly frustrating aspect of this widespread concealment of information is the nation’s reluctance to formally accuse the actual attackers, Hayden said.

For example, hackers stole 21.5 million sensitive federal personnel records last year from the Office of Personnel Management — perhaps America’s biggest cyberespionage blunder to date.

The Obama administration has yet to blame China’s government. Meanwhile, Director of National Intelligence James Clapper has vaguely jabbed at China when speaking about the hack, once sarcastically congratulating the spies who pulled it off by saying, “You’ve got to salute the Chinese for what they did.”

Hayden, who is no longer a state official, was more direct.

“Who did OPM? China. Our government refuses to say it,” he said.

In many other cases, federal investigators will refuse to name the suspected government behind a hack — in public. But law enforcement agencies will whisper suspicions to reporters on condition of anonymity.

The result? News stories frequently attribute hacks with no actual proof. The massive JPMorgan bank hack in 2014 was initially blamed on Russian hackers with connections to the government there, but investigators eventually arrested Israelis supposedly engaged in $100 million fraud scheme.

The hacking world is shadowy enough already. Hackers are notoriously difficult to catch, attackers bounce around signals to hide their location, and computers are wiped to destroy forensic evidence. Keeping cyberattack details secret only conceals it all even further.

“I can’t explain it,” Hayden said. “Yeah, it bothers me.”

Hayden thinks details about hacks tend to remain in the dark, because cyber operations — hacking into networks, stealing information, remotely destroying computers — have been viewed traditionally as a military domain.

“We have inherited this cult of secrecy with regard to all things cyber because of its bloodline,” Hayden said.NSA



Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.