The vulnerability of the nation’s cyber networks were made clear on Tuesday after a website claimed it had stolen the financial information of high-profile Americans, including first lady Michelle Obama, Vice President Biden, and rapper Jay-Z. The website, hosted from a “.su” URL, posted the individuals’ names, addresses, and other sensitive information including credit reports and Social Security numbers. Other targets whose information has been posted on the site include former Secretary of State Hillary Clinton, FBI Director Robert Mueller, former Alaska Gov. Sarah Palin, former California Gov. Arnold Schwarzenegger and a handful of celebrities, including golfer Tiger Woods, Beyoncé, Ashton Kutcher, and even Kim Kardashian—as if there was personal information about her the public doesn’t already know! This latest intrusion shows that even the most careful and well-connected individuals can be vulnerable if their data—especially data from comprehensive sources such as credit reports, but also social networks and dating services—is not secured. This sensitive information can be used to steal a person’s identity and commit financial fraud. The Secret Service and the Federal Bureau of Investigation are still investigating the website to determine the source and validity of all the information posted.
At the same time, James Clapper, the nation’s top intelligence official, warned Congress on Tuesday that cyber attacks and cyber espionage have eclipsed terrorism as the top threat to national security. He identified the three areas where he believes the country is most vulnerable to cyber attack: the electrical grid, financial institutions, and government services. In his statement for the record, he cautioned that “there is a remote chance of a major cyber attack against U.S. critical infrastructure” in the near term, but digital theft of U.S. national security and economic data is putting American competitiveness at risk.
The day after Mr. Clapper’s testimony, President Barack Obama met with business executives from energy, finance, and technology companies in a closed-door session to discuss growing concerns about cybersecurity and to share ideas for how the government and private businesses can work together to improve the country’s defense against cyber threats. Such cooperation is the focus of Obama’s recent executive order on cybersecurity, designed to facilitate information sharing on potential cyber threats between federal agencies and qualified companies that own or operate critical infrastructure—such as chemical plants, power grids and water systems. To underscore the importance of this issue, it’s worth noting that in his State of the Union address, the President spent more time discussing the need for the country to improve its cybersecurity than he did on North Korea and Iran—combined!
The President also urged Congress to pass legislation that would better secure critical computer networks from cyber attacks. In an interview on ABC News broadcast on Wednesday, he reiterated that the government is limited in what it can do and needs Congress to act. “There are ways that we can harden our critical infrastructure, our financial sector,” Mr. Obama said. “And the only thing that’s holding us back from doing that right now is we haven’t gotten the legislative authority out of Congress. They need to get this done.”
As the White House tries to pressure Congress to act, the Pentagon is already moving forward this week with its own plans, announcing the formation of 13 teams of programmers and computer experts to retaliate against foreign nations if the U.S. were hit with a major attack on its networks, the first time the Obama administration has publicly admitted to developing such weapons for use in wartime. Gen. Keith Alexander, head of U.S. Cyber Command, and other Administration officials hope that Congress will pass comprehensive legislation this year, and avoid a worst-case scenario where Congress would have to pass something in haste after a cyber attack has already occurred.
The renewed national attention on cybersecurity comes after high-profile security breaches at The New York Times, Wall Street Journal and Washington Post attributed to Chinese hackers, and the release of a detailed report by computer security company Mandiant that alleged a secretive unit of the Chinese military of attacking more than 140 mostly American companies. On Monday, President Obama’s national security advisor, Thomas Donilon, publicly demanded that China investigate such attacks and agree to “acceptable norms of behavior in cyberspace.” In his testimony, Mr. Clapper said that a hypothetical massive cyber attack, however, was more likely to come from “isolated state or non-state actors” than China.
Oh yes, and the other highlight of the week is that we have a new Pope! He symbolizes a number of firsts, including the first non-European pope of the modern era, the first from Latin America, the first Jesuit, and the first to assume the name Francis. For those of you on Twitter (don’t forget to secure your data there!), you can beginning following the new pope as the Twitter account @Pontifex has been reactivated!