Agency Officials Say Spies Have ‘Penetrated’ US Networks

Jiten Karia,

Security experts warn Senate to assume that federal networks have been compromised by spies

Security experts from various organisations have told the US Senate that government networks have been repeatedly compromised by foreign spies and that current defensive measures are ineffective.

Speaking on Tuesday to the Senate Armed Services Subcommittee on Emerging threats and Capabilities, experts explained that US network security needed to adapt to keep data safe despite the intruders.

Cyber offence and defence

“We’ve got the wrong mental model here,” said Dr James Peery, director of the Information Systems Analysis Centre at Sandia National Laboratories. “I think we’ve got this model for cyber that says, ‘We’re going to develop a system where we’re not attacked.’ I think we have to go to a model where we assume that the adversary is in our networks. It’s on our machines, and we’ve got to operate anyway. We have to protect the data anyway.”

Dr Kaigham Gabriel, deputy director of DARPA, explained that the US Department of Defense was “capability limited” both offensively and defensively and emphasised a need for change. He stated that networks were still vulnerable to attack, that users are the weakest links in cybersecurity and that the government’s investments of billions of dollars had only produced a limited increase in protection.

Citing a “growing and emerging threat”, Dr Gabriel explained that the current situation was akin to treading water in the middle of the ocean, in that the measures implemented do little to protect the DoD.

Highlighting a lack of retained talent, Dr Michael Wertheimer, director of research and development at the NSA, told the subcommittee that low wages and pay freezes contributed to the poor state of government cyber offence and defence.

“The production of computer scientists in our nation is on the decline,” said Dr Wertheimer. “There are things we can and must do to retain them that we are not.”

“I am concerned also that the investments from the Congress and the people is almost all period of performance of one year or less. It’s to build tools. It’s to be a rapid deployment of capability. I rarely get the opportunity to think 3 years down the line even in research… I feel the nation is frightened to think much beyond one or two years.”

How well do you know Internet security? Try our quiz and find out!