President Obama has two big reasons to thank his lucky stars so far this summer. As widely noted, he’s racked up a series of impressive legislative and political wins, including fast track trade negotiating authority, favorable Supreme Court decisions on same sex marriage and his healthcare program, and (for now) conclusion of a nuclear arms proliferation deal with Iran.
Less widely noted is how this winning streak, along with a stunning rush of events that’s included everything from the Greece Crisis to the noisy rise of Donald Trump as a presidential candidate, has contributed to the president’s luck in another big way. They have also greatly overshadowed the hack of the federal government’s main personnel agency, which has been called a genuine intelligence disaster, and which should have the nation robustly debating whether the Obama administration has been asleep at the cyber-security switch.
Of course, the president has said a great deal about cyber-security. For example, he’s brought up the issue at a summit with Chinese leader Xi Jinping – whose government is suspected of hacking the Office of Personnel Management (OPM) and other important American targets. And he’s held a splashy White House meeting on the issue. But according to a Financial Times analysis last week of U.S. Government figures and studies, administration actions have been woefully inadequate.
The Financial Times says it’s looked at “dozens of reports by agency inspectors general, the Government Accountability Office and the Office of Management and Budget [OMB].” Their collective findings? “For years more than half of the 24 agencies required to report their cyber defences failed to take the most basic security steps. Such measures include patching software holes, using strong authentication technology and continuously monitoring systems, to help secure the troves of data collected on employees, retired military officials and government programmes.”
One big reason for this shoddy record is that few government agencies appear to take cyber threats seriously. According to the Financial Times, OMB figures show that agencies whose cyber-security expenditures represented less than two percent of their 2014 budgets include the Pentagon, the Energy Department (which handles much American nuclear weapons and proliferation-related research), NASA, the State Department, the Treasury (whose responsibilities include staunching the flow of funding to terrorist groups), the Social Security Administration, and OPM.
The Justice Department and Department of Homeland Security look more on the ball, but still only devoted a little more than three percent and just about two percent of their budgets, respectively, to cyber-security.
Throwing money at a problem is no cure-all, especially since as the Financial Times piece makes clear, the federal bureaucracy still isn’t well structured to spend it effectively? (A problem that, as I’ve written, includes the appointment of cyber-clueless agency heads.) But how can the nation hope to protect itself adequately against cyber-threats if, as the article also documents, the overall funding available to handle them is growing so much more slowly than the number of attacks? Where’s the evidence that the president is even thinking about raising Washington’s game, or that Congress and the media are acting like effective watchdogs? And how many more mega-hacks will the nation need to experience before cyber-security even becomes front page news again, much less a real White House priority?