Saturday, April 13, 2019

The real hacking danger: China

NPR Frontline has a report on China's stealing intellectual property from the US for at least 20 years.

why? Because if the companies complained, China might not let them use their cheap labor to make profits.


Technology theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House officials believe, and they expect that figure to grow. Yet an investigation by NPR and FRONTLINE into why three successive administrations failed to stop cyberhacking from China found an unlikely obstacle for the government — the victims themselves.
In dozens of interviews with U.S. government and business representatives, officials involved in commerce with China said hacking and theft were an open secret for almost two decades, allowed to quietly continue because U.S. companies had too much money at stake to make waves
read the whole article.

This is indeed an open secret, and the Frontline program is supposed to be about Trumpieboy's trade war with China. Trump was in business and knows how these things work of course, but don't expect an accurate account of why he decided to fight back, because, as the saying goes: "orange man bad".

sigh. I wish Congress would recognize that there are very real problems that need bi partisan cooperation instead of constantly whining and obstructing reform to make political points.

In other news, there are hints that Trump will shut down the Federal OPM office (who allowed my files to be hacked).

The WAPO hyperventillates about it but does admit:



Today the agency is widely viewed as slow and ineffective, though, with a long-lingering backlog of background investigations and risk-averse leadership that has failed to respond to calls for faster hiring and recruiting for a changing workforce. “In order to really ramp up the mission around people, we need to have an infrastructure for people management that is really world-class,” Weichert said.
in other words, reorganize the place. Given the advances in technology for records since the office was established, one hopes it is about time the office is reorganized and made more efficient.

But of course, this is government, which takes forever to do anything and tends to be years behind the private sector. If we needed something repaired or replaced at our clinic, it took months and lots of paperwork to get it done. As for computers: we had MSDos for our medical records in 2000, for example, even though Windows 1 was released in 1985... And then we were hacked and went back to using paper records.

ah but the problem with the bureaucracy is that their priorities are more important than the priorities of actually doing what they were tasked to do.
The plan has raised suspicions from federal employees, who have watched the administration attempt to freeze their pay, weaken the power of their unions, and move to clear a faster path to discipline and firing.
Translation: Right now, it's almost impossible to fire an employee who isn't needed, and it is difficult to fire a lazy or incompetent employee.
The American Federation of Government Employees, the largest federal employee union, with 750,000 members, is calling the idea “Trump’s Dangerous Plan to Abolish OPM” and predicting a “disastrous” result if policy for federal employees moves so close to the White House.

presumably they will slow down their work and do things wrong just to "punish" Trumpieboy.

Ah, but the realization that something needs to be done is a bipartisan agreement, which the WAPO admits if you read down to near the end of the long article:

Breaking up the OPM is not a Republican idea, though. The Obama administration discussed internally whether to do it, and so did Hillary Clinton’s team in 2016, civil service experts said. And the agency drew bipartisan fury in 2015 when U.S. officials alleged Chinese hackers stole millions of personnel records by hacking through the agency’s weak security system.

why yes. And who was fired for this security breech? Anyone? Anyone? 

-----------------

update: from Lawfareblog via Belmontclub:

OPM Chief Information Officer Donna Seymour acknowledged that the information compromised in the data breach included “SF-86 data as well as clearance adjudication information.” This was a particularly dismaying disclosure ... The full breadth of the security clearance data at risk remains unclear.
For instance, U.S. officials have “neither confirmed nor denied” whether OPM’s database was linked with Scattered Castles, the intelligence community’s database of “sensitive clearance holders” ... To make matters worse, it appears that OPM maintained an unsecured and unencrypted database for the security clearances ... Along with the aforementioned databases, the OPM systems are linked electronically to other agencies and databases, and it stored much of this data alongside the security clearance files. 
and Belmnot club adds:

 This is conceivably the biggest headline that never was; quite a feat in an period whose intelligence disasters included Snowden, Wikileaks-Manning, the rollup of the CIA network in China, missing the rise of ISIS and the burning of the US diplomatic stations in Benghazi. When you combine the litany of disasters with what we now know about lobbying for foreign governments in Washington it’s probable that Collusion has been out of control for some time. It’s a design defect. DC was meant to be a national capital not the 'capital of the world' which it has now become. The federal bureaucracy, the press corps and its defensive agencies were designed for more homogenous national age. They seem unable to cope with the corrosion of the global world.

No comments: