The U.S. Government Spent Billions Failing To Defend Its Own Agencies From Cyberattacks

As if this year wasn't apocalyptic enough already, over a dozen federal agencies—including the one that manages all our nukes—had their internal networks compromised in what's being described as the "worst ever" hack of the U.S. government.

On Thursday, Politico reported that the U.S. Department of Energy and the National Nuclear Security Administration (NNSA), which it oversees, both discovered evidence that hackers had accessed their networks. They're only the latest agencies to fall prey to hackers, who've also managed to infiltrate the State Department, Department of Homeland Security, and parts of the Pentagon.

The revelation of this massive cyberattack came last week when cybersecurity firm FireEye announced that its own systems had been breached.

The company's internal investigation pinpointed a vulnerability in the software they'd purchased from Texas-based technology company SolarWinds. Hackers had reportedly inserted a backdoor into SolarWinds' Orion network management software. That corrupted software was then pushed out via an update to some 18,000 of the company's clients, including numerous corporations and government entities.

FireEye's discovery set off a government investigation that has produced a growing list of agencies and departments that have also been infiltrated by the hack. The initial hack of SolarWinds reportedly happened between March and June, meaning that cyberattackers have likely had access to government networks for months now.

Thomas P. Bossert, a national security adviser to President Donald Trump, said in The New York Times that this kind of "supply chain attack" is typically the work of state actors, and suggested that the Russian government was responsible.

The Washington Post, relying on "people familiar with the matter," reported on Monday that the Russian hackers associated with the country's foreign intelligence service were behind the attack.

Democratic politicians have been quick to echo this line.

"This is virtually a declaration of war by Russia on the United States and we should take that seriously," said Sen. Dick Durbin (D–Ill.) on Wednesday. Sen. Richard Blumenthal (D–Conn.) said on Twitter that "today's classified briefing on Russia's cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what's going on. Declassify what's known & unknown."

Patrick G. Eddington, a research fellow in homeland security and civil liberties at the Cato Institute, noted that Blumenthal and his fellow senators have the power to make all of this public if they wanted to.

https://twitter.com/PGEddington/status/1339181230449954817

The State Department has yet to publicly pin the blame on the Kremlin. Journalist Glenn Greenwald also noted that no proof of Russia's involvement has been made public as of yet.

I read at least 20 articles in mainstream papers over the last 24 hours about this hack -- mostly NYT & WPost. They assert definitively -- no caveats -- that Russia did it. None has evidence. This is the only thing I could find:https://t.co/n36n3XMH6c pic.twitter.com/rVriHCqmP3

— Glenn Greenwald (@ggreenwald) December 17, 2020

Regardless of who's responsible, this hack has exposed some embarrassing security vulnerabilities for both SolarWinds, and particularly the U.S. government.

In the former's case, one security researcher told Reuters that he'd discovered last year that the company's update server was secured with the password "solarwinds123." The company did not have a chief information security officer either, reports The New York Times.

The Times also noted in a Wednesday article that despite the billions the federal government has spent upgrading and reorganizing its cybersecurity capabilities, it was unable to prevent or even initially detect this massive hack of government computer systems. It had to be alerted by the private sector.

One option policy makers should consider is just abolishing the Departments of Energy, Commerce, Homeland Security, and other compromised agencies we can make do without. An agency can't be hacked if it doesn't exist.

---

FREE MARKETS

On Thursday, 38 state attorneys general filed an antitrust lawsuit against Google, arguing that it had used uncompetitive practices to maintain a monopoly on internet searches. The Wall Street Journal has the details:

The states alleged that Google leverages its position as the dominant search engine—and the personal data such a perch allows the company to gather—to limit consumers from using competing search engines, force businesses to use its proprietary advertising tools and foreclose competition from specialized search engines for travel or local businesses.

This lawsuit comes a couple of months after the U.S. Department of Justice filed a similar antitrust suit against the search engine giant. How successful these efforts will be remains to be seen. Past federal investigations of Google's supposed monopoly power have come to nothing.

The antitrust case filed today focuses on whether Google is illegally preferencing its own services in search.

The FTC investigated this exact question in 2013 & voted unanimously not to pursue a case.

Canadian competition bureau did the same in 2016.

Is this time different? pic.twitter.com/LjlKIb53Co

— Alec Stapp (@AlecStapp) December 17, 2020

---

FREE MINDS

The Cato and Fraser Institutes have released the latest version of their Human Freedom Index, which ranks countries around the world based on how free their populations are, as measured by a range of indicators that "encompasses personal, civil, and economic freedom."

The report, which relies on data from 2018, once again gave top marks to New Zealand, Hong Kong, and Switzerland as the freest countries in the world. The U.S. was ranked 17th, down from 15th last year.

---

QUICK HITS

• Perhaps the real victims of COVID-19 are the government officials not getting enough credit for the vaccines developed by private companies.
• Southern California ICU capacity is officially at 0 percent.
• The Boston Landmarks Commission would like the public's input on whether property owners should be allowed to demolish this potentially historic garage.

Boston Landmarks Commission received an application to demolish the garage at 49 St Stephen Street #Fenway, MA 02115. If you have input about the significance of this property, please send to blc@boston.gov before 5pm on 12/24/2020 https://t.co/SG3IehpKCi pic.twitter.com/6Ay5npICRP

— Boston Landmarks (@BostonLandmarks) December 18, 2020

• Los Angeles County is appealing a ruling from earlier this month that has stopped it from imposing a ban on outdoor dining.
• Vaccinating the elderly first, rather than essential workers, will save more lives according to a model from the Centers for Disease Control and Prevention (CDC).

https://twitter.com/mattyglesias/status/1339754173491982337