The Obama administration has managed cybersecurity so poorly, Secretary of State John Kerry has admitted to CBS that it is “very likely” the Russians and Chinese are reading his emails.
Kerry’s admission came after multiple hacks of U.S. government data including the largest data breach in American history, when hackers allegedly working for the Chinese government stole the detailed records of nearly 22 million people including former and current federal employees and nearly everyone who had ever applied for a security clearance. That hack happened in 2014, but was widely reported in July 2015 after months of agency investigation.
The culprits, now armed with millions of Americans’ social security numbers, residency history, psychological evaluations and even fingerprints, could have the capacity to deliver a devastating blow to the United States’ national security. In early August, news broke that Russian hackers broke into Joint Chiefs of Staff email accounts and NBC News revealed the Chinese had hacked the emails of top administration officials.
Despite that unprecedented hack into the federal Office of Personnel Management (OPM), the broadcast news networks failed to criticize the Obama administration for the OPM hack, even though Obama promised on the campaign trail to make cybersecurity a “top priority” as president. In 2008, speaking of cyber threats he said America could not “afford another president” who didn’t “understand the threats that confront us now and in the future.”
But Obama’s record on cyber security shows serious failures, given the OPM hack and others. Yet, the broadcast news networks protected the president and his administration on cyber security issues by refusing to criticize the administration in 90.2 percent of cyber stories (139 of 154). Those stories including reports of serious data breaches at OPM and the IRS, the theft of emails from the Joint Chiefs of Staff and top administration officials, possible hacks of major airlines and Wall Street, hackers taking over cars on America’s highways as well as cyberbullying.
In contrast, print outlets have harshly criticized Obama on those issues. The Washington Post editorial board accused him of demonstrating “inexcusable negligence” on cybersecurity and being “too passive about China” on July 11. Again on August 12, the Post editorial board addressed cyber security saying “The U.S. has been complacent and lazy” in its response.The Financial Times warned federal agencies were still “frighteningly vulnerable” to attacks despite dire warnings from government watchdogs.
The Networks Avoid Blaming Obama Administration
Obama made big promises on cybersecurity and followed them up with high-level appointments, millions in spending and executive orders. All that still failed to protect multiple government agencies’ networks.
Despite those failures the networks rarely directed blame toward anyone in his administration.
CBS This Morning co-hosts Norah O’Donnell, Gayle King and Charlie Rose interviewed former FBI executive assistant director Shawn Henry on June 23, 2015, about recent cyberattacks against the government, corporations and critical infrastructure. However, no one mentioned the White House’s poor track record on cybersecurity during the segment.
Henry said that following the OPM hack, more had to be done both “on the government side” and “on the corporate side” to improve security. Instead of pressing him for specifics about necessary reforms, O’Donnell changed the subject to cyber threats against the “electrical grid” and “financial system.”
Similarly, when Henry later said that corporations had “to get way out ahead of this” and be more “proactive,” Rose asked, “Are we out ahead today?”
“We’re not,” Henry answered saying that most companies maintained inadequate cybersecurity. Neither Rose, nor Henry faulted the Obama administration for not being “proactive” enough and failing to get “ahead” of cyber threats.
NBC Today Show co-host Savannah Guthrie avoided challenging National Security Advisor Susan Rice during a June 19, 2015, interview. Although the discussion was the Obama administration’s cyber policy, Rice deflected and gave only vague answers to Guthrie’s five questions about the OPM hack, and Guthrie failed to push Rice for details.
After recent network disruptions on Wall Street and at United Airlines, ABC News Chief Investigative Correspondent Brian Ross failed to ask about the White House’s response to the incidents during Good Morning America July 9, 2015. Ross included a clip of White House Press Secretary Josh Earnest saying, “Our security posture is continually evolving to reflect the current threat environment.”
Ross simply accepted this statement instead of challenging the White House’s response or its plans to protect against similar threats in the future. “There’s no doubt the cyberworld is an increasingly dangerous place,” Ross said.
On CBS Evening News August 11, anchor Scott Pelley interviewed Kerry about cybersecurity and whether Kerry’s emails were compromised by foreign hackers. Pelley’s interview was a rare exception to the networks’ coverage of cybersecurity.
Pelley introduced the segment by saying that Kerry admitted it was “very likely” the Chinese and Russian governments were reading his emails and said his “comments suggest that confidence in security been shaken at the highest levels after relentless hacking of federal computers.”
In the interview, he pressed Kerry asking, “there is a sense that the United States is unable to defend itself in the cyber world. How much concern should we have?” Kerry said the government was “fighting back” against attacks “on a daily basis,” but the cyberworld was “pretty much the Wild West so to speak.”
Obama’s Failed Cybersecurity Agenda
Obama promised to protect America from cyber threats from the time he was a presidential candidate.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama told Congress during his 2015 State of the Union Address. He claimed “we’re making sure” to equip the federal government “to combat cyber threats.”
The president had made a similar promise years before in a July 16, 2008, campaign speech. That time Obama said that if elected president, he would “make cybersecurity the top priority that it should be in the 21st century.” He added that America could not “afford another president” who “doesn't understand” the nation’s security threats, including those posed by hackers.
Obama attempted to keep his promises through various initiatives: He appointed his first cybersecurity coordinator (or “cybersecurity czar”) Jan. 20, 2009, signed an executive order in February 2013 designed to “secure our cyberspace” including “federal networks,” and created the Cyber Threat Intelligence Integration Center with an annual budget of $35 million on February 10, 2015, according to the Post.
These efforts proved ineffective. Investor’s Business Daily slammed Obama’s Cybersecurity Coordinator Michael Daniel in a June 5 editorial accusing “Obama's ‘Cybersecurity Czar’” of being “MIA As Hackers Run Wild.” IBD said Daniel was “a total unknown in cybersecurity” and “hardly seems like the best person to lead the charge in the growing cyberwar.”
Even Huffington Post’s technology reporter Gerry Smith said that Obama’s executive order didn’t go far enough “to protect the country's most vital computer systems,” in a February 12, 2013, article.
And Obama’s Cyber Threat Intelligence Integration Center apparently failed “to analyze cyberthreats and coordinate strategy” like it was supposed to, according to Financial Times. FT’s investigative correspondent Kara Scannell and reporter Gina Chon said that despite federal watchdogs’ warnings in “dozens of reports” “for years more than half of the 24 agencies required to report their cyber defences failed to take the most basic security steps.” In a July 16 podcast, Scannell and Chon said the U.S. government was “frighteningly vulnerable” to attacks.
The price of failure has been high. Both the IRS and OPM revealed that foreign hackers stole the personal information of more than one in 15 Americans, according to The Christian Science Monitor’s July 10 report.
CNN reported on May 27, 2015, that the Russian identity thieves who hacked the IRS stole the tax returns of 104,000 Americans, a theft worth $50 million.
“That the IRS—home to highly sensitive information on every single American and every single company doing business here at home—was vulnerable to this attack is simply unacceptable,” Senate Finance Committee chairman Sen. Orrin Hatch, R-Utah, said according to The Wall Street Journal.
The Chinese government’s theft of 22 million records from OPM was even worse. “It's probably the biggest data breach in the history of our country, and certainly our government,” House Oversight and Government Reform Committee chairman Rep. Jason Chaffetz, R-Utah, said about the OPM hack, according to the Washington Examiner July 26, 2015.
OPM Director Katherine Archuleta came under particular fire from Democrats and Republicans calling for her resignation.
“You are responsible, and I wonder whether you think you should stay in your present position,” Sen. John McCain, R-Ariz., told Archuleta during a Senate Homeland Security and Governmental Affairs committee hearing in June, technology magazine Wired reported.
She resigned July 10, according to the Post, less than 24 hours after being grilled by members of the House Oversight and Government Reform Committee and announcing that 21.5 million individuals had their records stolen, far more than originally acknowledged.
“It is time for her to step down,” Sen. Mark Warner, D-Va., said following the hearing, according to The Boston Globe. “I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability.”
OPM also drew criticism because the hack may have dealt a major blow to U.S. national security.
“It is a very big deal from a national security perspective and from a counterintelligence perspective,” FBI Director James B. Comey told Post reporter Ellen Nakashima on July 9, 2015. Nakashima cited “[o]ther U.S. officials” who said the Chinese could use the information they obtained “to identify U.S. intelligence operatives.”
The Chinese could also use the information to recruit spies in the U.S., retired Gen. Michael Hayden, former director of the CIA and NSA, told The Wall Street Journal. He said U.S. officials who had their records stolen could be cultivated by the Chinese to gain intelligence.
“This is a tremendously big deal,” Hayden said. “My deepest emotion is embarrassment.”
Networks Also Leave Obama Policies Out of Cyberbullying Stories
American children say they are increasingly exposed to cyberbullying, despite Obama’s promise to protect the online privacy of “our kids.” The networks completely failed to criticize or challenge Obama for this facet of his cybersecurity policy.
Obama Senior Advisor Valerie Jarrett said in April 2012 that “President Obama and his administration have taken significant steps towards” stopping cyberbullying. She listed numerous administration efforts including the “first-ever” White House Conference on Bullying Prevention in March 2010, partnerships with “bullying prevention advocates” and the relaunch of the website StopBullying.gov.
Following Obama’s 2015 SOTU speech, Parents Magazine said, “With the increase in cyberbullying and hacking, the president also made online privacy a priority, stating that no one should have the right to ‘invade the privacy of American families, especially our kids.’”
Even though Obama claimed he had made cyberbullying a “priority,” a June 2014 study by cyber security company McAfee found that the number of preteens and teens who had witnessed cyberbullying had more than tripled that year.
“Despite significant efforts to discourage cyberbullying, and its negative effects, the number of occurrences continues to grow with 87% of youth having witnessed cyberbullying,” McAfee said in a press release.
Yet the networks failed to ask whether the president’s efforts to stop cyberbullying were working. NBC Today co-host Natalie Morales reported on cyberbullying in five stories. She noted that “cyberbullying’s been linked to isolation, depression, even suicide” on June 25, 2015, although she didn’t question whether the White House’s policies were effective.
Methodology: MRC Business examined the stories during the morning and evening news shows on ABC, CBS, and NBC from May 26, 2015, through August 11, 2015, that included variations of the words cyber or hack. This search included occurrences of terms like cybersecurity, cyberbullying, hackers and hacking. Stories that only included terms such as “life hack” in contexts unrelated to cybersecurity were excluded. The chosen period began when the IRS acknowledged a major hack at the agency. Of the 154 stories, only 15 contained criticism of the Obama administration or administration officials on cybersecurity issues.