White House hacking a warning to private sector

April 14, 2015
In The News

April 14, 2015


Congress’ Easter break already was underway when CNN broadcast the news last week that White House computers had been hacked by Russians.

Last Saturday night, before returning to Washington, U.S. Rep. Will Hurd, R-San Antonio, was worried that no one in the government seemed to know what the appropriate response should be for such a prolonged hacking.

Speaking at the annual banquet of the San Antonio’s Fulbright Association chapter, former CIA agent Hurd said he had not been briefed on the White House hacking. He said he would seek details upon his return.

The hacking lasted possibly for months. Whoever the hackers were, they could see President Barack Obama’s schedule and read policy discussions. The White House’s classified network reportedly was not breached. The hackers gained access to the White House computers by way of the U.S. State Department’s computer system.

Sworn-in only months ago, Hurd is chairman of the Information Technology Subcommittee of the House Committee on Oversight and Government Reform. In March, he led a hearing on the frequency and seriousness of attacks in the retail, health care, cell phone and other sectors.

But the White House? What message does that send to about vulnerabilities to private companies?

“It’s always serious when someone is probing the executive branch seeking policy information and intelligence at the White House, to understand the White House,” Hurd said in an interview. “We must protect against this.”

It’s happening every day in Washington, with hacks coming from Russian organized crime, the Iranian government and other countries sponsoring terrorist activities, he said.

It is already widely understood that hacking happens every day, too, in the private, corporate world.

“Companies have to build an an environment with the assumption of a breach,” Hurd said.

“Can companies detect a breach? Can they wall it off if there is a breach? And then can they kick them out?”

Corporations can help protect themselves by sharing information about hacking among themselves.

The U.S. government can help, too, by sharing information with private companies.

That can be challenging because the U.S. government is not efficient about sharing information between its own agencies.

But Hurd said he believes information sharing is the key to staying on top of network security issues.

Hurd listed the steps: have agencies within each department share information better. Departments then should share information with other agencies and, finally, the U.S. government must distribute information to the private sector.

“We must constantly improve the flow of information,” Hurd said. “It must be timely and actionable.”

Hurd hinted the U.S. government has a long way to go to become savvy about network security. The private sector is much smarter about the topic, he suggested.

Hurd told his audience Saturday about visiting South by Southwest festival technology events in Austin recently and judged that his level of cybersecurity knowledge is near the top of the bottom third of people in the industry.

“But in Washington, that puts me in the top 1 percent,” he said.

The damage that hackers can do to private companies should be the most serious concern.

“If hackers go deep into a company, they can change the software,” Hurd warned. “The company then must change their complete (technology) infrastructure. That’s a costly endeavor.”