Posted: August 14th, 2017
By: Evan Reid*| Guest Writer
The latest in a string of government cyberhackings targeted the CIA. The trove of hacked files, code-named “Vault 7,” details how the CIA can hack into Apple and Android devices to gather text and voice messages before they are encrypted. The files also reveal the CIA’s capabilities to hack into Smart TVs and vehicle control systems, including models from Jeep. The hackers subsequently released the compromised content to WikiLeaks, which published the highly sensitive material on March 7th. White House Press Secretary Sean Spicer called the hacking “a major concern.”
The ongoing investigation is focused on contractors working with the CIA. U.S. security officials have voiced concerns over the number of contractors with access to highly classified material. If the mole is a contractor, that would follow the pattern of other leaks, including the Edward Snowden saga that exposed the depth of the NSA’s surveillance. In its press release, WikiLeaks claimed that “[t]he archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”
The response from the CIA was sluggish at best. Law enforcement officials say they have been aware of the hack since last year. Yet it took over three months for the CIA to admit to the intrusion. Time is of the essence when investigating cybercrimes, and the ongoing investigation likely impeded the agency’s public acknowledgment. Investigation aside, when such potentially dangerous secrets are stolen, a victimized party should have a duty to mitigate potential damages by alerting others. In this case, the CIA should have warned software developers and car manufacturers that their products may be vulnerable.
The Way Forward
Following high-profile hackings at the CIA, FBI, IRS, DHS, NSA, and others, the federal government is taking a multi-prong approach to cybersecurity. Using predictive security tools, sharing intelligence with private sector entities, and collaborating across agencies are some of the paths that the federal government is exploring. Predictive security tools may help agencies become more proactive in preventing cyberattacks by finding vulnerabilities before they are exploited.
One of the most daunting challenges facing federal agencies and contractors is educating their workforces. According to a recent survey of more than 350 federal employees, 56% of respondents reported that the risks of cyberattacks are not widely understood beyond IT and security departments. Considering that “human error” is the leading cause of incidents, informing federal employees of the importance of cyber vigilance should be a leading priority for the federal government.
There is a reason for optimism, however. The same study found that of the 43% of federal agencies that did suffer from a cyberattack, 78% were able to respond either effectively or adequately. With so much experience in responding to hackings, the federal government will hopefully continue to improve its cybersecurity and thwart more would-be hackers.
Evan Reid is a second-year law student at Wake Forest University School of Law. He holds a degree in finance from the University of Central Florida with a minor in French. Upon graduation, he plans to practice in finance and employment law.