Podcast: Congressman Hurd on why it's 'outrageous' OPM never apologized
Loading...
Rep. Will Hurd (R) of Texas felt the sting of the Office of Personnel Management breach first听hand.听After all, the current chairman of the IT subcommittee on the House Committee on Oversight and Government reform is a former undercover CIA officer.听His personal records 鈥 along with millions of other people's 鈥 are very likely in the hands of the hackers.听
"The Chinese and the Russians know a whole lot about me from my days in the CIA," Representative Hurd told Passcode's Sara Sorcher and New America's Peter Singer .听"One of the things that was so egregious to me is that OPM never said, 'I'm sorry.' OPM never said, 'My bad.' That is what's outrageous."
"We still don't know: Has everybody who has been potentially implicated been notified?" Hurd continued. "One of the forms you use in the background investigations is 100 or so pages. If you had a security clearance and your neighbors were interviewed, your neighbors' Social Security Numbers and details were included. If you were married and let's say you got divorced, was that divorced spouse notified?"听
Hurd is a rare breed in Congress: He also worked to defend the private sector from digital attacks as a cybersecurity professional. Now he has some key advice for other officials looking to clean up the OPM mess: "Encrypting data at rest. That's something very basic. The way this person got into this information is because the permissions this user was given were completely wrong," he said on the podcast. "I have a lot of people who come to the subcommittee and say, 'We need more money.' Well you don't always need more money to review the permissions of your users to make sure that you can't gain access to things you shouldn't get access to."听
Chris Valasek, who made headlines this summer by demonstrating a live hack of a Jeep Cherokee with a Wired reporter in it 鈥 work that forced a recall of some 1.4 million Chrysler vehicles 鈥 also joined this podcast episode. Now a security lead at Uber鈥檚 advanced technologies center, Mr. Valasek talks about the line between drawing attention to cybersecurity issues and a dangerous stunt; how companies can make themselves available for "free quality assurance" hackers can provide; and security concerns within the Internet of Things.听
The podcast is cohosted by听, strategist at the New America think tank and author of "Cybersecurity and Cyberwar: What Everyone Needs to Know," and听, deputy editor of 海角大神's Passcode.听The podcast is听.听You can find more information about the podcast on Passcode's听. Bookmark New America's听听for new episodes or sign up for Passcode below.听
In previous Cybersecurity Podcast episodes,听the team interviewed leading privacy and cyberlaw expert Peter Swire about the half-life of secrets, surveillance and whether law enforcement was truly "going dark" in its pursuit of criminals and terrorists.听Rick Howard, chief security officer for Palo Alto Networks and an Army veteran, joined the last podcast to weigh in on the line between spying for economic advantage and state secrets and whether companies should be able to strike back online to protect their interests.听
They also听interviewed Katie Moussouris, chief policy officer for HackerOne, about ways to incentivize hackers to report vulnerabilities they find, and the Brunswick Group's Siobhan Gorman about the "golden rules" companies should follow when disclosing they've been breached.
Singer and Sorcher听鈥 science fiction author, journalist, and coeditor of听Boing Boing听鈥 about the lessons about cyber conflict that can be learned from science fiction, and Dan Kaufman, who at the time was head of the Defense Advanced Research Projects Agency's Information Innovation Office.听
Previous episodes have听听such as Bruce Schneier,听prolific author and chief technology officer at Resilient Systems; Nate Fick,听the chief executive officer of Endgame, a venture-backed security intelligence software company; and Wired's Kim Zetter, author of "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.
听Alex Stamos, who at the time was Yahoo's chief information security officer, and Heather West of听Internet performance and security company CloudFlare.
Lt. Gen. Edward Cardon, the Army's top cyber commander, and Shane Harris,听reporter at The Daily Beast and author of '@War, The Rise of the Military-Internet Complex,'听
You can find the episodes on New America's听听and they are听
听