Tag Archives: White House

Feds Reveal Plans for Improving Cybersecurity

After SolarWinds and after the Microsoft Exchange attacks, the feds have begun to outline their plans to improve cybersecurity. While there are no silver bullets in this business, it is a nice change to see the feds actively working to improve things.

The way the feds have worked things in the past is to use the federal government’s buying power to create change and it looks like this might happen again.

Modelled after Singapore’s system, one thing that the feds are CONSIDERING is a vendor and product cybersecurity rating system. Details will follow in future executive actions.

It also include adding members of the private sector to the war. After the Exchange attacks, the feds stood up the National Security Council’s UNIFIED COORDINATION GROUP. Legally the UCG could have always included private industry but historically, in a manner that could only make sense to the government, they always knew better – even though the GAO says the federal government security is a disaster and private industry was never included.

The feds also say that they plan to continue “timely alerts” like the warning put out by the national security advisor after the Microsoft Exchange hack – their first ever tweet.

The UCG has been meeting for the last three weeks, handing out assignments and checking homework. Something that CISA has had only modest success in doing in the past. In this case, coming from the National Security Council probably adds the weight of the White House to encourage compliance.

The UCG has also identified “significant gaps in modernization [I think the IRS is using software developed in the 1980s] and in technology of cybersecurity across the federal government”.

The recently signed into law Covid relief bill includes a billion dollars for the feds to modernize technology that they use, $650 million for CISA to improve the fed’s cybersecurity practices and $200 million for the U.S. Digital Service, a tech team in the executive office of the President. There are also other tech related funds in the new law. Credit: The Register

White House Plans To Ban Staffers and Guests From Using Personal Cell Phones

Several months ago the White House floated a trial balloon about banning the use of personal cell phones by staffers in the West Wing due to security concerns.  You may remember that John Kelly was using his personal cell phone for government business and it was owned by hackers for six months before he figured out he had been hacked.

This week the White House said it plans to implement this ban – not only for staffers, but also for guests.  One assumes this does not include the Tweeter-in-Chief, who uses his old, non-secure personal cell phone to tweet.  Perhaps the White House has figured out how to create security patches for President Trump’s old cell phone (I believe it is running Android 4.x; the current version being 7 with 8 in testing).

This generates way too many questions.

Sarah Sanders said, basically, that the White House technology infrastructure is too fragile to handle all these wireless phones.  She did not point to trying to stop staff from using those phones to leak info to the media.  Given that places like Mile High Stadium can support 70,000 plus wireless users during a Broncos game, maybe the White House needs to talk to the Broncos to figure out how to support less than 500 users.

A White House official also said that personal cell phones are not as secure as government issued ones.  Possibly true, but no guarantee. Remember, this is not about using personal phones for government business, but rather using personal phones for personal business.  Which brings up another issue.  If staffers are required to use government phones during the day, will there be a change in the law to accommodate them using their government phones for non government business like coordinating day care or communicating with a spouse or other family members?  Will those conversations somehow be filtered out from FOIA requests and government archive requirements.  Those sound like a challenge to me.

They said that staffers could use their government issued phones for government business.  I don’t think government business includes talking to their spouses, children or parents.  People run  their lives off their cell phones.

They also said that guests cannot use their personal cell phones.  I guess they expect guests to go radio silent since they likely do not have government issued cell phones.

Apparently, this ban does NOT include the press.  Interesting.

It is an interesting problem and given that John Kelly may have been broadcasting sensitive information to hackers or the Chinese for half a year, it is a real problem.

Soldiers who work in places like the Pentagon are used to not having access to cell phones.  Now people who work in the White House will have to deal with similar issues.

The government has been challenged for a while to hire the best and the brightest.  Long hours, low pay, the uncertainty of promotions all compare unfavorably to the private sector.  Government agencies are already feeling this brain drain.  Adding tech restrictions certainly won’t help recruitment.

It is important to understand that the final rules aren’t out yet, so stay tuned for details next week.

Life does not always have neat, clean answers.

Information for this post came from Fox News.


White House Considering Banning Personal Cell Phones

In a move that the White House says is for security, John Kelly is considering banning personal cell phones.

On one hand, you can’t blame them.  After all, Kelly’s own personal cell phone was hacked for six months before they figured it out.

On a self serving theme, it is possible that it might cut down on leaks, but I doubt that would really make much of a difference.  If they are going to talk to the press, they will do it off the White House grounds.

From the staff’s perspective, they work somewhat insane hours and being cut off from their families for that long would be, at least for me, a reason to find a different job.  Given the pressures of the job, it is probably hard to find good people anyway and if you add another barrier, it just makes finding people harder.

If a staffer uses a government issued phone to talk to their family and friends, the question comes up about open records and how much would be exposed.  Also, government issued phones can’t do text messages and most families live on those.  I assume you could not install snap chat or telegram or signal on a government phone.  It just seems like a mess.

Government phones can’t access GMail;  I am sure no White House staffers use that.

In addition,  government officials for years have gotten into trouble for using personal phones and personal emails for government business (think Hillary Clinton or Collin Powell, for example), so banning personal phones helps fix that problem, MAYBE.  On the other hand, they also get in trouble for using government phones and emails for personal business.

Now, if this rule goes through, you just made things even harder.  If someone told you that you couldn’t access your personal phone, text messages, social media or personal email for say, 12-18 hours a day, would you take the job?  I suspect a lot of people would not.

It is fair to assume that foreign powers would love to tap into govies’ phones, so there is no easy answer.

Stay tuned for more details.

Information for this post came from Bloomberg.

White House Hacked By Russians

USAToday is reporting that the hacking of the State Department’s email went way farther than has been reporting up until now.

The State Department has been fighting to get the hackers out of their unclassified email system for months now, even enlisting the help of private contractors and the NSA – to no avail.  CNN is reporting that the hackers used their compromise of the State Department to hack the White House.

The White House did report that they had a breach of their unclassified Office Of The President network last year, but did not tie it to the State Department email hack.

In general, if you allow people to use email and surf the web, someone will click on the wrong thing some time and compromise any security that you might have had.

For high security environments like the WH and State, you really need to separate functions – could be virtually – in order to stop the cross border pollution.  The problem is that people would like the systems to be interconnected.  For example, if you have an email attachment that you want to store in Sharepoint and you have something from a web page that you also want to store in Sharepoint (or any other document repository), you have, by allowing that, connected two otherwise independent applications (email and browsing).

The White House did not confirm – or deny – the report.  Previously, they say that the computers were not damaged although some elements of the unclassified system were “affected”.  Unclassified, of course, does not mean unsensitive, so who knows what the attackers got.

Ben Rhodes, deputy White House national security adviser, said “We do not believe that our classified systems were compromised.”  That certainly provides me with a high level of confidence.  If I do not believe that the sun will come up tomorrow morning, that probably does not decrease the likelihood that it will rise tomorrow.

I am sure that the White House and State Department are hot targets and that their I.T. organizations try hard to protect them, but that is not an easy task.