Modern field guide to security and privacy

Podcast: Congressman Hurd on why it's 'outrageous' OPM never apologized

Cybersecurity pro and undercover CIA officer-turned-Republican Rep. Will Hurd, and Chris Valasek of recent car-hacking fame, join New America’s Peter Singer and Passcode’s Sara Sorcher on The Cybersecurity Podcast. 

Courtesy of Hurd's office
Hurd is the chairman of the IT subcommittee on the House Oversight and Government Reform Committee.

Rep. Will Hurd (R) of Texas felt the sting of the Office of Personnel Management breach first hand. After all, the current chairman of the IT subcommittee on the House Committee on Oversight and Government reform is a former undercover CIA officer. His personal records – along with millions of other people's – are very likely in the hands of the hackers. 

"The Chinese and the Russians know a whole lot about me from my days in the CIA," Representative Hurd told Passcode's Sara Sorcher and New America's Peter Singer in the latest Cybersecurity Podcast episode. "One of the things that was so egregious to me is that OPM never said, 'I'm sorry.' OPM never said, 'My bad.' That is what's outrageous."

"We still don't know: Has everybody who has been potentially implicated been notified?" Hurd continued. "One of the forms you use in the background investigations is 100 or so pages. If you had a security clearance and your neighbors were interviewed, your neighbors' Social Security Numbers and details were included. If you were married and let's say you got divorced, was that divorced spouse notified?" 

Hurd is a rare breed in Congress: He also worked to defend the private sector from digital attacks as a cybersecurity professional. Now he has some key advice for other officials looking to clean up the OPM mess: "Encrypting data at rest. That's something very basic. The way this person got into this information is because the permissions this user was given were completely wrong," he said on the podcast. "I have a lot of people who come to the subcommittee and say, 'We need more money.' Well you don't always need more money to review the permissions of your users to make sure that you can't gain access to things you shouldn't get access to." 

Chris Valasek, who made headlines this summer by demonstrating a live hack of a Jeep Cherokee with a Wired reporter in it – work that forced a recall of some 1.4 million Chrysler vehicles – also joined this podcast episode. Now a security lead at Uber’s advanced technologies center, Mr. Valasek talks about the line between drawing attention to cybersecurity issues and a dangerous stunt; how companies can make themselves available for "free quality assurance" hackers can provide; and security concerns within the Internet of Things. 

The podcast is cohosted by Peter W. Singer, strategist at the New America think tank and author of "Cybersecurity and Cyberwar: What Everyone Needs to Know," and Sara Sorcher, deputy editor of The Christian Science Monitor's Passcode. The podcast is available for download on iTunes. You can find more information about the podcast on Passcode's long-form storytelling platform. Bookmark New America's SoundCloud page for new episodes or sign up for Passcode below. 

In previous Cybersecurity Podcast episodes, the team interviewed leading privacy and cyberlaw expert Peter Swire about the half-life of secrets, surveillance and whether law enforcement was truly "going dark" in its pursuit of criminals and terrorists. Rick Howard, chief security officer for Palo Alto Networks and an Army veteran, joined the last podcast to weigh in on the line between spying for economic advantage and state secrets and whether companies should be able to strike back online to protect their interests. 

They also interviewed Katie Moussouris, chief policy officer for HackerOne, about ways to incentivize hackers to report vulnerabilities they find, and the Brunswick Group's Siobhan Gorman about the "golden rules" companies should follow when disclosing they've been breached.

Singer and Sorcher spoke with Cory Doctorow – science fiction author, journalist, and coeditor of Boing Boing – about the lessons about cyber conflict that can be learned from science fiction, and Dan Kaufman, who at the time was head of the Defense Advanced Research Projects Agency's Information Innovation Office. 

Previous episodes have also included guests such as Bruce Schneier, prolific author and chief technology officer at Resilient Systems; Nate Fick, the chief executive officer of Endgame, a venture-backed security intelligence software company; and Wired's Kim Zetter, author of "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.

The team also interviewed Alex Stamos, who at the time was Yahoo's chief information security officer, and Heather West of Internet performance and security company CloudFlare.

Lt. Gen. Edward Cardon, the Army's top cyber commander, and Shane Harris, reporter at The Daily Beast and author of '@War, The Rise of the Military-Internet Complex,' joined for the first episode.

You can find the episodes on New America's SoundCloud page and they are available for download on iTunes. 

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.