Musk’s Takeover Of The Government’s Computer Systems Needs To Be Understood As A Cyberattack, Or Worse

Privacy

from the we've-been-pwned dept

People sometimes think that cybersecurity is just about defending computer systems from remote adversaries. But it’s broader than that; cybersecurity has always been about protecting computer systems more generally from any sort of misuse, no matter how the adversary might access them.

So that Elon Musk and his minions have managed to walk right into government offices to take over computer systems where they had no legitimate authorization or entitlement needs to be understood as a cyberattack by a rogue actor. And every ounce of outrage we ever would have had if any other rogue actor had taken over critical government infrastructure needs to be mustered here, because it is just as outrageous, and as dangerous, if not more so on both fronts, because this time the threat to America’s security came from within.

These systems Musk and his “team” have accessed are among the most sensitive and critical to the running of the United States of America. In the case of the Office of Personnel Management (OPM) they manage human resources. But there’s also reports that the Muskovites have taken over those computer services in the Treasury Department and Governments Services Administration (GSA), which spends the country’s multi-trillion dollar budget to pay America’s bills, and USAID, which handles a lot of highly classified information affecting our nation’s standing in the world. Yet here is Musk, a man who regularly chats with Vladimir Putin, with access to it all, if not also outright control.

Even if it’s true that he and his team of random bros currently cannot actually stop payments of the government’s bills themselves (and it’s unclear whether they are indeed so limited given how Musk appears to claim that they are not), they now have access to the most sensitive details of the entirety of America’s government workforce, including those in foreign service, including in countries that Putin has his eye on.

They know their names. They know their addresses. They know their backgrounds, careers, their spouses and dependents. They know absolutely every single detail about these people that would be captured in an HR system. And because OPM is involved with managing security clearances, they know plenty more private details about our nation’s public servants captured in the process of doing their background checks.

And over at the other departments, like those that handle things like making payments to things like Social Security recipients, they know all every recipient’s social security numbers too, if not even more information about everyone that the government pays.

Meanwhile, we know little to nothing about his team. Even some names are unknown, let alone the full range of their affiliations, which we usually ask about before giving anyone access to the country’s most sensitive information. They have had zero vetting and in many cases no known security clearance (and, in the case of Musk, there were limits to his, which was already in jeopardy). It is also not clear whether Musk or his minions even have known jobs in the government themselves, for which such vetting would ordinarily have been required before entrusting them with access to such systems. Without those jobs they have no plausible claim to having the appropriate authority needed to have access to these systems, or even the buildings. (No, it’s not something that becomes ok just because the President says its ok. There are laws that limit his ability to make delegations like this, and for just this sort of reason: to make sure the public remains protected from arbitrary exercises of executive power that may not be in the country’s interests.)

They are a bunch of strangers who have essentially busted into government offices and strong-armed the career staff there into giving them access to all these systems with all this critical function and data. Systems that it has heretofore been the priority of the United States government to protect because of their sensitivity and how vulnerable the nation would be if an adversary could access them.

And yet here we are, where that very thing we’ve feared, passed law to punish, and spent countless dollars trying to prevent — a cyberattack — has just happened.

The response needs to be more than just a shrug. The nation’s infrastructure has just been attacked by the prototypical example of a rogue actor, acting lawlessly, with openly declared hostile intent aiming to disrupt the operation of the nation’s government as the people, expressed through acts of Congress, wanted their government to operate.

What has happened needs to be understood that way, in these gravest of terms, in order to provoke the appropriate response from any still-legitimate organs of American government, which must be as swift and powerful as any time when America’s homeland security has been attacked.

It is bitterly ironic that Congress and the courts spent all that effort gnashing and wailing and tearing up the Constitution over the potential threat posed to America’s national security interests by TikTok, when we were just going to simply hand over the keys to the kingdom the very next week to the guy who owns Twitter.

Filed Under: cyberattack, cybersecurity, elon musk, gsa, opm, privacy, treasury department, usaid