The United States has been forced to admit that its Internet security efforts have failed and that has allowed critics within the Department of Defense to go public with the embarrassing reasons why. The main fault lies with poor leadership and that is seen in unwillingness to ensure that basic things, like making sure all systems are patched promptly when software publishers (especially for Operating Systems) make patches available. Too many commanders let these patches accumulate because that’s an old habit in the military. Many commanders, and services (especially the air force) behave like their networks are just air force and forgetting that all Department of Defense networks are connected (except for the ones deliberately kept off the Internet).
All this is the result of a very embarrassing recent Internet based attack. On June 25th the U.S. openly named China as the chief suspect in an April hacker attack that made off with government databases containing personal information on nearly twenty million government employees (active and retired.) This included data collected for people applying for security clearances.
The Chinese connection appears to have been be confirmed and a few American officials responsible for protecting networks have been replaced. China has officially denied any involvement. Hackers can use the stolen information (personal data on over 20 million Americans, including digital fingerprints for some) for various types of online larceny, or espionage or both. What is particularly worrisome (and making China look even more guilty) is the fact that none of that data has shown up on the Internet black market. Aside from Internet based fraud, the other major use of that data is espionage.