I have been a longtime critic of US-CERT, the cyber division led by the Department of Homeland Security. US-CERT is essentially a contract between DHS and Carnegie Mellon University’s old Cert CC group wherein CMU gets fat off of taxpayer dollars by pretending to be thought leaders in cyberspace. Spoilers, they are not. In fact, when they were chartered to monitor the Federal space to look for intrusions, they fought Congress with their own legal team saying they should not intercept full packets due to privacy reasons.
The OMB complained to Congress that their tools for monitoring “sucked balls” back in 2008. Then in 2014, US-CERT ran the incident response engagement to OMB during the Chinese attack against the personnel database that houses the clearance information of every American working in the Federal space. Rather than use proper tools or a professional investigative and forensics team, they “monitored” the attack in an attempt to harvest “counter intelligence.” The result was that all the clearance information was extracted and sent to the Chinese. Twitter user PwnAllTheThings put together an excellent timeline on the failures of USCERT below.
Now that all of the background information for millions of Americans are in the hands of the Chinese, they can easily identify anyone who knows anything about any particular program running in the government. They can use data found in the background checks as leverage and blackmail to get people to divulge classified information. And it is all the fault of the academics and bureaucrats at Carnegie Mellon and DHS. We are greatly diminished in our ability to keep secrets, and no one likely got fired for their failures.