The Data Breach You Haven’t Heard About

[Commentary] A security breach recently discovered at software developer Juniper Networks has US officials worried that foreign hackers have been reading the encrypted communications of US government agencies for the past three years. Yet compared with the uproar over the Office of Personnel Management breach, first disclosed in June 2015, this recent breach has gone largely unnoticed. The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.

This is why I and my colleagues on the House Committee on Oversight and Government Reform recently wrote a letter to the heads of 24 federal agencies demanding an inventory of their systems running the affected software, and whether or not they have installed the patch. Once we learn which agencies were using the faulty software, finish patching all the systems and conduct a damage assessment, we need to examine why this older version of ScreenOS, last updated in 2011, was being used in the first place. This incident shows that backdoors to bypass encryption—even those requested by law enforcement or mandated by lawmakers—are extremely dangerous.

[Rep Hurd is chairman of the IT Subcommittee on Oversight and Government Reform]