Obama, the Conductor of Chaos

Barack Obama holds the baton to an anti-American orchestra of tuned, tested, rehearsed instruments. The production is mismanaged, sour to the ears and causes people to leave the arena when the verses are not American and in cadence with allies. The entire governmental score is tyrannical and abusive.

His performance however, is well driven by inside marxist, communists and socialist operators who themselves have tuned, tested and rehearsed instruments where it is in harmony with enemies of America. How about Hugo Chavez, Mohammed Morsi or the Taliban? Then there is Iran.

Three branches of government have been reduced to one, where Conductor Obama has ruled with a pen and a phone and otherwise political extortion. Up to the point where Senate majority leader, Harry Reid lost his leadership post, he functionally stopped and paralyzed the people’s work on Congress to protect Barack Obama.

All the while, Maestro Obama had his was working his intonations on the Supreme Court with his choice picks of Elena Kagan and Sonia Sotomayor, swinging the black robe influence to a more left octave. The court is broken when one sees the real dissention between the justices when not on the bench.

Obama has led an opus where the very social and civil structure in America has been thrown into turmoil. Border Patrol has no clue how to enforce immigration laws, they abide to DHS memos written by Secretary Jeh Johnson. Historical flags and icons are to be removed and gender designated bathrooms are now without any designation.

The fundamental security of government personnel and documents of several agencies has been compromised by an epic cyber intrusion and that finale is from over as the damage will be ongoing for years.

The very personal concern of having access to healthcare has reached a crisis pitch such that insurance deductibles are financially bending and having a doctor’s appointment is a future dream. Nothing is more demonstrative of this condition than that of the Veteran’s Administration where there is a slow death waltz.

Barack Obama performed a medley of government fraud and extortion using the IRS, the EPA, the DoJ, ATF, Education, HUD and HHS to name a few.

Off our shores, conditions are much worse. Barack Obama has modulated a score of retreat while his measure of sympathy to Islam in pure nocturne. His administration led of early in 2009 with the Cairo speech where the ligature plays out today throughout the Muslim world. The retreat from Iraq and his shallow threat of a ‘red-line’ have prove deadly in the whole region, a modern day holocaust. And mostly sadly of all was allowing 4 Americans to perish in Libya with no hope of security, support or rescue.

The most grave of the Obama coda is the terror and dying of Christians.

The building crescendo of Obama will be the nuclear agreement with Iran where Israel, Saudi Arabia, Europe and America as the great Satan will be his encore.

The stretto of the Obama symphony is defined here in an excellent summary by Stephen Hayes of The Weekly Standard.

There are several months left for the conductor of chaos to work his baton and that tremolo is clearly upon us and the world.

 

 

 

 

 

National Preparedness is up to YOU

At no other time in American history has the United States been so vulnerable to national security threats. The text below is for you benefit, take is seriously and don’t rely on FEMA, you are your own best resource.

National Preparedness Report

Main Content

This page provides information on the 2015 National Preparedness Report, including the overarching findings on national issues, preparedness progress, and opportunities for improvement. This page is for anyone interested in seeing how preparedness can inform priorities and community actions.

National Preparedness Report

The 2015 National Preparedness Report marks the fourth iteration of this annual report. Required annually by Presidential Policy Directive 8: National Preparedness, the National Preparedness Report summarizes progress in building, sustaining, and delivering the 31 core capabilities described in the 2011 National Preparedness Goal (the Goal). Each year, the report presents an opportunity to assess gains that whole community partners—including all levels of government, private and nonprofit sectors, faith-based organizations, communities, and individuals—have made in preparedness, and to identify where challenges remain.

The intent of the National Preparedness Report is to provide the Nation with practical insights on preparedness that can inform decisions about program priorities, resource allocations, and community actions. The 2015 National Preparedness Report focuses primarily on preparedness activities undertaken or reported during 2014, and places particular emphasis on progress made in implementing the National Planning Frameworks (the Frameworks) across the Prevention, Protection, Mitigation, Response, and Recovery mission areas. The Frameworks describe how the whole community works together to achieve the goal of a secure and resilient Nation.

Overarching Findings on National Issues

In addition to key findings for each of the five preparedness mission areas, the 2015 NPR identifies overarching national trends that cut across multiple mission areas:

  • Incorporating Emergency Preparedness into Technology Platforms: Businesses and public-private partnerships are increasingly incorporating emergency preparedness into technology platforms, such as Internet and social media tools and services.
  • Challenges Assessing the Status of Corrective Actions: While Federal departments and agencies individually assess progress for corrective actions identified during national-level exercises and real-world incidents, challenges remain to comprehensively assess corrective actions with broad implications across the Federal Government.
  • Response Coordination Challenges for Events that Do Not Receive Robert T. Stafford Disaster Relief and Emergency Assistance Act (Stafford Act) Declarations: Recent events, including the epidemic of Ebola virus disease, have highlighted challenges with coordinating the response to and recovery from complex incidents that do not receive Stafford Act declarations.

The Nation Continues to Make Progress

The 2015 NPR identifies three new core capabilities – Environmental Response/Health and Safety, Intelligence and Information Sharing, and Operational Coordination – as meeting acceptable levels of performance but requiring sustained effort to maintain capability and meet emerging challenges. These capabilities join five others from the 2014 report that future National Preparedness Reports will revisit to determine if they are still meeting performance goals.

Opportunities for Improvement

The 2015 National Preparedness Report also highlights key preparedness challenges remaining for the Nation. Three core capabilities—Cybersecurity, Housing, and Infrastructure Systems—have persisted as areas for improvement across all four National Preparedness Reports. A fourth core capability, Long-term Vulnerability Reduction, repeats as an area for improvement from last year, due in part to questions surrounding the long-term solvency of the National Flood Insurance Program and nascent national efforts for climate change adaptation and green infrastructure. Preparedness data further revealed that the Federal Government, states, and territories are also struggling to build capacity for the Access Control and Identity Verification and Economic Recovery core capabilities. These areas for improvement are a reminder that preparedness gains are gradual and that solutions to complex challenges will not materialize without sustained support from the whole community.

Key Factors for Future Progress

The 2015 NPR represents the fourth opportunity for the Nation to reflect on progress in strengthening national preparedness and to identify where preparedness gaps remain. Looking across all five mission areas, the NPR provides a national perspective on critical preparedness trends for whole community partners to use to inform program priorities, to allocate resources, and to communicate with stakeholders about issues of shared concern.

Resources

Core Capabilities

Main Content

The National Preparedness Goal identified 31 core capabilities—these are the distinct critical elements needed to achieve the goal.

These capabilities are referenced in many national preparedness efforts, including the National Planning Frameworks. The Goal grouped the capabilities into five mission areas, based on where they most logically fit. Some fall into only one mission area, while some others apply to several mission areas.

Download the capabilities crosswalk to see how the legacy Target Capabilities List compares with the new core capabilities.

Planning

  • Mission Areas: All
  • Description: Conduct a systematic process engaging the whole community as appropriate in the development of executable strategic, operational, and/or community-based approaches to meet defined objectives.

Public Information and Warning

  • Mission Areas: All
  • Description: Deliver coordinated, prompt, reliable, and actionable information to the whole community through the use of clear, consistent, accessible, and culturally and linguistically appropriate methods to effectively relay information regarding any threat or hazard, as well as the actions being taken and the assistance being made available, as appropriate.

Operational Coordination

  • Mission Areas: All
  • Description: Establish and maintain a unified and coordinated operational structure and process that appropriately integrates all critical stakeholders and supports the execution of core capabilities.

Forensics and Attribution

  • Mission Area: Prevention
  • Description: Conduct forensic analysis and attribute terrorist acts (including the means and methods of terrorism) to their source, to include forensic analysis as well as attribution for an attack and for the preparation for an attack in an effort to prevent initial or follow-on acts and/or swiftly develop counter-options.

Intelligence and Information Sharing

  • Mission Areas: Prevention, Protection
  • Description: Provide timely, accurate, and actionable information resulting from the planning, direction, collection, exploitation, processing, analysis, production, dissemination, evaluation, and feedback of available information concerning threats to the United States, its people, property, or interests; the development, proliferation, or use of WMDs; or any other matter bearing on U.S. national or homeland security by Federal, state, local, and other stakeholders. Information sharing is the ability to exchange intelligence, information, data, or knowledge among Federal, state, local, or private sector entities, as appropriate.

Interdiction and Disruption

  • Mission Areas: Prevention, Protection
  • Description: Delay, divert, intercept, halt, apprehend, or secure threats and/or hazards.

Screening, Search, and Detection

  • Mission Areas: Prevention, Protection
  • Description: Identify, discover, or locate threats and/or hazards through active and passive surveillance and search procedures. This may include the use of systematic examinations and assessments, sensor technologies, or physical investigation and intelligence.

Access Control and Identity Verification

  • Mission Area: Protection
  • Description: Apply a broad range of physical, technological, and cyber measures to control admittance to critical locations and systems, limiting access to authorized individuals to carry out legitimate activities.

Cybersecurity

  • Mission Area: Protection
  • Description: Protect against damage to, the unauthorized use of, and/or the exploitation of (and, if needed, the restoration of) electronic communications systems and services (and the information contained therein).

Physical Protective Measures

  • Mission Area: Protection
  • Description: Reduce or mitigate risks, including actions targeted at threats, vulnerabilities, and/or consequences, by controlling movement and protecting borders, critical infrastructure, and the homeland.

Risk Management for Protection Programs and Activities

  • Mission Area: Protection
  • Description: Identify, assess, and prioritize risks to inform Protection activities and investments.

Supply Chain Integrity and Security

  • Mission Area: Protection
  • Description: Strengthen the security and resilience of the supply chain.

Community Resilience

  • Mission Area: Mitigation
  • Description: Lead the integrated effort to recognize, understand, communicate, plan, and address risks so that the community can develop a set of actions to accomplish Mitigation and improve resilience.

Long-term Vulnerability Reduction

  • Mission Area: Mitigation
  • Description: Build and sustain resilient systems, communities, and critical infrastructure and key resources lifelines so as to reduce their vulnerability to natural, technological, and human-caused incidents by lessening the likelihood, severity, and duration of the adverse consequences related to these incidents.

Risk and Disaster Resilience Assessment

  • Mission Area: Mitigation
  • Description: Assess risk and disaster resilience so that decision makers, responders, and community members can take informed action to reduce their entity’s risk and increase their resilience.

Threats and Hazard Identification

  • Mission Area: Mitigation
  • Description: Identify the threats and hazards that occur in the geographic area; determine the frequency and magnitude; and incorporate this into analysis and planning processes so as to clearly understand the needs of a community or entity.

Critical Transportation

  • Mission Area: Response
  • Description: Provide transportation (including infrastructure access and accessible transportation services) for response priority objectives, including the evacuation of people and animals, and the delivery of vital response personnel, equipment, and services into the affected areas.

Environmental Response/Health and Safety

  • Mission Area: Response
  • Description: Ensure the availability of guidance and resources to address all hazards including hazardous materials, acts of terrorism, and natural disasters in support of the responder operations and the affected communities.

Fatality Management Services

  • Mission Area: Response
  • Description: Provide fatality management services, including body recovery and victim identification, working with state and local authorities to provide temporary mortuary solutions, sharing information with mass care services for the purpose of reunifying family members and caregivers with missing persons/remains, and providing counseling to the bereaved.

Infrastructure Systems

  • Mission Area: Response, Recovery
  • Description: Stabilize critical infrastructure functions, minimize health and safety threats, and efficiently restore and revitalize systems and services to support a viable, resilient community.

Mass Care Services

  • Mission Area: Response
  • Description: Provide life-sustaining services to the affected population with a focus on hydration, feeding, and sheltering to those who have the most need, as well as support for reunifying families.

Mass Search and Rescue Operations

  • Mission Area: Response
  • Description: Deliver traditional and atypical search and rescue capabilities, including personnel, services, animals, and assets to survivors in need, with the goal of saving the greatest number of endangered lives in the shortest time possible.

On-scene Security and Protection

  • Mission Area: Response
  • Description: Ensure a safe and secure environment through law enforcement and related security and protection operations for people and communities located within affected areas and also for all traditional and atypical response personnel engaged in lifesaving and life-sustaining operations.

Operational Communications

  • Mission Area: Response
  • Description: Ensure the capacity for timely communications in support of security, situational awareness, and operations by any and all means available, among and between affected communities in the impact area and all response forces.

Public and Private Services and Resources

  • Mission Area: Response
  • Description: Provide essential public and private services and resources to the affected population and surrounding communities, to include emergency power to critical facilities, fuel support for emergency responders, and access to community staples (e.g., grocery stores, pharmacies, and banks) and fire and other first response services.

Public Health and Medical Services

  • Mission Area: Response
  • Description: Provide lifesaving medical treatment via emergency medical services and related operations and avoid additional disease and injury by providing targeted public health and medical support and products to all people in need within the affected area.

Situational Assessment

  • Mission Area: Response
  • Description: Provide all decision makers with decision-relevant information regarding the nature and extent of the hazard, any cascading effects, and the status of the response.

Economic Recovery

  • Mission Area: Recovery
  • Description: Return economic and business activities (including food and agriculture) to a healthy state and develop new business and employment opportunities that result in a sustainable and economically viable community.

Health and Social Services

  • Mission Area: Recovery
  • Description: Restore and improve health and social services networks to promote the resilience, independence, health (including behavioral health), and well-being of the whole community.

Housing

  • Mission Area: Recovery
  • Description: Implement housing solutions that effectively support the needs of the whole community and contribute to its sustainability and resilience.

Natural and Cultural Resources

  • Mission Area: Recovery
  • Description: Protect natural and cultural resources and historic properties through appropriate planning, mitigation, response, and recovery actions to preserve, conserve, rehabilitate, and restore them consistent with post-disaster community priorities and best practices and in compliance with appropriate environmental and historical preservation laws and executive orders.

Cyber Security on the Skids, Blinking RED

Recorded Future is a real time open source intelligence collection company that determines trends and predictions of emerging threats.

Recorded Future identified the possible exposures of login credentials for 47 United States government agencies across 89 unique domains.

As of early 2015, 12 of these agencies, including the Departments of State and Energy, allowed some of their users access to computer networks with no form of two-factor authentication. The presence of these credentials on the open Web leaves these agencies vulnerable to espionage, socially engineered attacks, and tailored spear-phishing attacks against their workforce.

The damage has yet to be fully realized and cannot be overstated. Where is the White House? Where are the protections? Where is a policy? Major alarm bells as you read on.

From Associated Press:

Tech company finds stolen government log-ins all over Web

WASHINGTON (AP) — A CIA-backed technology company has found logins and passwords for 47 government agencies strewn across the Web – available for hackers, spies and thieves.

Recorded Future, a social media data mining firm backed by the CIA’s venture capital arm, says in a report that login credentials for nearly every federal agency have been posted on open Internet sites for those who know where to look.

According to the company, at least 12 agencies don’t require authentication beyond passwords to access their networks, so those agencies are vulnerable to espionage and cyberattacks.

The company says logins and passwords were found connected with the departments of Defense, Justice, Treasury and Energy, as well as the CIA and the Director of National Intelligence.

From the WSJ: Obama’s Cyber Meltdown

“While Russia and Islamic State are advancing abroad, the Obama Administration may have allowed a cyber 9/11 at home.”

If you thought Edward Snowden damaged U.S. security, evidence is building that the hack of federal Office of Personnel Management (OPM) files may be even worse.

When the Administration disclosed the OPM hack in early June, they said Chinese hackers had stolen the personal information of up to four million current and former federal employees. The suspicion was that this was another case of hackers (presumably sanctioned by China’s government) stealing data to use in identity theft and financial fraud. Which is bad enough.

Yet in recent days Obama officials have quietly acknowledged to Congress that the hack was far bigger, and far more devastating. It appears OPM was subject to two breaches of its system in mid-to-late 2014, and the hackers appear to have made off with millions of security-clearance background check files.

These include reports on Americans who work for, did work for, or attempted to work for the Administration, the military and intelligence agencies. They even include Congressional staffers who left government—since their files are also sent to OPM.

This means the Chinese now possess sensitive information on everyone from current cabinet officials to U.S. spies. Background checks are specifically done to report personal histories that might put federal employees at risk for blackmail. The Chinese now hold a blackmail instruction manual for millions of targets.

These background checks are also a treasure trove of names, containing sensitive information on an applicant’s spouse, children, extended family, friends, neighbors, employers, landlords. Each of those people is also now a target, and in ways they may not contemplate. In many instances the files contain reports on applicants compiled by federal investigators, and thus may contain information that the applicant isn’t aware of.

Of particular concern are federal contractors and subcontractors, who rarely get the same security training as federal employees, and in some scenarios don’t even know for what agency they are working. These employees are particularly ripe targets for highly sophisticated phishing emails that attempt to elicit sensitive corporate or government information.

The volume of data also allows the Chinese to do what the intell pros call “exclusionary analysis.” We’re told, for instance, that some highly sensitive agencies don’t send their background checks to OPM. So imagine a scenario in which the Chinese look through the names of 30 State Department employees in a U.S. embassy. Thanks to their hack, they’ve got information on 27 of them. The other three they can now assume are working, undercover, for a sensitive agency. Say, the CIA.

Or imagine a scenario in which the Chinese cross-match databases, running the names of hacked U.S. officials against, say, hotel logs. They discover that four Americans on whom they have background data all met at a hotel on a certain day in Cairo, along with a fifth American for whom they don’t have data. The point here is that China now has more than enough information to harass U.S. agents around the world.

And not only Americans. Background checks require Americans to list their contacts with foreign nationals. So the Chinese may now have the names of thousands of dissidents and foreigners who have interacted with the U.S. government. China’s rogue allies would no doubt also like this list.

This is a failure of extraordinary proportions, yet even Congress doesn’t know its extent. The Administration is still refusing to say, even in classified briefings, which systems were compromised, which files were taken, or how much data was at risk.

***
While little noticed, the IRS admitted this spring it was also the subject of a Russian hack, in which thieves grabbed 100,000 tax returns and requested 15,000 fraudulent refunds. Officials have figured out that the hackers used names and Social Security data to pretend to be the taxpayers and break through weak IRS cyber-barriers. As Wisconsin Senator Ron Johnson has noted, the Health and Human Services Department and Social Security Administration use the same weak security wall to guard ObamaCare files and retirement information. Yet the Administration is hardly rushing to fix the problem.

Way back in March 2014, OPM knew that Chinese hackers had accessed its system without having downloaded files. So the agency was on notice as a target. It nonetheless failed to stop the two subsequent successful breaches. If this were a private federal contractor that had lost sensitive data, the Justice Department might be contemplating indictments.

Yet OPM director Katherine Archuleta and chief information officer Donna Seymour are still on the job. Mr. Obama has defended Ms. Archuleta, and the Administration is trying to change the subject by faulting Congress for not passing a cybersecurity bill. But that legislation concerns information sharing between business and government. It has nothing to do with OPM and the Administration’s failure to protect itself from cyber attack.

Ms. Archuleta appears before Congress this week, and she ought to remain seated until she explains the extent of this breach. While Russia and Islamic State are advancing abroad, the Obama Administration may have allowed a cyber 9/11 at home.

Obama has Synchronized Iran’s Nuclear Program

Consider the stated position of the Supreme leader of Iran:

Reuters and AFP – Iran’s Supreme Leader Ayatollah Ali Khamenei has stated his country’s red lines for a nuclear deal with six world powers.

“Freezing Iran’s research and development for a long time like 10 or 12 years is not acceptable,” Khamenei said in a speech broadcast live on June 23.

Khamenei, who has the final say for Iran on any deal, added that all financial and economic sanctions “should be lifted immediately” if an agreement is signed.

Britain, France, Germany, China, Russia, and the United States want Tehran to commit to a verifiable halt of at least 10 years on sensitive nuclear development work as part of a deal they aim to reach by a June 30 deadline. In exchange, they are offering relief from economic sanctions.

Khamenei reiterated that Iran would not give international inspectors access to its military sites and accused the United States of wanting to destroy Iran’s nuclear industry.

The six powers want limits on Tehran’s programs that could have a military use.

Tehran denies it is pursuing nuclear weapons.

***

When the NYT finally prints an explosive fantasy piece on what the White House and John Kerry at the State Department are doing with Iran, one needs to take notice. The New York Times calls this Iran agreement a ‘fatal flaw’.

The Iran Deal’s Fatal Flaw

PRESIDENT OBAMA’S main pitch for the pending nuclear deal with Iran is that it would extend the “breakout time” necessary for Iran to produce enough enriched uranium for a nuclear weapon. In a recent interview with NPR, he said that the current breakout time is “about two to three months by our intelligence estimates.” By contrast, he claimed, the pending deal would shrink Iran’s nuclear program, so that if Iran later “decided to break the deal, kick out all the inspectors, break the seals and go for a bomb, we’d have over a year to respond.”

Unfortunately, that claim is false, as can be demonstrated with basic science and math.  Most important, in the event of an overt attempt by Iran to build a bomb, Mr. Obama’s argument assumes that Iran would employ only the 5,060 centrifuges that the deal would allow for uranium enrichment, not the roughly 14,000 additional centrifuges that Iran would be permitted to keep mainly for spare parts. Such an assumption is laughable. In a real-world breakout, Iran would race, not crawl, to the bomb.  Iran stands to gain enormously. The deal would lift nuclear-related sanctions, thereby infusing Iran’s economy with billions of dollars annually. In addition, the deal could release frozen Iranian assets, reportedly giving Tehran a $30 billion to $50 billion “signing bonus.”

Showering Iran with rewards for making illusory concessions poses grave risks. It would entrench the ruling mullahs, who could claim credit for Iran’s economic resurgence. The extra resources would also enable Iran to amplify the havoc it is fostering in neighboring countries like Iraq, Syria, Lebanon and Yemen.

Worst of all, lifting sanctions would facilitate a huge expansion of Iran’s nuclear program. Ayatollah Ali Khamenei, Iran’s supreme leader, says that he wants 190,000 centrifuges eventually, or 10 times the current amount, as would appear to be permissible under the deal after just 10 years. Such enormous enrichment capacity would shrink the breakout time to mere days, so that Iran could produce enough weapons-grade uranium for a bomb before we even knew it was trying — thus eliminating any hope of our taking preventive action.

Nothing in the pending deal is worth such risks. Read the full article in context here.

*** But is getting worse as new documents demonstrate.

Reported by Fox News via Associated Press:

The United States and its allies are willing to offer Iran state-of-the-art nuclear equipment if Tehran agrees to pare down its atomic weapons program as part of a final nuclear agreement, a draft document has revealed.

The confidential paper, obtained by the Associated Press, has dozens of bracketed text where disagreements remain. Technical cooperation is the least controversial issue at the talks, and the number of brackets suggest the sides have a ways to go, not only on that topic but also more contentious disputes, with less than a week until the June 30 deadline for a deal.

However, the scope of the help now being offered in the draft may displease U.S. congressional critics who already argue that Washington has offered too many concessions at the negotiations.

The draft, titled “Civil Nuclear Cooperation,” promises to supply Iran with light-water nuclear reactors instead of its nearly completed heavy-water facility at Arak, which would produce enough plutonium for several bombs a year if completed as planned. The full details are here.

Civil Nuclear Cooperation platform is not new.

Chilling are the following facts:

Russia and Saudi Arabia have signed a nuclear cooperation agreement. The U.S. has done the same with Korea. Then comes Pakistan learning from U.S. and India where pacts could lead to even more proliferation globally.

For a more detailed summary of the Nuclear Cooperation agreements, take a look at a surface review on equipment, supply and banks in the matter of Korea.

 

Cyber Conflict, Chaos and Calamity

There have been several Congressional hearings on cyber-terrorism, yet with such an emergency and threat, no solution is forthcoming.

From AEI: “America’s intelligence leaders have made clear the biggest threat today is cyber and counterintelligence. Who are the largest perpetrators of these types of attacks? The intelligence report singles out Russia and China as first examples. These nations have “highly sophisticated cyber programs” and are regularly conducting “politically motivated” attacks. What are they up to exactly? Countries such as China are “reconnoitering and developing access to US critical infrastructure systems, which might be quickly exploited for disruption if an adversary’s intent became hostile.” Back in 2013, Verizon released a report detailing Chinese hackers lurking around inside American industrial control systems—the cyber equivalent to casing a robbery target. In 2014 alone, the FBI investigated a likely Russian hacking campaign against American banking backbone JP Morgan, while two cybersecurity firms blamed Iran for a major campaign against US critical infrastructure like major airliners, medical universities, and energy companies. As the year ended, the US government publicly accused North Korea of a devastating cyberattack against Sony.”

When of Office of National Intelligence produced a report, the first chapter is on cyber threats.

“Risk. Despite ever-improving network defenses, the diverse possibilities for remote hacking intrusions, supply chain operations to insert compromised hardware or software, and malevolent activities by human insiders will hold nearly all ICT systems at risk for years to come. In short, the cyber threat cannot be eliminated; rather, cyber risk must be managed. Moreover, the risk calculus employed by some private sector entities does not adequately account for foreign cyber threats or the systemic interdependencies between different critical infrastructure sectors.

Costs. During 2014, we saw an increase in the scale and scope of reporting on malevolent cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information (PII) compromised, or remediation costs incurred by US victims. “

The stakes are higher than anyone will admit, most of all the White House. The Office of Personnel Management hack of personnel files now appears to exceed 18 million individuals. “FBI Director James Comey gave the 18 million estimate in a closed-door briefing to Senators in recent weeks, using the OPM’s own internal data, according to U.S. officials briefed on the matter. Those affected could include people who applied for government jobs, but never actually ended up working for the government.”

Just announced as a possible additional agency falling victim to hacking is the National Archives and Records Administration (NARA). What is chilling about this probability is all government reports, records and communications are by law to be maintained by NARA., even classified material.

EXCLUSIVE: Signs of OPM Hack Turn Up at Another Federal Agency

The National Archives and Records Administration recently detected unauthorized activity on three desktops indicative of the same hack that extracted sensitive details on millions of current and former federal employees, government officials said Monday. The revelation suggests the breadth of one of the most damaging cyber assaults known is wider than officials have disclosed.

The National Archives’ own intrusion-prevention technology successfully spotted the so-called indicators of compromise during a scan this spring, said a source involved in the investigation, who was not authorized to speak publicly about the incident. The discovery was made soon after the Department of Homeland Security’s U.S. Computer Emergency Readiness Team published signs of the wider attack — which targeted the Office of Personnel Management — to look for at agencies, according to NARA.

It is unclear when NARA computers were breached. Suspected Chinese-sponsored cyberspies reportedly had been inside OPM’s networks for a year before the agency discovered what happened in April. Subsequently, the government uncovered a related attack against OPM that mined biographical information on individuals who have filed background investigation forms to access classified secrets.

The National Archives has found no evidence intruders obtained “administrative access,” or took control, of systems, but files were found in places they did not belong, the investigator said.

NARA “systems” and “applications” were not compromised, National Archives spokeswoman Laura Diachenko emphasized to Nextgov,  “but we detected IOCs,” indicators of compromise, “on three workstations, which were cleaned and re-imaged,” or reinstalled.

“Other files found seemed to be legitimate,” such as those from a Microsoft website, she said. “We have requested further guidance from US-CERT on how to deal with these” and are still awaiting guidance on how to proceed.

It will take additional forensics assessments to determine whether attackers ever “owned” the National Archives computers, the investigator said.

Diachenko said, “Continued analysis with our monitoring and forensic tools has not detected any activity associated with a hack,” including alerts from the latest version of a governmentwide network-monitoring tool called EINSTEIN 3A.

EINSTEIN, like NARA’s own intrusion-prevention tool, is now configured to detect the tell-tale signs of the OPM attack.

“OPM isn’t the only agency getting probed by this group,” said John Prisco, president of security provider Triumphant, the company that developed the National Archives’ tool. “It could be happening in lots of other agencies.”

Prisco said he learned of the incident at a security industry conference June 9, from an agency official the company has worked with for years.

“They told us that they were really happy because we stopped the OPM attack in their agency,” Prisco said.

The malicious operation tries to open up ports to the Internet, so it can excise information, Prisco said.

“It’s doing exploration work laterally throughout the network and then it’s looking for a way to communicate what it finds back to its server,” he added.

Homeland Security officials on Monday would not confirm or deny the situation at the National Archives. DHS spokesman S.Y. Lee referred to the department’s earlier statement about the OPM hack: “DHS has shared information regarding the potential incident with all federal chief information officers to ensure that all agencies have the knowledge they need to defend against this cybersecurity incident.”

The assault on OPM represents the seventh raid on national security-sensitive or federal personnel information over the past year.

Well-funded hackers penetrated systems at the State Department, the White House, U.S. Postal Service and, previously in March 2014, OPM. Intruders also broke into networks twice at KeyPoint Government Solutions, an OPM background check provider, and once at USIS, which conducted most of OPM’s employee investigations until last summer.

On Wednesday, the House Oversight and Government Reform Committee is scheduled to hold a hearing on the OPM incident that, among other things, will examine the possibility that hackers got into the agency’s systems by using details taken from the contractors.