Rep. Will Hurd writes that Congress and officials still don’t have answers about the discovery in December by software developer Juniper Networks of a backdoor in its ScreenOS software that could have allowed foreign entities to decrypt and read government communications. The backdoor is thought to have been inserted in 2013. And while the OPM breach garnered massive public and media attention, less attention has been paid to this breach.
The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.
If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.
Read more on WSJ.
Hurd, who is one of Congress’s few members who “gets” the nerdy stuff, points out that this situation is a good example of why any backdoor that puts a hole in encryption is a bad idea.