Citing a recent Vice article reporting on cybersecurity deficiencies at the US military level, John Shegerian, Co-Founder and Executive Chairman of ERI, the nation’s leading fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company, has claimed that individuals, businesses, government agencies and even our national security is at an escalated level of risk.
The Vice feature, titled “The American Military Sucks at Cybersecurity,” reported on the Pentagon’s Inspector General’s recent investigations into the American military’s cybersecurity efforts over the previous year. In its report, the Inspector General revealed that “…as of September 30, 2018, there were 266 open cybersecurity-related recommendations, dating as far back as 2008.” Previously, the IG had recommended the Pentagon take 159 different steps to improve cybersecurity, but only 19 of the steps have been accomplished to date.
In the report, cybersecurity issues affected all branches of the military, including one incident where in a server site connected to America’s ballistic missile defense systems, inspectors “found an unlocked server rack despite a posted sign on the rack stating that the server door must remain locked at all times.” At the same site, it was discovered that officials weren’t encrypting data transferred from computers via USB sticks and removable hard drives. The Pentagon reported that in one portion of its investigation, appropriate encryption was applied to “…less than one percent of Controlled Unclassified Information stored on removable media.”
Shegerian noted that the Pentagon’s report on such deficiencies across US military agencies and their contractors has unveiled an urgent need for new systems and protocols to be put in place, and that in today’s climate, where anyone is at risk for an invasion of private data and information, the military and government agencies have new levels of standards that must be adopted and observed.
One way to combat hacking and risks even at the highest level, Shegerian said, is the crucial but too often overlooked practice of accounting for data on discarded hardware as well as cyberspace data protections.
“As our military and government experts at the top level scramble to find new ways to protect data from cyber invasions, it is also vital that they also focus on protecting our hardware, which often contains the most sensitive information of all,” said Shegerian. “When a device is responsibly recycled here in the US, part of that process should always include complete, physical data destruction. Some contractors and government agencies may believe their data is being wiped when they drop devices off for recycling and that is not always the case. Also, unethical and illegal shipping of e-waste abroad has become an additional layer to the hardware security issue because it leads to the wholesale liquidation of our national security and the privacy of the corporations and individuals of the United States. Recycling these devices is important, but it must be done the right way.”
Shegerian added that mining of data on discarded devices is a huge and unchecked part of the data theft problem in general – be the content from military, government agencies, businesses or even individuals in their homes.
Shegerian also noted that ERI currently provides the only tri-certified (R2 and e-stewards certified as well as NAID AAA certified at the highest level of data destruction) nationwide solution offering 100 percent guaranteed data destruction for electronics devices, e-waste, and hardware.