Posted on 07/13/2015 6:36:20 AM PDT by SeekAndFind
The hack at the Office of Personnel Management shows what happens when lax security gets combined with organizations or governments getting too big. CNN has a pretty interesting rundown on how the hackers may have found a way to get into OPM servers. One way involves figuring out which agency hasn’t had their servers updated in some time.
Let’s say there is a U.S. government agency — Agency X — that does not update its server operating system software patches. We don’t know which agency it is because the federal government doesn’t want to reveal everything it knows to the Chinese and the cyber links the agency had to the Office of Personnel Management.
The “Agency X” could be any of the dozens of alphabet agencies in Washington DC, designed to control our lives and well being in one shape, form, or another. The easy solution to plugging the cyber security hole is making sure all the agencies have the best security. The tougher question is figuring out which agencies even have to exist. This isn’t just a call for dissolving the agencies conservatives and libertarians tend to target, like the EPA or Department of Education, but to take a hard look at the federal government as a whole. Does the U.S actually need a Food and Nutrition Service; Food, Nutrition And Consumer Services; AND Center for Nutrition Policy and Promotion? Should there be a Rural Business-Cooperative Service, Rural Development, Rural Housing Service, and Rural Utilities Service? Do the General Services Administration, the Office of Management and Budget, and Council on Economic Advisers need to exist? These are questions the federal government, and people in general, need to ask as they study the ins and outs of the hack.
The same goes for private businesses. Sony Pictures Entertainment was hacked last year by…someone (the claims by the U.S. government it was North Korea are a little suspect). Sony Pictures has 25 divisions, ranging from animation to television ad sales to home entertainment. JPMorgan Chase saw its data get breached last year with 83 million accounts exposed. The bank has 46 executives for around 30-36 departments and who knows how many sub-departments. Hackers have also hit major corporations including Target and their 47 executives and 36 departments. Visa, MasterCard, Home Depot, American Airlines, and United Airlines have also been hit by hackers, but those were through 3rd party vendors. Not every hack happens because businesses are too big. Michaels has a smaller board, but got hacked because of lax security. AT&T saw data get stolen by 43 employees who were corrupt. Yahoo! isn’t the biggest company out there, but has been hacked multiple times. LinkedIn’s 2012 hack came because their security system wasn’t as strong as believed. Security breaches happen and this is why it’s important for businesses and their customers to protect their own data as much as possible. But it’s also important to look at the size of a business (or government) and the dangers of having too many fingers in too many pies.
This is NOT an anti-corporate screed, but a word of caution. Businesses need to ask if it’s smart to be involved in a new venture or if a spinoff company with a completely different leadership team, balance sheet, data center, etc. should handle it. The same goes for government agencies. Congress and the president should seriously take a look at their operations and decide whether “Agency X” should exist or not. Or whether “Agency X” should even be involved in the area of governance it’s involved in or if the private sector should handle it. The nature of government is to grow so it’s highly unlikely a review will actually happen. But it’s something the right needs to be aware of and elect leaders who are aware of it as well. After all, holding PR-driven, government-run summits on cybersecurity and consumer protection only goes so far. The same goes with naming the person who ran your 2012 National Political Director as head of the OPM. Just an idea.
Running Windows 98, no doubt.
People should be held responsible, fired, tried and convicted for this.
It’s what would happen in the private sector.
But I am an an idealist.
OPM gave free access to it's databases to both a Chinese company and an Argentine company. That means that the Chinese government, at the very least, also had full access to the database and likely all OPM systems. The database contains very sensitive background information for all US Government employees including national security and intelligence employees.
In a sane world this would result in overturning the current government and jail terms for many of its operatives. Instead, virtually no one knows or cares about this issue, and almost no one understands how dangerous a matter it is for all of us.
Not in banking.
So true.
No, it shows what happens when a government favors diversity over competency.
Obama should Resign for not protecting his Employees
Absolutely correct! The data was simply given away, no hack involved!
all this uproar is about data... it should be about national security too.
IF the Chinese got the background check reports... they now have all the possible background data on blackmail and financial vulnerabilities of everyone with any security clearance... and if the had access they may well have been able to give their own agents CLEARANCES...
We're "...livin on a prayer".
You have to have seen to understand how cosmically bad it is.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.