In his USA Today column Glenn Reynolds fulminates about the hacking of the Office of Personnel Management’s computer data on federal employees:
The U.S. military, even in its current somewhat shrunken state, remains an irresistible force in conventional warfare. But this trove of information is perfect for “fourth-generation warfare,” in which conventional strengths are bypassed in favor of targeted attacks on a stronger nation’s weaknesses. With this sort of information, China will find it much easier to recruit agents, blackmail decision-makers and — in the event of a straight-up conflict — strike directly at Americans in the government, all without launching a single missile.
That’s why experts are calling this security breach a “debacle” and “potentially devastating.” Some are even calling it a “cyber Pearl Harbor.”
Perhaps that’s a bit strong: Unlike the real Pearl Harbor attack, there are no burning and sunken ships full of American sailors. On the other hand, if the Japanese in 1941 could have kept the U.S. from interfering with their Pacific conquests through subtler means than air-dropped torpedoes, they no doubt would have been happy to do so. And that’s the situation that China, with cyberattacks such as this one, is trying to bring about.
What do we do? Well, so far the federal government is offering free identity-theft protection to its employees, but that response is like putting a Band-Aid on a severed limb — so pathetic it’s not even cosmetic. This isn’t like a broken code, where we can just change things around and be almost as good as new. Once out, this information will remain current for years, and there’s no easy or effective way of doing much about that.
He does make one important point, one I’ve made here: the federal government should refrain from putting sensitive records online. Hacking of computer records can be done in wholesale, making it much more tempting than paper records.
There’s something else he doesn’t point out and I haven’t seen mentioned anywhere else. This incident is a test for federal employees’ unions. If there were ever an issue made for fully justified collective bargaining, this is it. That’s how I interpret the recent remarks by the leaders of those unions.
Blackmail decision-makers? Can’t they just by them like everybody else?
US military in its shrunken state? Reynolds does comedy?
Steve
Buy, not by. Apparently my phone hates that word.
Personally, I think that’s hyperbole even though I’m one who is directly affected. What Snowden did is far worse in terms of its potential. To be clear, I’m not talking about the revelation of the various domestic surveillance programs he revealed, I’m talking about the tens-of-thousands of other documents he stole related to US foreign intelligence programs.
Steve,
It depends on what you mean by “shrunken,” the metric(s) and the relative comparison.
One other thing. This is another opportunity to get on my soapbox about government and civil service reform. The incompetent rollout of healthcare.gov, the pervasive use of legacy systems and the shocking and borderline criminal lack of security all have a common cause – one that no one with influence is interested in addressing.
one that no one with influence is interested in addressing.
There skills are in raising money, campaigning, and peddling influence. In all seriousness, would you want any of this group of elected officials in charge of reforming the civil service?
Ice,
Sooner or later we’ll have to or President Palpatine will make the reforms…
My money is on Palpatine. (Palpatine is in my phone’s default dictionary, btw. It hates the word ‘buy’ but Palpatine pulls up at the second p.) My money is also on Palpatine arriving within our expected life spans.
These companies including the government have no reason to increase security. If the libertarian argument were correct, this would not occur anymore. They would blame this on the government, but your solution of the unions or voters should be the free-market working. We know how that will end.
It is cheaper to pay for a few credit checks than it is to implement robust security, and the free-market solution is the cheapest solution. This a problem that will eventually have government regulations imposed because the free-market refused to police itself.
Libertarians, conservatives, and Republicans, you can either write the regulations today, or you can have the progressives, liberals, and Democrats write them tomorrow. These regulations will be written.
One thing about these older systems that people refuse to accept is that they were built during a different time and with a different configuration. In a closed system (no internet access), many of these systems are not as insecure, and when they were just dumb terminals, they were not as vulnerable.
It was unplanned, but these older systems had an organic defense-in-depth. When these systems were merged, reconfigured, and connected to the internet, they introduced multiple single points-of-failure.
That’s exactly right. When systems design becomes one-size-fits-all, you’re bound to have gigantic snafus.
I’d rather prevent exploits like the OPM breach by design (as in not digitizing some things). The one thing for sure is there are some risks that can’t be remediated. You can remediate the loss of credit card information, for example. You can’t remediate the loss of security check information.