Weekly Columns
OPM Breach Reveals Cyber Security Failures
Jun 18 2015
The recent cyber attack on the Office of Personnel Management (OPM) has most Americans shaking their heads in disbelief. How could the most powerful nation in the world allow hackers to infiltrate a government network and steal the personal data of millions of current and former federal employees?
The more we learn, the more apparent it is that this incident was no run of the mill breach. It is far more troubling.
For starters, investigators initially thought the data of up to four million current and past federal employees, along with retired federal workers, was compromised over the many months that the hackers were maneuvering through OPM’s system undetected. This alone would make this one of the largest thefts of U.S. government personnel data in history.
Now, as investigators dig deeper, it has been reported that the sensitive personal data of up to 14 million Americans may have been stolen in the hack. On top of that, there are valid concerns that the personal information of private citizens may have been taken by the hackers as well due to OPM’s role in conducting background checks of federal workers and potential employees.
OPM is essentially the “human resources office” for the executive branch. As such, it is entrusted with a massive amount of personal information on federal government workers. Since the agency conducts 90 percent of background investigations for federal employment applicants, a great deal of sensitive information about an individual and his or her relatives, friends and former coworkers is included in the applicant’s file as part of the process.
The hackers can now lay claim to that treasure trove of personal information, as well as passwords and encryption keys, all of which can be exploited for espionage and trade- secret theft purposes.
The Obama Administration has identified that hackers in China are most likely responsible for this attack. What remains to be seen is how much involvement the Chinese government may have had in this massive breach, but early indicators seem to point in that direction.
The taxpayer’s tab for this hack is just starting to be calculated and it is going to be costly. According to the Washington Post, the OPM breach is costing taxpayers almost $21 million just to notify the victims and protect their data.
Hackers have become one of the greatest security challenges our nation faces. There are people trying to get inside our systems 24 hours a day, 7 days a week. There were almost 61,000 cyber attacks and security breaches across the entire federal government last year alone.
We can't continue to let foreign governments such as China, or rogue hackers for that matter, bully our federal agencies or our corporations. We need to do more to prevent breaches and have timely responses ready when coordinated attacks such as the one at the OPM occur. The Senate Intelligence Committee has approved legislation that aims to thwart attacks and modernize our defenses against breaches and the Majority Leader is working to bring this bill up for a vote.
The full extent of the damage done by the OPM breach remains unclear. What is certain is that government agencies like OPM are woefully unprepared for cyber attacks. We must strengthen our defenses and, at the same time, go on the offense against hackers. We cannot sleep through this wake-up call.