Thursday, 25 June 2015

Editorial: At OPM, hackers expose government’s lack of cybersecurity

No matter what form it takes, the prospect of cyber thievery compromising your personal information is a stomach-churning experience. Maybe it’s that big-box store, like Target or Home Depot, whose customer credit card information was filched, or maybe a major health insurer, like Anthem, which so many people have used and provided with their personal medical and identification information.

Or maybe it’s the U.S. Office of Personnel Management, which was hacked not once, but twice in recent years. The latest breach may have affected as many as 14 million federal workers, many of whom live in Virginia and right here in the Fredericksburg region.

When these alleged China-based hackers are able to infiltrate OPM, they gain access to individual as well as military and intelligence data. They obtain all the deeply personal information that federal job applicants provide—particularly those seeking security clearances. That suggests implications for not only their private lives but their careers as well. Some must even provide information for their spouses or partners. The tentacles are many and far-reaching.

There is surely plenty of blame to go around here, and much of it reflects on the federal government itself. With OPM the example at hand, it is largely a victim of its own massive size and bureaucracy. Its inspector general and other top officials have cited the agency’s aged and decrepit technology. But warnings mean little if there’s a 10-ton boulder in the way.

When the latest breach took place, OPM was already pursuing a $91 million computer overhaul that has been cited for violating bidding and management protocols. OPM officials counter that the urgency of the situation demanded that the program be expedited, meaning that bureaucratic shortcuts were purposely taken. As a result, critics say, the program will end up failing to accomplish what it was designed to do and exceed the cost and timetable estimates OPM has intended.

Now, federal officials are saying that the technology that detected the OPM breach—but couldn’t prevent it—may itself be susceptible to hacking.

Even under the best possible circumstances, the government’s ability to protect itself in a timely and comprehensive fashion is suspect from the outset, especially given the scope and complexity of this issue.

The solution, perhaps for the long term, is for individuals to protect themselves. On Tuesday, Sen. Mark Warner, D–Va., asked the Internal Revenue Service to work with OPM breach victims to prevent the stolen information from being used to file false tax returns. That would involve broadening the IRS Identity Protection Personal Identification Number (IP PIN) program, which is designed to protect your tax information and the Social Security number associated with it. Yes, it’s another number, another layer, but under the program the IP PIN changes every year, requiring you to confirm you are who you say you are.

Our dependence on technology has set us up to be victimized by its porous nature, and warnings since the beginning of the Internet age have been largely ignored. The cat-and-mouse game of having to plug this hole and then that appears endless.

Perhaps it’s up to the private sector to come up with a failsafe method of individual identity protection while the government considers its options.

In the meantime, studying up on the best ways to protect yourself from hackers and the damage they can inflict might be your best bet.

View the original content and more from this author here: http://ift.tt/1LEp6uA



from cyber security caucus http://ift.tt/1LwMRb3
via IFTTT

No comments:

Post a Comment