OPINION:
We can add cybersecurity to the list of things Washington can’t seem to handle. Given the enormous dimensions of recent data breaches suffered by keepers of federal employee records, it’s apparent that the government’s barriers to hackers are about as airtight as a screen door would be on a submarine. Americans working for the government shouldn’t have to worry that their personal information is scrutinized by their counterparts in Beijing. Trust is a two-way street, and a government that compromises the privacy of its own hardly deserves trust.
The Office of Personnel Management (OPM) has admitted the embarrassing theft of personal data for 4.2 million current and former federal employees. Last week we learned that the number could be far larger. Appearing before the House Oversight and Government Reform Committee, OPM Director Katherine Archuleta declined to specify the number of employees subject to the breach until the agency’s internal investigation is complete. Under questioning by the committee chairman, Rep. Jason Chaffetz, she did not deny that hackers could have seized records of 32 million current and former federal workers.
A security breach that compromises the records of millions is jarring. A second one of similar or larger proportions is a serious failure that should not go unpunished. Promises of identity theft protection are inadequate compensation for unnerved federal employees. In addition to Social Security numbers, records include sensitive information such as financial histories and names of children and relatives. When these records are stolen, blackmail becomes a likely possibility. Such security lapses mean heads should roll.
A Government Accountability Office study released June 24 highlighted the need for better controls on federal data to prevent further cybersecurity rifts. The number of “information security incidents” compromising federal data has risen from 5,503 in 2006 to 67,168 in 2014, according to the study presented to a House Homeland Security committee by Gregory Wilshusen, the GAO information security director. The National Cybersecurity Protection System, ironically known as EINSTEIN, may not be effective at keeping intruders out of government data, he said.
That horse is out of the barn. A technology company with CIA ties has discovered log-in and password information for 47 government agencies on the Web, according to The Associated Press. Recorded Future found that 12 agencies have no security controls beyond passwords, making them particularly vulnerable to hackers. Among them are some of the most sensitive in government, from departments of Defense, Justice, Treasury and Energy.
China and Russia are considered the primary suspects in the cybertheft business. The Obama administration suspects Beijing in particular may be behind the latest pilfering of federal employee records. Vice President Joe Biden’s admonitions on June 23 in Beijing, over China’s bad behavior in cyberspace, are unlikely to be heeded by Chinese leaders who routinely claim to be the victims. But given the apparent laxity of federal data defenders, even teenagers with laptops could fish successfully in the target-rich federal information pool.
The private sector is further vulnerable to hackers. In 2013, personal information for some 70 million Target department-store customers was exposed, and other retailers have lost millions of shoppers’ records to intruders. Congress is considering legislation that would hold stores liable for cyber-breaches and pre-empt existing laws in 47 states. The benefits of electronic information flowing across the globe become useless when intruders can raid it for fun and profit. Compromises to cybersecurity need solutions before the Web becomes nothing more than a trap.
Please read our comment policy before commenting.