The Department of Homeland Security confirmed that the Office of Personnel Management (OPM) and its employees were the targets of yet another data breach this past week. The Associated Press, who first broke the story, reported that the EINSTEIN system, the cyber attack detection system used by the Department of Homeland Security, detected the intrusion only after a number of records had already been compromised.
The Office of Personnel Management is responsible for managing pension benefits and administering health and other insurance programs for Federal employees, retirees, and their families. But most importantly, they conduct a high percentage of the background checks on government employees’ that include employees vying for high level, often confidential, intelligence positions.
That vast amount of information the OPM has in order to complete investigative checks, with little to no encryption or security measures to protect this employee information, creates a “kid in a candy store” effect for a hacker. This is scary for a number of reasons, but the biggest is that if these intelligence employees are compromised then terrorists could potentially target them for information, endangering their safety and the safety of their missions and organizations.
At this point the FBI does not have a long list of suspects, at least not one they are sharing. However, they have mentioned that China is a suspect in this attack, yet no definitive evidence has been attained up to this point. What is most startling about the story is the not only the type of information that was stolen, but how it was stolen.
When you ask yourself – “Which agency or type business has the most advanced cyber security methods to protect my private information?” – your likely first guess would be the United States Government because you would think that government agencies, like the IRS (who also fell victim to an attack recently) that legally require us to hand over our extremely confidential information, would have the most advanced cyber security methods to protect that information.
The truth is that when it comes to cyber security the U.S. Government lags behind private businesses due to the red tape of bureaucracy. They have outdated systems and methods that they are scrambling to improve. But with decreasing budgets and increasing needs, the process has taken much longer than expected. This type of security, or lack thereof, is now putting government employees and everyday citizens at risk. This isn’t the first hack into the OPM and it certainly won’t be the last if the bureaucratic red tape isn’t slashed.
Cyber security is serious business, and we need to start taking it more seriously before cyber attacks grow so out of control that we don’t even know where to begin to protect ourselves. Technology changes and grows everyday, but these advances take significant time and cost to effectively implement into a system. Because of this investment it will be a challenge for entities, in both the public and private sector, going forward.