Why Are We Ignoring a Cyber Pearl Harbor?

Jonah Goldberg – Los Angeles Times

What if a team of Chinese agents had broken into the Pentagon or — less box office but just as bad — the U.S. Office of Personnel Management and carted out classified documents?

The damage is hard to exaggerate.

Former NSA counterintelligence officer John Schindler calls it a “disaster” in a column headlined “China’s hack just wrecked American espionage.” Joel Brenner, America’s top counterintelligence official from 2006 to 2009, says the stolen data amounts to the “crown jewels” of American intelligence….

We understand as an intellectual matter that hacking isn’t magic. But that doesn’t change the fact that this kind of crime doesn’t feel wholly real either. The media may be downplaying it, but the public seems underwhelmed as well.

Placing the Office of Personnel Management Hack in Perspective

Robert Knack – Council on Foreign Relations

Part of the reason I am a bit blasé about the Office of Personnel Management hack, is if the Chinese government is indeed behind it, it’s not by any stretch the most dastardly thing they have done in cyberspace. It’s just the most recent one that we know about. It’s getting a lot of press because personally identifiable information (PII) was compromised….

We may find out later that the hackers also got their hands on the SF-86s—the forms you fill out when you apply for a security clearance. I am fully confident that if the investigation uncovers those losses, there will be a second statement from OPM and an offer for credit monitoring for contractors and family members.

To put all of this in perspective, here are five Chinese hacks that are worse than the breach at OPM based on a list of significant cyber incidents compiled by the Center for Strategic and International Studies:

President Barack Obama holds a round table with business leaders at the Summit on Cybersecurity and Consumer Protection in California earlier this year. (Reuters)

After Hack Attacks, OPM Has Some Explaining to Do

Joe Davidson – The Washington Post

Background investigations are done on federal employees, contractors and applicants who need security clearances. If you have one, presumably you are in a position to know government secrets. If there is “high degree of confidence,” as OPM said, that the information of these individuals was targeted, then the thieves could be building their own database of well-placed federal employees for exploitation later….

“We are living in an age where our privacy is at risk,” said Carl Goldman, executive director of American Federation of State, County and Municipal Employees Council 26, which represents staffers at the Library of Congress and the Agriculture and Justice departments, among other places. “Those who try to protect us from privacy invasions have a difficult job….That’s what I’m concerned about,” he added. “Do we have the capability, and are we doing all we can do?”

If the answer is yes, then yes isn’t good enough.

The U.S. Office of Personnel Management. (Reuters)

3 Steps to Improve Government Cybersecurity

Alan D. Cohn – Christian Science Monitor

Along with millions of other former and current federal employees, I’m fairly certain criminal hackers now have my personal information. As an assistant secretary at the Department of Homeland Security until earlier this year, the government stored many of my personal and professional details – Social Security Number, addresses, employment history, security clearance information – and facts about my family, too….

There’s not much we can do now to take back what’s been stolen, but the government can make a few easy to implement changes that’ll vastly improve network security – and help prevent the next hack.

st, scrap the government acquisition system for cybersecurity. Simply put, the speed of innovation in cybersecurity has made the current multiyear government systems acquisition process irrelevant. Second, the government needs to get venture capitalists into the game.