While Americans continue the endless debate about who we aspire to be, the Chinese have busied themselves with figuring out who Americans actually are. About four million of us to be exact. They looked us up online.
Allowing for the usual opacity of any story that touches on intelligence-gathering and data breaches, it appears that the federal government’s human resources branch, a.k.a the Office of Personnel Management, was hacked a year ago — and the all the fingers are pointing at China.
A full data breach would not just reveal the identities, vices, and liabilities of most federal employees, but also of their families and loved ones. It would provide an adversary an incredible map of human weakness that is spread across the United States government.
But the real revelation in this data breach turns out to be the vices of the federal government itself. The data vulnerability of the OPM was identified as a “material weakness” by the Inspector General’s office in 2007. The office had no IT staff on hand. According to a report in Ars Technica, the OPM had little idea about the scale of the data it even harbored on its servers or how it was organized.
Unfortunately, many other small federal agencies may be just as vulnerable to attacks. Two decades of bad security practices, a long decline in internal information technology experience within civilian agencies, and a tendency to contract out critical parts of IT to private companies without a great deal of technical oversight have created ripe attack conditions. To boot, DHS’s efforts to provide a first line of defense against network attacks is based on an approach rooted in security strategies more than a decade old — and even that strategy is only now being fully put into place. [Ars Technica]
You might expect outrage, but so far this system-wide failure has been met with a shrug. The federal government zealously guards its powers to compile ziggurats of data on Americans when those powers are challenged by libertarians like Rand Paul. But the job the government is actually supposed to do with data — keep it safe and us safe with it — is entirely left undone. The zeal disappears once the data is stacked, somewhere. Wherever.
The feds are too busy figuring out new ways to mind our business to actually attempt a modicum of competence at the business already at hand.
Imagine the situation was reversed and the NSA had been caught lifting the personnel files of virtually every human being who works for the Chinese government. How tense would relations be with China right now? I’m thinking somewhere on the order of you-just-bombed-our-embassy tense. As it is, if there are plans afoot to retaliate, the White House is doing an uncharacteristically good job of keeping them secret so far.
The story of the Obama era is the story of one colossal federal government train-wreck after another. The Bureau of Alcohol, Tobacco and Firearms shipped guns to Mexican drug cartels in Fast & Furious. Recovery.gov, allegedly designed to promote openness and accountability, ended up filled with bad data…
The president stood in front of the White House, urging the American public to use Healthcare.gov when it wasn’t working…
The Obama administration toppled the government of Libya – without any supporting act of Congress — then sent Americans there and ignored the security requests from our ambassador…
Veterans died, waiting for care, while the branch offices of the VA assure Washington everything is fine.