Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

OPM Hack: Can it get any worse?

Last night I was asked on Fox News what I thought the impact of the OPM hack would be and I commented on the incredulous amount of information that has been stolen and the potential impact on over 21 million Americans. In my opinion, no more valuable a trove of information can be found outside of actually compromising our national defense systems.

For those of you that don’t have a security clearance, the information that is on these forms is staggering. Due to the fact that an initial security background has to be complete in order to properly “vet” the individual for access to classified data, applicants are required to pretty much place their entire life on this forms: addresses, positions, next of kin, SSN, criminal background, medical issues, drug use etc. I don’t know of one other single source of information that is so complete about an individual.

For this reason, I am astounded that, at a minimum, none of this data was at least considered critical enough to national security for it to be encrypted and possibly be declared classified. These “crown jewels” should not have been left in an antiquated IT architecture with 80 various agencies having access to it, without being protected. Even after the 2 contractors that had the contracts to conduct background checks were hacked, nothing was done to increase the security around this data and to keep it from nefarious hands.

The OPM and the Obama administration needs to move fast to fix this. Right now, there are 21 million Americans, including me, whose lives are now compromised and will be, for decades. This data must be taken off line and encrypted, if not placed behind a closed architecture with limited access. There must be some basic cyber security procedures taken such as these to at least provide this information with the protection it warrants. Making some easy decisions such as these and moving fast will show the American people that this cyber-attack is being taken seriously.

Assigning attribution for this hack and having a plan of attack to counter this threat should be of the highest priority. The American people should know that the data they entrust to the USG is safe and that those people or counties that violate that agreement will be punished. While the #1 culprit, presumably is China (and personally I agree that no other country has more to gain through the theft of this data), it is critical to identify the entity behind this act and resolve the damage through a combination of diplomatic, legal, economic or military action.

Oh, and 3 years of credit monitoring doesn’t even come close to compensating these victims for this hack. The USG should move to provide compensation for each American who has to find the time to fix identify theft associated with this. Additionally, creating a law enforcement capability or augmenting an existing agency such as the FBI to review stolen records and monitor various healthcare, insurance, tax and yes OPM systems for fraud, exploitation and impersonation would help provide the necessary increase in vigilance.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903