Gyroscopic Investing

The epic cybersecurity fail
July 21, 2015 by Gene Veith

A hacker–probably connected to the Chinese government–has hacked into the databases of the Office of Personnel Management, stealing personal records on some 21 million federal employees.  The stolen information includes the results of security clearances, as well as coercion material on people with security clearances, meaning that this is an intelligence disaster.  Nebraska freshman Senator Ben Sasse, perhaps my highest-ranking personal acquaintance, has written perceptively about this in Wired Magazine, no less.  Excerpt and link after the jump.

http://www.patheos.com/blogs/geneveith/ ... more-21824

... M

Having been investigated and granted a Q clearance in the past year, I'm personally affected by this. On the upside, given that the Chinese/highest bidder on the black market now know shit about me that even Google likely couldn't deduce, there's no reason for me to be paranoid about using gmail any more. I guess I'll go for convenience henceforth.

To me, the most disturbing part of the OPM data breach isn't the breach itself, but the fact that it took the OPM so long (over a year, according to their own statement) to even discover the breach.

Now I'm wondering how many other databases--both government and corporate--have already been quietly breached and nobody has noticed yet. My guess: more than a few of them. I also think that, over the years, some data breaches have never been detected.

If we think any of our electronic information--government, corporate, individual, group--can be truly 100% secure, I think we're burying our heads in the sand. Political grandstanding about the need to beef up the security of our computer networks and databases is ignoring this larger reality. Yes, you can design a state-of-the-art database with state-of-the-art security, but can you ever be 100% sure your database hasn't been breached by an adversary with access to even more advanced technology? How do you even know what the most advanced technology is, and who has it? And so on and so forth.

What's the endgame here?

The endgame is that all personally-identifiable electronic knowledge is known by all powerful entities.

I think it's safe to assume that any and all data that is stored on an third-party internet-connected server is in the hands of someone who you'd rather not get ahold of it. There's simply no good way around this.

New post on Global Guerrillas about the breach too.