“Feds Who Didn’t Even Discover The OPM Hack Themselves…”

“…Still Say We Should Give Them Cybersecurity Powers” The spectacular breach of Office of Personnel Management records, which exposed to China-based hackers information on every federal employee as well as the obviously sensitive contents of security clearance applications, was revealed when a vendor of security services was allowed to do a sales presentation on the federal network in question and discovered the already-exploited vulnerability. But of course the feds will be totally competent in prescribing practice to the private sector, right? [Mike Masnick, TechDirt] Earlier on regulation of private-sector electronic security here, here, etc. Related: W$J (DHS couldn’t move to secure networks without engaging in collective bargaining first). Related: pending bills “authorize government to impose data retention mandate on private businesses”

3 Comments

  • The statement that “But of course the feds will be totally competent in prescribing practice to the private sector, right?,” is way off base. The writer undoubtedly knows that those in the government that screwed up in this instance are completely divorced from those that know how to secure computer files properly.

    My issue is whether the feds may prescribe security practices to the private sector at all, not whether they are competent to do so.

  • This is what happens when you put people who do not understand what their job IS in charge of organizations they also do not understand.

    They have a set of mandated political outcomes they conceive of as “their job” and no idea how to produce them given those resources.

    Result: chaos and widespread panic.

  • […] joined host Ray Dunaway yesterday on Hartford’s WTIC 1080 to discuss the OPM hack (earlier on which) and schemes to extend federal regulatory control over private data security. You can listen […]