I have maintained an active security clearance with the U.S. government since sometime in the mid 1980's, the maintenance of which required periodic reviews and significant revelations of a great deal of personal data.
The system supporting this massive bureaucracy is administered by the Office of Personnel Management (OPM), which it was recently revealed had its IT system compromised and the personal data (including mine) of as many as 14 million people has been siphoned off. All signs point to the People's Republic of China as being behind this act, yet our President has yet to publicly discuss responsibility, either for the breach (China) or for allowing it to happen (OPM).
This Administration has for most of its time in office, mishandled the China account, seeing in its rise a sense of inevitability that relieves it of any responsibility for real statecraft, nuanced or power-based. Like so many of Mr. Obama's other mistakes, the strawman supports his view here, and it goes something like, "what are we going to do, go to war with 1/5 of the world's population"? This then, relieves him of having to think clearly about what OTHER things can be done short of war.
As my friend Misha Auslin wrote recently, it is time to stop treating China as a partner, and recognize that we are engaged in a new great power competition. This recognition SHOULD be the big story upon which we concentrate, but instead, we are talking about Confederate flags.
Others on this blog have beaten this subject to a fare thee well, and so I will only say that while I have a personal dislike for the sight of the Confederate flag, I continue to maintain a steadfast allegiance to the First Amendment and the right of others to festoon their autos, houses, flag poles or upper arms with representations of something I hold in low regard. Where I depart the pattern is when government supports, nay, requires the appearance of such a symbol.
We have as a country, spent an inordinate amount of time over the past week in a great national Oprah show, trying to blame the actions of a mentally ill, racist, terrorist on the flying of a flag, without much irony in explaining how that flag accounted for such acts of domestic terrorism elsewhere in the country. All the while, a foreign flag is conducting its own acts of terrorism against us.
Who does this extended dialogue on flags and race serve? Why, Hillary Clinton of course, and Barack Obama. Hillary has all of a sudden become the great friend of race relations as she attempts to cobble together the Obama coalition of 2008/2012. Tigerhawk has appropriately identified the naked political angle here, as in 2008 her bread was buttered on low Black voter turnout, whereas her 2016 future hangs on it. More importantly though, if the OPM's oversight of personal information was so easily obtained by Chinese hackers, are we to believe that Mrs. Clinton's basement server was somehow more secure? Remember folks--Mrs. Clinton claims to have ONLY used her personal email address(es) during her time as Secretary to transact the business of that office. She has not made those emails available for Congressional scrutiny, only the ones that her team cleared for sharing. Wrapping herself in the flag of the anti-flag movement comes at a particularly serendipitous time for the former Secretary.
And how is Mr. Obama served by the Great Flag Debate? Why, the more we talk about it, the less he is identified once again with MASSIVE failure of government. How soon we forget the collossal failure of the Obamacare exchanges--both state and federal? Not only is failure endemic to this administration, but no one seems to be fired except Generals who blab to Rolling Stone. There is no responsibility, there is no accountability.
I do not raise all this to minimize the deaths of 9 innocent people in South Carolina. I simply wish to urge my fellow citizens to keep our eye on the ball, on the long term, and on the strategic.
And what about OPM's assertion in Congressional testimony that "no one" was at fault for the leak. They blamed the hackers! Even my liberal friends, who purport to believe government is competent, did not defend that. The dereliction of the press is arresting.
ReplyDeleteI work in cybersecurity now. OPM ignored the bulk of the FISMA (Federal Information and Security Management Act) rules, the ones we citizens and private companies can get fined or sued for not complying with.
ReplyDeleteThe OMP hack comes down to 4 major points of failure:
- Old systems, layer upon layer of patchwork and plaque to keep them functioning, often using systems which are no longer made by companies and integrators which no longer exist. But, even old stuff can be encrypted.
- No encryption on the 43 major databases used by OPM. Which would have helped, except....
- To have encryption, each end upser needs two-factor authentication, like a military CAC card, or an RSA token with a code generator. OPM didn't have that. They were fixin' to. It was on the roadmap.
- Once on the network, they could pretty much go anywhere. And as government has outsourced to other companies, the perimeter is extended - and you're only as weak as the weakest link.
Good article here: http://arstechnica.com/security/2015/06/epic-fail-how-opm-hackers-tapped-the-mother-lode-of-espionage-data/
When are all those Republicans running for the nomination in 2016 going to stand up and say to the press, "Look, you guys passed on vetting Obama in 2008, and you have failed to hold him responsible for ANYTHING bad that happened on his watch. As such, you are no longer credible, so I will no longer answer any of your 'gottcha' questions."
ReplyDelete