OPM

I got a note in the mail today from the Federal Government's Office of Personnel Management, letting me know that my security clearance information was among those stolen in the massive data breach we've read about. They've taken a page from Target -- the store, that favorite of Michelle Obama's -- by offering me three years of free identity theft protection by way of compensation.

Which is all well and good, but -- like the President's own pre-announced withdrawal timeline for his Afghanistan surge -- that only tells the Chinese how long they have to wait before going gangbusters with the stolen data. My personal interests aside, out of a simple concern with national security they ought to flag my data (and all our data that was stolen) forever, not for three years. Whoever stole this stuff knows everything there is to know about where I've lived and worked, has on file personal references from people who have been interviewed in support to the investigation, and so forth. You could obtain any kind of paperwork from the government, or for that matter from private banks, based on what's in that file.

Fair enough if the three years is a stopgap while they put something else in place to ensure that the stolen data can't be used by the hackers, although it's not clear what that "something" might be. Perhaps a marker that anyone affected must be handled on a different basis than past information, should they need new clearances (or loans).

Still, three years is not that long a time. The scale of this breach, targeting as it did those with security clearances, ought to merit a much more permanent and serious response. That's true even if the government only cares about its own security, and not at all about those of us who are personally compromised.

13 comments:

Assistant Village Idiot said...

I'm one year into a similar three-year protection from the Anthem BCBS hack. Frankly, I have no idea what it means.

Eric Blair said...

Same thing happened to me with Target, with Home depot and with the IRS. The last was funny, since somebody tried to get a refund, and we always end up paying taxes. Heh.

raven said...

This is the single worst breach I am aware of, from an operational standpoint. It gives a lever over anyone in the Gov. "say, Leo, you might want to- do/not do- something on this date at such a time or if this happens-- if you like your family." This, over ALL the US forces, security guys, etc? This is a catastrophe.
From some web site I got the impression the Chinese are busy integrating this info along with anything else they can get into a vast facebook like searchable data base- so , for example, if you want to pull up a certain person it will also get all their "friends" etc.

Tom said...

This was an act of war, but I'm not sure how we should have responded. Any ideas?

Grim said...

It was an act of espionage, which is not quite the same thing. We should respond by doing exactly the same thing in return, and rather more clandestinely if we can manage it.

Tom said...

I mean, once I de-escalate from "nuke 'em" to "create a new Pacific reef with one of their fleets", I end up with simply having our accountants tally up the costs of their theft and writing it off our national debt.

I wonder what China would do if we just said, hey, you've stolen about $1 T in tech and info, so we'll knock it off what we owe you.

Tom said...

I was writing as you posted. The problem with espionage is, it isn't as satisfying as a fleet sinking to Davy Jones's locker. Not only is the score hidden, most of the plays are as well. Leaves me hungry.

E Hines said...

It was an act of espionage, which is not quite the same thing. We should respond by doing exactly the same thing in return....

Not at all. I don't agree that it's not an act of war, but even if it is "only" an act of espionage, responding by doing exactly the same thing is suboptimal. If nothing else, it leaves the initiative in their hands.

We should escalate, catastrophically. If we don't have the means to do so, we should get the means, and then escalate catastrophically. There's no need for a statute of limitations on this. Enter their government systems, steal copies of the data, then alter it in subtle ways. On the way out, shut down their communications within their government, and between the CPC and the PLA. Shut down the communications nets of their port city governments.

Eric Hines

Grim said...

It's good that there's no statute of limitations. It'll be a while before we have the right leadership to direct such an effort.

raven said...

There is one thing that seems to be consistently taken for granted, or at least not publicly mentioned. The assumption seems to be it is only the Chinese who have this data. that seems like a very foolish assumption.

Grim said...

Yeah, depending on how it was obtained, it may well be for sale to anyone who wants it. Or transmitted between hostile powers in return for other considerations.

Grim said...

Fortunately, as the Baron of Ibelin said, "If you've come to kill me, even these days it is not easy."

Ymar Sakar said...

I guess people never considered that the feds leaked this intentionally, like when Hussein told the credit cards to remove the fraud protection for oversea transfers to his campaign, like when HRC pulled the bodyguards from protecting Benghazi's Ambassador in the US embassy, like when they leaked Seal Team 6 op details to the Taliban.

It's always the things people think were "impossible" that gets them torn apart by the military geniuses.