A MESSAGE FROM OUR FOUNDER AND CEO -
The 2015 hack of the Office of Personnel Management (OPM) is a story that continues to drag on and dangerously so. According to Nextgov.com, the contractor slated to fix all of the security issues at OPM has suddenly gone missing in action. Virginia-based Imperatis Corporation was awarded a sole-source contract in June 2014 in the ongoing disaster of OPM computer security issues. Imperatis has "ceased" operations on the contract and appears to have gone out of business. OPM has since terminated its contract with Imperatis when the contractor employees failed to show up for work.
The Imperatis sole source contract did come under scrutiny. In 2015 the former Inspector General for OPM was highly critical of awarding a sole source contract for computer security. According to Nextgov, the IG noted that the work by Imperatis "violates federal acquisition regulations." In addition, the IG stated that “conflicting statements from OPM officials regarding this contract are extremely concerning.”
It's not like there were red flags over this contract award. Ironically, the same contractor came under the microscope during an Army $1 billion contract. According to Nextgov, the contractor employees were recorded on cellphone videos reportedly drinking on the job and injecting drugs.
Well no need to be concerned - now that the money is gone and the OPM is still wide open. Yes, you read me right... $67 million tax dollars later OPM is still an open target.
During a May 13 hearing by Congress, the acting OPM Director admitted that "there are still elements of OPM systems that are difficult to encrypt."
Thus, her admission dropped like a lead balloon. To date, OPM has not been able to encrypt sensitive data including such nice details like Social Security numbers. Millions spent, contract belly up and OPM system still vulnerable. Par for the Obama computer course.
Then again, the whole OPM fiasco has been classic Obama pin-ball wizardry. First, there was denial followed by metered out admission of 4 million, 10 million then 22 million records stolen. OPM stated that they were unable to prevent the breach because their "legacy" COBOL based system could not be encrypted. However, that assertion is a false excuse since I wrote encryption for the US Army on a COBOL based logistics systems in the 1980s. The fact is, they could have secured the data but decided not to.
Even a cursory review showed that the OPM data security audit and monitoring was virtually non-existent. No one in their computer operations noticed that some source was downloading 22 million personnel records and 5.6 million finger print records. Basically, the operators were asleep, poorly trained, or watching TV when the hackers came in a cleaned out the house. The dog that should have barked was brain dead.
Finally, the reaction to the hack by the Obama administration has been more of a clown act than a real recovery. The immediate response was to offer the 22 million breached souls a free subscription to monitor their credit. This lame effort is telling since it's highly doubtful the hackers took all those records to set up fake debit cards. I base that assertion on two facts: None of the 22 million has reported a credit breach due to the OPM hack and the OPM data has not appeared on any known hacker site for sale.
Clearly, the suspected hackers, the Chinese Army intelligence units under either the 2nd or 4th Departments of PLA HQ, were interested in the data for other purposes. No criminal hacker wants your finger print unless he can also steal your cell phone. However, a Chinese Army hacker would love to have the finger prints of an atomic scientist working at the nuclear Los Alamos labs who passes into a secure area every day, using a biometric finger print locking door.
The breach of OPM data would, in fact, be very valuable to a foreign intelligence service. It can show who is vulnerable to bribery, black mail or extortion. It can be used to identify US government employees of our intelligence services. It does accurately represent the gruesome details of personal life for 22 million individuals including political affiliations, love life, sexual activities and financial status.
The PLA has been quite brazen in its cyber-warfare against America and the OPM hack is actually one in a series of breaches. The targets of Chinese hacking range from the F-35 jet fighter radar and engine schematics stolen from defense contractors on one hand and 80 million healthcare records hacked from Anthem on the other. These items top the long list of breaches directed by Beijing, including our power grid, the water system, financial and communications networks.
The Obama administration sees all this as playful gamesmanship set against a back drop of humorous diplomatic attempts to control the Chinese hacker teams. Of course, the Obama administration takes computer and national security lightly, as if it were some 20th century joke. These are old world ways to the Twitter warriors who take the social media boards to do battle with Putin, ISIS and the Republican Party.
Seriously, who cares if entire disk drives disappear from the material universe at the IRS or if government officials hide corruption by not using official email systems? Hey, if we lose a few national security secrets - and some lives - along the way... well that's just how the game is played.
While the FBI Director fiddles with cell phone encryption and minor thugs - the files of Rome are being ransacked by hordes of rampaging cyber barbarians. While the NSA is concerned about monitoring the personal lives of ordinary citizens, an army of professional agents are plucking US government secrets like so much low hanging fruit from trees.
It can be said with some grain of truth that the Obama administration is in a state of cyber-denial because their handling of federal data security can only be generously described as abysmal. Obama has a cyber legacy that will go down in history. Perhaps one day he can tweet about it or better still, take responsibility for it.
Let's keep an eye on his Facebook page.
One if by land... Two if by sea.
CHARLES R. SMITH
CEO FOUNDER OF SOFTWAR INC.
TAKE CONTROL OF YOUR PRIVACY - ENTERPRISE COMBO PACK $39.95
ALL our products on hard copy CD - LINUX, Android and Windows in one package
