OPM Breach Leads To New Systems, Procedures

The Obama Administration announced changes to the Office of Personnel Management designed to ameliorate the flawed systems and processes that led to a massive data breach in late 2014. The plans – and the steps taken to get there – hold lessons for any IT organization.

Larry Loeb, Blogger, Informationweek

January 28, 2016

2 Min Read
<p align="left">(Image: Greyfebruary/iStockphoto)</p>

10 Best Tech Jobs For 2016

10 Best Tech Jobs For 2016


10 Best Tech Jobs For 2016 (Click image for larger view and slideshow.)

Massive security breaches like the one that occurred at the US Office of Personnel Management (OPM) naturally make headlines. Yet, the steps taken afterward to correct the processes that led to such a situation may be far more interesting to IT professionals than the breach itself.

On January 22, the Obama Administration announced changes in systems and procedures that will be made as a result of the OPM breach, which reportedly occurred in December 2014 and was disclosed last year. The changes reflect what appears to be a systemic top-to-bottom review of what went wrong.

US officials reportedly believe the OPM breach was conducted by a Chinese espionage ring, which accessed records on 21.5 million people, including government employees and job applicants. The hackers also stole the fingerprint images of 5.6 million people.

[ Never underestimate the human capacity for foolishness. Read 10 Stupid Moves That Threaten Your Company's Security. ]

The first notable change is that the Department of Defense (DoD) will assume responsibility from OPM for storing sensitive information on federal employees and others, including those working for government contractors.

Second, the government will create a new entity -- the National Background Investigations Bureau -- to oversee background investigations, a function previously handled by OPM. This bureau will handle some 600,000 investigations annually for new or renewed security clearances. The National Background Investigations Bureau will handle other types of investigations as well, such as those conducted on individuals seeking access to certain government facilities.

The new bureau will be housed within OPM, but the DoD will be responsible for keeping the data secure.

According to Agence France Presse, no timeline for the changes was announced, but officials indicated some of these steps will occur this year.

These changes -- and the steps taken along the way -- serve as an example of the way any organization can react in the wake of a breach:

  • Review the situation.

  • Analyze what did not function as it should have.

  • Leverage resources the enterprise has onboard to the best advantage.

  • Shake up how things are done functionally if necessary.

  • Above all, directly deal with the existing problems and find ways to solve them.

The US government has an overall problem with computer security personnel. Analyst Rob Enderle writes on CIO.com that a brain drain from government to the private sector is underway. Cybersecurity experts are being lured by big pay packages from private companies desperately seeking those with applicable security experience.

By transferring data security to the DoD, the government is leveraging an existing, core base of cybersecurity expertise, rather than attempting to build from the ground up within OPM.

Read more about:

20162016

About the Author(s)

Larry Loeb

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

See more from Larry Loeb
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now