OPM Breach Leads To New Systems, Procedures - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
Commentary
1/28/2016
08:06 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

OPM Breach Leads To New Systems, Procedures

The Obama Administration announced changes to the Office of Personnel Management designed to ameliorate the flawed systems and processes that led to a massive data breach in late 2014. The plans -- and the steps taken to get there -- hold lessons for any IT organization.

10 Best Tech Jobs For 2016
10 Best Tech Jobs For 2016
(Click image for larger view and slideshow.)

Massive security breaches like the one that occurred at the US Office of Personnel Management (OPM) naturally make headlines. Yet, the steps taken afterward to correct the processes that led to such a situation may be far more interesting to IT professionals than the breach itself.

On January 22, the Obama Administration announced changes in systems and procedures that will be made as a result of the OPM breach, which reportedly occurred in December 2014 and was disclosed last year. The changes reflect what appears to be a systemic top-to-bottom review of what went wrong.

US officials reportedly believe the OPM breach was conducted by a Chinese espionage ring, which accessed records on 21.5 million people, including government employees and job applicants. The hackers also stole the fingerprint images of 5.6 million people.

[ Never underestimate the human capacity for foolishness. Read 10 Stupid Moves That Threaten Your Company's Security. ]

The first notable change is that the Department of Defense (DoD) will assume responsibility from OPM for storing sensitive information on federal employees and others, including those working for government contractors.

Second, the government will create a new entity -- the National Background Investigations Bureau -- to oversee background investigations, a function previously handled by OPM. This bureau will handle some 600,000 investigations annually for new or renewed security clearances. The National Background Investigations Bureau will handle other types of investigations as well, such as those conducted on individuals seeking access to certain government facilities.

(Image: Greyfebruary/iStockphoto)

(Image: Greyfebruary/iStockphoto)

The new bureau will be housed within OPM, but the DoD will be responsible for keeping the data secure.

According to Agence France Presse, no timeline for the changes was announced, but officials indicated some of these steps will occur this year.

These changes -- and the steps taken along the way -- serve as an example of the way any organization can react in the wake of a breach:

  • Review the situation.
  • Analyze what did not function as it should have.
  • Leverage resources the enterprise has onboard to the best advantage.
  • Shake up how things are done functionally if necessary.
  • Above all, directly deal with the existing problems and find ways to solve them.

The US government has an overall problem with computer security personnel. Analyst Rob Enderle writes on CIO.com that a brain drain from government to the private sector is underway. Cybersecurity experts are being lured by big pay packages from private companies desperately seeking those with applicable security experience.

By transferring data security to the DoD, the government is leveraging an existing, core base of cybersecurity expertise, rather than attempting to build from the ground up within OPM.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
50%
50%
larryloeb,
User Rank: Author
2/3/2016 | 1:26:44 PM
Re: everything changing
OPM can't do it, They dont have the skillsets.

DoD does. It's that simple.
batye
50%
50%
batye,
User Rank: Ninja
2/3/2016 | 11:23:41 AM
Re: everything changing
@larryloeb, how I see it, Gov. is too slow to respond... but now with changes they have no choice as to improve/increase ability to impliment rapid change as need it... 
larryloeb
50%
50%
larryloeb,
User Rank: Author
2/3/2016 | 10:33:06 AM
Re: everything changing
Game changers in what way?
batye
50%
50%
batye,
User Rank: Ninja
2/3/2016 | 10:26:43 AM
everything changing
this days how I see it hackers acting like a game changer for some of the Co....
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll