Archives For national security

shadow

32 Million Important Records

Are you up on OPM? 18 Million personnel records breached in the Office of Personnel Management.  It’s the latest in a string of high-profile data breaches our government has suffered. There’s been some reporting on this, but not nearly enough.  The number was first reported around 4 million, then 18, and now, after a recent congressional hearing, the number may actually be as high as 32 million.  But there’s more…

Here’s what you need to know…

1. L. Gordon Crovitz, columnist for the Wall Street Journal writes, “The Chinese hackers managed to gain “administrator privileges,” allowing them full access to the computers …among other things, they were able to download confidential forms that list “close or continuous contacts,” including those overseas.” He goes on to report, “That’s not the worst of it. The administration disclosed a separate intrusion that gave Beijing full access to the confidential background-check information …that includes the 4.5 million Americans who currently have access to the country’s top secrets. The potential for blackmail is chilling.”

2. Much blame is being cast on the Chinese for this attack, however Crovitz points out that, given the opportunity, any government who has access to another government’s records is going to take them; the US included. It’s up to the US government to make sure our data isn’t available to other countries.  We saw fines and personnel changes when Home Depot and Target were hit – what happens when the Government, the ones who impose these fines on private sector companies, make the same mistakes?  It’s an interesting question…

3. The fallout is potentially big.  While a recent Wall Street article suggests that the US data has not shown up in online chat rooms yet, Crovitz calls this issue a much bigger problem than Edward Snowden’s breach. He writes, “Millions of patriotic Americans entrusted with national secrets are going to lose much of their privacy because their government was unable to protect their confidential personnel records…That loss of privacy dwarfs the hypothetical risks from the NSA that have dominated the headlines.”

4. Other reports discuss national security… These “hackers accessed not only personnel files but security-clearance forms, current and former U.S. officials said. Such forms contain information that foreign intelligence agencies could use to target espionage operations.” WSJ. Apparently the government officials announced the personnel attacks, but held back on the security-clearance theft for at least a week.

Stay on top – learn the sound bites… in my book, The House & the Cloud, chapter 6, I discuss the power of sound bites and how to effectively use them (and how not to use them) in a sales call.

© 2015, David Stelzl

Advertisements

U.S. Eyes Pushback On China Hacking

Reads the headline in today’s tech section of the Wall Street Journal.  Over the past several months there have been numerous articles published in the Journal – some saying this is real, others denying it…I appreciate one article stating that these attacks are small enough for our government to ignore, so that there is no one single incident demanding a response, but big enough to threaten the long term viability of some of the major companies in the US.  In another Journal article I read, “All major US companies have been successfully compromised…”  Where is this all headed?

Companies who insist “They’ve got it covered…” are in trouble in my opinion.  No company is really impenetrable.  In fact, the idea of using a pen-test to show your clients that their data is safe is a false sense of security.  A failure to break in simply shows the incompetence of the pen-testing team.  It certainly doesn’t mean the company is well secured.

In today’s article the Journal reports – “The Obama administration is considering a raft of options to more aggressively confront China over cyberspying,…, a potentially rapid escalation of a conflict the White House has only recently acknowledged.”  The key phrase here is, “Only recently.”  Why have government officials denied this for so long?  Perhaps for political and economic reasons. The Journal states it like this, “Before now, U.S. government officials and corporate executives had been reluctant to publicly confront China out of fear that stoking tension would harm U.S. national-security or business interests.”

Why are the Chinese on the attack?  “China is stealing trade secrets as part of plans to bolster its industry.”  It’s simple, the US has a greater capacity for innovation.  By invading company’s intellectual capital, other nations can cut thousands of man-days out of the R&D process.  Google, EMC, RSA New York Times, Wall Street Journal, and many other well-known companies, along with many federal organizations including the Pentagon, have reported problems traced back to China in recent years.  However, things like “dependency on China to underwrite U.S. debt and to provide a market for U.S. businesses,” have allowed these nation-state sponsored attacks to go unchallenged.

Recently our government officials have come out saying, “Cybersecurity threats are the greatest threat to our security—economic security, political security, diplomatic security, military security.”  No matter how big your customers are, cybersecurity is something you want to understand and engage them in.  We’ll be covering more on this threat in the coming weeks as we approach the May, Making Money w/ Security workshop.  I’m looking forward to seeing you there.

© 2013, David Stelzl