When I made mistakes as a kid – and I made my share of them, believe me – I was taught to learn from those errors. Everybody makes them, I was told, but the key is to figure out why the mistake was made and how I could improve in that area.
Sounds pretty basic, right?
But 2½ years after the worst cyber security breach in U.S. history – one that allowed the theft by China of personal information belonging to some 25 million U.S. government employees – it doesn’t look like we’ve learned anything.
The Situation Is Worsening
According to a recent report from the Inspector General, the White House Office of Personnel Management is actually getting worse in its efforts to provide adequate defenses against additional cyber intrusions.
The report refers to a “significant regression” in complying with information security requirements. For one thing, the agency is failing to check security controls on computer systems to make sure they are adequate.
And no wonder. The White House Office of Personnel Management staff turnover rate in sensitive information-security jobs is alarmingly high, including five different Chief Information Officers in three years.
A variety of longstanding security weaknesses are being ignored by the agency, as are a number of security recommendations that were made by Inspector General reports even BEFORE the major security hack.
Tell Them, Don’t Ask Them!
The report makes 26 recommendations on how to fix the problems, including many that are repeats from previous suggestions.
It sounds to me like these “recommendations” and “suggestions” should be changed to “orders.”
In the 21st century, cyber attacks can be just as devastating as physical attacks. The U.S. should be No. 1 in the world in cyber security, but it looks like we’ve got a ways to go to get there.