OPM Breach Insights and Lessons

A lot has been written on the OPM Breach. It is huge and possibly larger. The most important piece of information about the breach is how it was discovered. An assessment was being done on computer systems to add monitoring tools. That was when the breach was discovered. That is very, very important.

Breaches Everyday

Breach of systems are happening all the time. Not every system, but many systems out there are being breached. Most of the breaches occur without anyone’s knowledge. You have to actively look for activity indicative of a breach. You have to be able to recognize when a breach is occurring. The kind of intrusion detection that has to occur has to keep pace with the changes in technology.

Hacking Did Evolve

Hacking is no longer about disrupting systems. Machine disruption is a tool of limited use. Hacking to compromise people socially can be far more devastating. You do not need security on a computer to keep the computer from failing. You can usually get a computer back up, even if it is not the same one. Especially if you have a solid backup. Rather you need security to keep you from failing in the social sphere. That includes maintaining your job, finances, and responsibilities. Powerful hacking can destroy all three.

Learning through Hacking

Hacking should never, ever be outlawed. Just the opposite, hacking should be given full support. Knowing that a system is vulnerable is something you should know. Few things are as dangerous as false security. There is a difference between that and how you use the information you access. Provable harm to others that greatly damages lives in specific circumstances is where the focus should be rather than the tools and processes that are indifferent to motivation.

The Internet of Everything isn’t for Everything

Sometimes the best solution is to stop doing something. Perhaps it would be better that some systems, some pieces of critical information are never within reach or proximity of a public computer network. The design of a computer network for some scenarios can indirectly become someone else’s honey pot. A self-inflicted wound as they say.

It is not that anything is wrong with computer networks. The issue is you cannot continuously certify all end points and nodes. Those end points are subject to either great variation or glacial evolution to a proven level of resilience against compromise. In some cases, you need 100% certainty that no compromise is possible and anything less than 100% is inadequate. When defining a computer system for those circumstances, regarding a system design, if the answer cannot be guaranteed for the life of the system, it is probably best to stay with pure natural solutions. As inconvenient as they may be. A breach the size of OPM or even in the minute case of a single person may be far less convenient.

The, Does it Go Online Test

How do you use computer systems? You use them under the assumption of an unsecured line. Only transmit info that you would not object to others overhearing. That is the only test you apply to computer systems. Do not store secure data, in private, long-term. Do not store secure data, in the public cloud, short-term. During that planned short-term store of an hour or a month a breach can occur.

Making the Choice

Exceptions to the test are in instances of quick data transfers over encrypted lines. Shopping online is an example of a quick data transfer of your credit card info. Sending in a job application bearing your social security number is another. You may not have a choice in those cases, but when you do, consider the sensitivity of the info before you type or click send. When you have a choice and the info is sensitive, prefer to send nothing at all.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s