A lot has been written on the OPM Breach. It is huge and possibly larger. The most important piece of information about the breach is how it was discovered. An assessment was being done on computer systems to add monitoring tools. That was when the breach was discovered. That is very, very important.
Breach of systems are happening all the time. Not every system, but many systems out there are being breached. Most of the breaches occur without anyone’s knowledge. You have to actively look for activity indicative of a breach. You have to be able to recognize when a breach is occurring. The kind of intrusion detection that has to occur has to keep pace with the changes in technology.
Hacking Did Evolve
Hacking is no longer about disrupting systems. Machine disruption is a tool of limited use. Hacking to compromise people socially can be far more devastating. You do not need security on a computer to keep the computer from failing. You can usually get a computer back up, even if it is not the same one. Especially if you have a solid backup. Rather you need security to keep you from failing in the social sphere. That includes maintaining your job, finances, and responsibilities. Powerful hacking can destroy all three.
Learning through Hacking
Hacking should never, ever be outlawed. Just the opposite, hacking should be given full support. Knowing that a system is vulnerable is something you should know. Few things are as dangerous as false security. There is a difference between that and how you use the information you access. Provable harm to others that greatly damages lives in specific circumstances is where the focus should be rather than the tools and processes that are indifferent to motivation.
The Internet of Everything isn’t for Everything
Sometimes the best solution is to stop doing something. Perhaps it would be better that some systems, some pieces of critical information are never within reach or proximity of a public computer network. The design of a computer network for some scenarios can indirectly become someone else’s honey pot. A self-inflicted wound as they say.
It is not that anything is wrong with computer networks. The issue is you cannot continuously certify all end points and nodes. Those end points are subject to either great variation or glacial evolution to a proven level of resilience against compromise. In some cases, you need 100% certainty that no compromise is possible and anything less than 100% is inadequate. When defining a computer system for those circumstances, regarding a system design, if the answer cannot be guaranteed for the life of the system, it is probably best to stay with pure natural solutions. As inconvenient as they may be. A breach the size of OPM or even in the minute case of a single person may be far less convenient.
The, Does it Go Online Test
How do you use computer systems? You use them under the assumption of an unsecured line. Only transmit info that you would not object to others overhearing. That is the only test you apply to computer systems. Do not store secure data, in private, long-term. Do not store secure data, in the public cloud, short-term. During that planned short-term store of an hour or a month a breach can occur.
Making the Choice
Exceptions to the test are in instances of quick data transfers over encrypted lines. Shopping online is an example of a quick data transfer of your credit card info. Sending in a job application bearing your social security number is another. You may not have a choice in those cases, but when you do, consider the sensitivity of the info before you type or click send. When you have a choice and the info is sensitive, prefer to send nothing at all.