Katherine Archuleta, director of the White House Office of Personnel Management, was ousted last year because her agency’s negligence allowed the largest government data breach in history.

It compromised the personal information of more than 22 million people, including current and former government employees, contractors and people who had merely applied for security clearances. The data stolen included names, Social Security numbers, personal financial records, health records, criminal records, family information and fingerprints.

This happened because OPM ignored warnings about vulnerabilities in its system for three years. It failed to take the simple precaution of using two-factor authentication, as many businesses do. This could mean, for example, requiring a password and a token generated by a trusted device carried by those with access to the network. OPM continued to leave its system vulnerable even months after the hack was discovered.

Archuleta has been out of OPM more than a year, but the agency hasn’t learned from its mistakes. This week, it rehired the contractor that gave hackers the loophole they exploited to gain access the broader system.

KeyPoint Government Solutions and OPM are being sued for allowing the breach. Yet the federal government has just given KeyPoint a $1 million contract. Talk about rewarding failure.

The hacker who infiltrated OPM did so using the credentials of a KeyPoint employee. Once inside the system, the hacker created a back door and gave himself additional system credentials as a domain administrator, and plundered the data for over six months. It took OPM nearly a year to realize it had been hacked.

There is ample and justifiable public outrage over private companies that have lost control of their customers’ financial data. But at least customers can choose not to do business with such private sector bunglers.

It is more serious that no one can trust the federal government, for citizens cannot turn elsewhere. They can’t, for example, send their tax returns to someone else who will secure their data more diligently. They should be able to count on government to hire firms that can do so adequately.

It is already the stuff of legend how difficult it can be to fire government employees, no matter how gross their negligence, incompetence or even criminal behavior on or off the job. But two wrongs don’t make a right. We don’t have to reward incompetent contractors just because we can’t punish incompetent federal employees.

Trump, Clinton fight it out on the ground

Also from the Washington Examiner

Armies of political operatives are fanned out across key battlegrounds to hustle votes.

10/07/16 12:01 AM

Contractors are used for many government jobs specifically because they are easy to dump or discontinue. It should not be this hard for government to recognize contractors with a track record of falling down on the job and kick them to the curb. It is absurd that even now, more than two years after the hack of OPM began, this hasn’t been done.

White House, State coordinated to downplay Clinton email stories

Top Story

Jen Psaki, a former State Department spokesperson, called the email controversy a “swirl of crap.”

10/06/16 9:27 PM

Source link

About the Author:

Leave a Reply