Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Katherine Archuleta, In the Name of God, Go
The director of the federal Office of Personnel Management will not resign, despite bipartisan calls that she do so:
The escalating calls for Archuleta to be replaced came as the Obama administration disclosed on Thursday that the number of people affected by the federal breach — believed to be the biggest in U.S. history — was far higher than previously reported.
Hackers downloaded Social Security numbers, health histories or other highly sensitive data from OPM’s databases, affecting more than five times the 4.2 million people the government first disclosed this year. Since then, the administration acknowledged a second, related breach of systems housing private data that individuals submit during background investigations to obtain security clearances.
Although the government declined to name the hackers, officials said the same party was responsible for both hacks. Numerous U.S. lawmakers who have been briefed on the federal investigation have pointed the finger at China.
From her June 28 bulletin:
As our investigation into the cyberintrusions and theft of information at OPM continues, I want to reassure our Federal family how seriously I take our responsibility to provide you with timely and accurate information, as well as the resources to protect you from any malicious activity that may come from these events.
Our Federal family?
Over the past week, CSID has been increasing the number of call center employees available to answer your questions. Additionally, they are equipped with the latest list of Frequently Asked Questions to make sure everyone is getting updated and consistent information.
Wait times are also a concern. The good news is that, because CSID has been adding additional call center employees, the wait times are down significantly. A new feature has also been added giving you the option to have the center call you back when it’s your turn. This keeps you from having to wait on hold.
That doesn’t happen to me when I call my family. Happen to you?
Each and every day, as we investigate these attacks and aggressively work on the redesign of our computer network, we are keeping in mind the millions of men and women who have and continue to serve the American people. We honor your contributions and the trust you put in us to keep your information safe. I pledge that we will do everything we can to give you the support you need.
The OPM, reports Wired, had no IT security staff until 2013:
The agency was harshly criticized for its lax security in an inspector general’s report released last November that cited its lack of encryption and the agency’s failure to track its equipment. Investigators found that the OPM failed to maintain an inventory list of all of its servers and databases and didn’t even know all the systems that were connected to its networks. The agency also failed to use multi-factor authentication for workers accessing the systems remotely from home or on the road.
Katherine Archuleta, in the name of God, Go.
Something about Ms. Archuleta’s prose style tells me that reference will be lost on her.
Published in Domestic Policy, Foreign Policy, General
This whole incident has left me furious. As a government employee (for only 6 more weeks!) I have been incredibly inconvenienced and the burden of managing my identity risk requires a significant amount of time and vigilance. At no point have I received an email of apology or taking responsibility. It’s all “here’s what we’re doing for you.”
However, just yesterday I received a lovely email…not from OPM and Ms Archuletta, but from HHS telling me how important I am to them and how they are helping me out.
The email’s stated purpose is:
It appears to me that perhaps my best option for securing data, protecting myself from identify theft, and staying safe online is to keep my information away from OPM.
If I wasn’t a conservative before, this incident would have made me one. I’ve seen toddlers take more responsibility for doing something wrong.
So putting it as charitably as I can, she’s more concerned about the public relations disaster than the actual security disaster. She’s in default spin mode, and the first priority is “how can we keep people from getting too angry with us?”
Yes, the historical reference would be utterly lost.
Feds don’t call it the Orifice of Personnel Management for nothing.
I am not sure why the fuss now. The governments of the United States have shown that they have a cavalier view of protecting data. Be it this event, Snowden, Clinton personal email servers, IRS losing emails, leaked tax returns, etc.
In government, resignation is a way to protect higher-ups. When she says, “No one is personally responsible”, what it really means is that responsibility is above her pay grade. Maybe she should go. But maybe we also need to start looking at her bosses and to what extent they knew about the vulnerabilities. Conceivably her bosses should be the ones to go.
Or both.
Come on, Claire. Personal responsibility is so 20th Century.
Government is simply the name we give to the things we choose to screw up together.
Claire:
It’s a family, all right. A dysfunctional family.
Seawriter
I believe her immediate boss is Barak Obama. Which may be why he’s somewhat reluctant to fire her. No insulation.
To be fair, the reason they din’t cotton to Snowden was Snowden made it essentially impossible to do so.
Cue broken record:
There are thousands of businesses all over the USA who cower under the burden of federal technology and security regulations so onerous that one incident, even if it be exponentially smaller than this one, could put them out of business.
The breach of a single instance of private patient information (whether or not it contains actual medical data) by a hospital or medical provider may result in tens of thousands of dollars of fines, and perpetual meddling from that point on by government regulatory agencies into whether or not the organization has properly ‘secured’ its data.
The breach must be self-reported by the organization. The patient concerned must be notified of the breach. The organization must be able to produce, on command, detailed and explicit recounting of the circumstances, and be able to vomit up at any point, voluminous historical data in electronic format.
And then, the assessment and penalty phase begins.
If the breach involves more than one patient, the fines can run into the millions.
From this article:
I’m not acting as an apologist for the medical establishment here. It does indeed sound as if these two organizations were running their IT infrastructure according to observed federal government standards of computer security rather than best industry practices.
I’m just pointing out, once again, that these incompetent boobs in the federal government (you can decide whether or not that’s a CoC violation if you like), live by a completely different set of rules than the rest of us.
Keep in mind, as you read this, that the judge, jury and executioner in the case I cited is a sister agency to that run by Katherine Archuleta.
Wouldn’t you like to see an accounting of its own IT security plan?
You don’t understand. It’s not their fault. If the Republicans had given them enough money to run the program correctly, to obtain the correct security, this would not have happened. You know that George Bush left us in a mess here.
I do not look forward to the day when these folks run our single-payer health care system after Obamacare goes bust during the Clinton Administration.
Scary Fact # 137: Whoever is to blame, let me tell you this: we have no idea what to do about this. Cybercrime, not global warming, is probably the biggest threat to the United States. And we are essentially, most all of us, babes in the woods. I’m an IT guy with 25 years in this business. And it’s only gotten worse.
If you think cybersecurity is IT’s problem, as Archuleta probably does, then you are the biggest part of the problem.
Did we have this many security breaches in the past, as in past administrations? I don’t recall this being a constant event on all levels, medical, state, federal, military, retail, even Hollywood movie industry in the past! There seems to be no consequences for poor job performance – in the private sector a CEO would be history. The IRS targeting conservative and Tea Party groups is another example – the evidence was there – no one resigned. We have brilliant people who have the talent to stay ahead of cyber crime – Israel does a far better job than the US. I saw on Charlie Rose, several programs with not only military community. but also high tech execs warning about this threat for some time – yet we always seem to be behind the eight ball – why?
Isn’t this a major part of our country’s safety like the CIA, FBI etc.? And I am wondering if it is due to cutbacks in funding in all those areas that have left us more vulnerable? I wonder what the dollar figure is in comparison to other countries in placing value on cyber-security.
Civil Service reform, and exacting true accountability would be a good issue for any Republican with the brains and spine to take it up.
Regrettably there’s not the remotest possibility of any of them doing anything about it.
I know I’m very cynical, tediously so probably, but as Dorothy Parker said “No matter how cynical I become, I just can’t keep up.” Especially after a performance like Archuleta’s.
Love this comment.
She, preach on!
And you wonder why Donald Trump resonates with the public.
“We pledge to build a more perfect polygamous union.”
When I read phrases like “our Federal family,” I think, “This is so far gone there’s no walking it back.” The confusion of “the United States Federal Government” with “Mommy and Daddy” is so grotesque, so overt, so inappropriate, and so patronizing — she is addressing adults, and she is describing a massive breach of their privacy and of American national security — and yet somehow she thinks this appropriate language. And so, apparently, do many people.
Orwell didn’t call his totalitarian dictator “Big Brother” on a whim. In spite of being a socialist himself, he understood perfectly what institution totalitarian government purports to replace… although, given how explicit “Progressives” were about it in the early 20th century, it would have been shocking if someone as intelligent as Orwell failed to notice.
Just curious but has even a SINGLE member of this administration EVER resigned after being caught in gross negligence, willful duplicity, or premeditated political aggression? I am not sure I can name one…
There is nothing I can add to She’s synopsis.
I think it’s time for some good old Protestant leveling.
Then again.
Decisions, decisions.
Regards,
Jim
You’re right, of course. It’s just so depressing to see it, and to see that American society is in no way inoculated against it — not even by a natural sense of ridicule.
And she’s out. Just heard.
Maybe your historical reference got through after all, Claire. Or more likely, the White House decided it was time for someone else to take the blame before it went higher.
That’s a very good tl;dr of why I believe the American experiment has failed and am prepared to leave. If the government is acting in loco parentis—because the electorate wants it to—guess what? There are lots of places in the world that do it better!
————-
I’m waiting until the check clears on the resignation. Is there no criminal penalty? Maybe a public flogging? No more cinnamon rolls at the OPM cafeteria? Something? Anything?
Regards,
Jim
Is there a basis or a context for creating a criminal sanction for the gross mismanagement of a public office? At what point can the maladministration of a department or agency give rise to a felony or misdemeanor charge?
MSJL,
Very good question. Can you imagine the size of the total salary-benefit package this creature was sucking out of the veins of the tax payers. Do we get nothing for our money? Is the country a joke? Can the trust of 300 million people and the hopes of future generations account for so little?
Regards,
Jim