Before We Pass CISA As A Response To OPM Hack, Shouldn't We Look At What The Feds' Cybersecurity Practices Were?
from the just-saying... dept
The reality, of course, is that CISA has nothing to do with the OPM hack, but is really a backdoor surveillance bill, designed to give immunity to companies sharing info with the NSA, that it can feed into its system that it uses to monitor all "upstream" traffic. Senator Ron Wyden has been warning about this for months, without too many people paying attention -- because fear! cybersecurity! hack!
So, Wyden's latest strategy is to look a little more deeply at the OPM hack itself and what the government's National Counterintelligence and Security Center (NCSC) did (if anything) to prevent the hack. In a letter to NCSC, Wyden asks for details of what steps it had taken to protect OPM.
The National Counterintelligence and Security Center (NCSC) is tasked with a very important mission, which includes defending the nation's classified information and assets from exploitation by foreign adversaries. The importance of this mission has recently been underscored by compromises of sensitive US government personnel data.And thus, the following questions:
- Did the NCSC identify OPM's security clearance database as a counterintelligence vulnerability prior to these security incidents?
- Did the NCSC provide OPM with any recommendations about how to secure this information?
- At least one official has said that the background investigation information compromised in the second OPM hack included information on individuals as far back as 1985. Has the NCSC evaluated whether the retention requirements for background investigation information should be reduced to mitigate the vulnerability of maintaining personal information for a significant period of time? If not, please explain why the existing retention periods are necessary?