As data breaches go, the OPM break in was not the biggest one experienced in the past few years. Target, JP Morgan Chase and a few others were larger in breath and scope. But, they did not contain information that could be used to target and engage in spying on the U.S. government.
As an old spy, I wanted information. I wanted people’s background: where they live and had lived, who their relatives were, and what personal problems they might have. That way I could figure out how to develop a successful “relationship” with someone who would spy for me. And, also, target more successfully—not waste time on someone who did not matter.
You see, the real trick in human intelligence is finding people with access to important people and their information. I don’t want to recruit the secretary of state—too big, too awkward to meet and not likely to be recruited. No, I want someone on his staff or someone who has access to his staff and especially their work product.
The OPM leak contains millions of personnel files that will help China do just that. Files on government employees and their contractors with a summary of their backgrounds and what programs they have access to is quite sufficient for my targeting purposes.
In the 21st century, information contained in files like OPM need to be treated like the old fashioned state secrets were. I am sure whatever investigation there is will turn up either woefully inadequate IT security, inside actions, or both. I am not going to debate that right now.
What I am going to say is it’s up to the current administration and those going forward to understand why date breaches like OPM are so dangerous to the national security of this country. Just because something is unclassified does not make it unworthy of security.
Welcome to 21st century cyber conflict. Information is a weapon to use and target and cyberspace is the battlefield. So far, if OPM is the indicator, the U.S. government is getting skunked.