In June 2015, the U.S. Office of Personnel Management (OPM) was the victim of one of the worst breaches every publicly disclosed by the U.S. Government.
Two years later, what lessons were learned from that event? And what really went wrong? In a video with eSecurityPlanet, former U.S. Government cybersecurity official Michael Daniel provides insight into the processes (or lack thereof) that led to the OPM breach.
Michael Daniel is currently the President of the Cyber Threat Alliance (CTA), a multi-stakeholder group that aims to help improve threat intelligence sharing. Before joining the CTA in February 2017, Daniel worked for the U.S. Government for nearly a dozen years and most recently was the Cybersecurity coordinator for the President from 2012-2017.
Daniel explained that in the pre-digital era, the U.S. Government literally stored data on paper in underground caves to protect it from spying and theft. He said that in the modern world, as data has migrated to online systems, the same degree of separation and isolation hasn't occurred.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"In the process of moving from an analog to a digital environment, we have not fully shifted our mindset about how that changes the risk," Daniel said.
As records were digitized, Daniel said that the government didn't fully work through the idea that millions of records could be stolen in a very short period of time. In his view, the same issue of digital readiness is being repeated across the federal government as it tries to think about information assets in an era when things are all digital, as opposed to analog.
Watch the full video interview with Michael Daniel below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.