Upon hearing of the massive data breach of employee information from the Office of Personnel Management (OPM) — allegedly by hackers working for the Chinese government — Kay Coles James, the former director of OPM under George W. Bush, told me she was “aghast,” adding, “I can’t think about the national security implications of a foreign government knowing every single federal employee, where they work, where they live, all of their significant data. Think about what that information can do in the hands of people who want to do us harm.”
Joel Brenner, a former top counterintelligence official for the U.S. government, has thought about it. He called the hack attack “potentially devastating.” Brenner told The Washington Post that personnel files “contain decades of personal information about people with (security) clearances … which makes them easier to recruit for foreign espionage on behalf of a foreign country.”
The Associated Press reported “two people briefed on the investigation disclosed Friday that as many as 14 million current and former civilian U.S. government employees have had their information exposed to hackers, a far higher figure than the 4 million the Obama administration initially disclosed.”
While the U.S. government should have seen this coming, clearly it was unprepared for such an invasion of privacy. By some estimates there are thousands of Chinese cyber-warriors specifically trained to carry out electronic espionage against the U.S. and other nations with information the Chinese believe they can use for business, military and political purposes. Why do we always seem to be fighting the last war (which we are not winning either) instead of the one we’re in?
Under a worst-case scenario outlined by Theweek.com, the information obtained by hackers could be used to derail trains (although they seem to be derailing just fine all by themselves without outside help), disrupt air traffic control systems, explode chemical plants and gas pipelines and compromise electric grids causing large-scale blackouts across the country. Who needs missiles when a laptop and the right software can be just as effective?
It doesn’t take a spy novelist to come up with a scenario in which a Chinese government agent approaches someone with a top security clearance and threatens to expose a dark secret in his or her past, possibly destroying family and career, unless he or she cooperates and hands over information to Beijing. The Chinese agent would likely have details about medications his target is taking to ward off depression, or some other malady, possibly making him more vulnerable to pressure.
The former chairman of the House Intelligence Committee, Mike Rogers, says another possible use of the hacked information could be to shape fake emails crafted to look legitimate while injecting spyware and other viruses on the networks of government agencies or businesses the Chinese wish to penetrate.
The two major political parties aren’t helping. Last week, Democrats blocked a Republican attempt to add a cybersecurity bill to a sweeping defense measure. The vote was 56-40, four short of the required number. Democrats have warned about cyber-spying, but voted against moving forward with legislation because Republicans sought to merge the two bills, which included budget changes Democrats and President Obama oppose. As usual in Washington, playing the blame game is more important to politicians than accomplishing something that promotes the general welfare.
If any humor can come from a serious situation, it was in a statement by OPM spokesman, Samuel Schumach. When asked to provide more details on the damage caused by the hacking, Schumach said: “For security reasons, we will not discuss specifics of the information that might have been compromised.”
What possible “security” reasons could there be when clearly there was insufficient security at OPM? Perhaps reporters should ask this of the Chinese, since they now appear to be in possession of all the pertinent information.
Readers may email Cal Thomas at firstname.lastname@example.org.