Page 33 - Aug Sept 2016
P. 33

Federal Cybersecurity Data Breach and Government Security Compromise at DOE and NSA
        identities to computer hackers.”                     Then, in a classic bureaucratic escape

                                                             move, the final sentence reads “We regret
        The letter continued “Employees were                 the inconvenience this situation may have

        informed that the Department would                   caused you.” Were they kidding!
        notify those that are affected... You

        have been identified as one of the                   Unfortunately they were not kidding. A
        individuals affected by this incident.”              little research showed that the story was
        What! But I don’t work for DOE and I  true and getting worse all the time. The

        haven’t since 2006! Like many people  security breach occurred in July 2013
        these days I have received hacking                   when DOE experienced a cyber-attack.

        notices telling me that I might be                   This meant my information had been out
        in a group of unlucky customers. It                  “in the wild” for months. I took DOE
        has usually involved only my email                   up on an offer for free credit monitoring

        address, and I have had to cancel a                  for a year (after that I am simply out of
        couple of credit cards over it through               luck - or inconvenienced - as the letter

        the years. But, DOE shouldn’t still                  called it). I might expect this type of thing
        have my personal information. For that  from a small online retailer, but not the
        matter, they obviously didn’t even have  United States Government. I now work

        my current address.                                  as a professional security consultant to
                                                             various government agencies (fortunately
        The letter went on about how DOE,                    not DOE!), and I know about the data

        the agency that we trust to build our                protection burdens that the Federal
        nuclear weapons, had allowed my                      Government puts on the public. From large
        Social Security Number and date of                   Government contractors to small “mom-

        birth to be stolen. The letter told me               and-pop” stores that handle chemicals,
        about many terrible things that might                the cyber security expectations and

        happen, like my information may be                   requirements are higher than what appear
        used for fraud, I might be denied credit,            to have been applied inside of DOE.
        debt collectors might chase me, fraud

        alerts might be needed on my credit                  This security compromise got me thinking
        report (which would make it nearly                   about Edward Snowden and the WikiLeaks

        impossible for me to get credit), I might            scandal, and about how upset the public
        have to put “freezes” on my credit file              has been with the Federal Government for
        but then I would be required to pay to               collecting unnecessary data. My thoughts

        have them removed.                                   about the Snowden matter increased on

                                                             December 6, 2013,

                                                                                                                     33
   28   29   30   31   32   33   34   35   36   37   38