Page 34 - Aug Sept 2016
P. 34

Federal Cybersecurity Data Breach and Government Security Compromise at DOE and NSA
        when the DOE Inspector General (IG)  to provide as an employee, and I am

        issued a report on the data breach (                 shocked that they kept the information so
        http://energy.gov/ig/downloads/special- long when they did not have a need to do

        report-ig-0900 ). The report confirmed  so. I can’t imagine how mad I would be if
        that the incident was worse than had                 I had dependents and had listed little Sally
        been publicly known. It involved                     or Johnny’s personal data on insurance

        not only current employees, but also                 or other forms, and now that data was
        former employees like me, their                      lost forever to criminals in cyber space. I

        dependents, and DOE contractors. The  would be tremendously furious, to say the
        IG confirmed at least 104,000 people                 least.
        had personal information stolen, and

        also that “alarmingly” (as the IG put                As a recognized subject matter expert
        it), as many as 150,000 social security              on security and risk management, I can

        numbers were possibly compromised.                   tell you that this type of compromise
        The IG’s report stated that “Breached                has the potential for serious national
        information also exceeded just the                   consequences. The type of data stolen

        names, dates of birth and Social                     provides numerous avenues to manipulate,
        Security numbers initially reported                  pressure, coerce, or impersonate folks

        by the Department. In particular, the                from one of our most sensitive Federal
        forensic data we analyzed also revealed              agencies. I am not saying that it is better
        that select bank account numbers,                    or worse than what Mr. Snowden released,

        places of birth, education, security                 just that I would rather he give away
        questions and answers, and disabilities              my mobile phone records any day (from

        were also included in the loss of                    where the NSA nabbed me discussing
        information.” Oh, and there was also                 with my wife how much to spend on the
        security badge information and position              office holiday gift swap!) than have DOE

        sensitivity information. My October                  lose my security access and position
        letter from DOE didn’t tell me that!                 information along with all of my personal
                                                             identifying information. Everyone
        The public has been quite outraged                   impacted needs to be kept thoroughly

        with Mr. Snowden’s revelations about                 aware of developments so that they can
        how that the National Security Agency  watch out for suspicious activities or
        (NSA) has spied on their phone calls.                attempts at manipulation. It is regrettable

        Not that DOE spied on me, but they                   that the free credit monitoring provided
        were trusted not to lose sensitive                   by DOE must be claimed by the end of

        personal data that I was required                    December 2013 or it is forfeited.

    34
   29   30   31   32   33   34   35   36   37   38   39