So now the Republican Congress is screaming about government cyber security, and demanding that the ebil imcompotent burocrats DO SOMETHING RIGHT NOW!!!
The trouble is, those same Republicans have derailed national cyber security regulations since Obama has been in office. It's all been channeled through the US Chamber of Commerce.
Comprehensive cybersecurity regulatory reform failed for the second time this year in the U.S. Senate, increasing the prospects that the White House will implement some of the bill’s provisions through an executive order.
The Cybersecurity Act of 2012 failed to get the 60 votes needed under Senate rules to bring the bill up for passage Nov. 14, 2012, most likely dashing any chance that cybersecurity policy would be addressed in the lame-duck session.
“Whatever we do for this bill is not enough for the Chamber of Commerce,” Senate Majority Leader Harry Reid, D-Nev., said on the floor immediately after the failed cloture vote. “Cybersecurity is dead for this Congress,” he added. Republicans blocked the same measure in August 2012, saying it would lead to more government regulation of business.
So that was pretty much the end of it. The Obama administration declared some executive orders, but that clearly did not have much impact. Up until this latest incident the Party of Ignorance (R) got what they wanted: keep you hands off my bidness.
So no one should be very surprised that this happened. There is no bright line between big government and big business when it comes to matters like cybersecurity. Particularly with the amount of outsourcing going on. Don't forget that the OPM breach was not simply in a government network, but at security contractor USIS.
A background investigation firm with OPM, DHS, and other federal agency contracts notified the government that it identified an unlawful breach of its network. In a statement posted on the website today, USIS noted that it was working with the government to determine the ‘nature and extent’ of the attack. They acknowledged that it appeared to be a state-sponsored attack.
The firm is already under fire for allegations of contractor misconduct. The Justice Department sued the company earlier this year for poor oversight of security clearance investigations, and a White House panel investigated bonuses received by USIS executives.
The DHS/OPM/whatever are doing everything they can to cover up what really happened, so the trail to the contractors has been rather effectively hidden. They primarily want to keep evidence of their vast incompetency out of the public eye. That is taking precedence over remedial action to address the breach. This is why they are leaving the roughly 4 million government employees at risk just hanging in the breeze. If they were to do the responsible thing and help the victims it would reveal how extensively they failed.
Remember, horribly incompetent government security contractors are the new normal: Blackwater in Iraq, the TSA meatheads who infest airports, and now this. No one should be surprised. And they should be even less surprised when no one is held accountable and nothing changes.