Critical Read

CRS scrutinizes the OPM breach

Shutterstock image: breached lock.

What: "Cyber Intrusion into U.S. Office of Personnel Management: In Brief," a Congressional Research Service report.

Why: In its typically thorough fashion, CRS recaps the discovery, announcement and reaction to the breach of the personnel database at OPM. Nothing new is revealed, but the story is well organized to meet the needs of CRS’s first audience – Congress – and serves as a useful backgrounder for others looking for a quick yet detailed review of the circumstances surrounding the breach.

The report includes a wrap up of what data was exposed, and reminds readers that "the two breaches revealed in June 2015 are not the first incidents targeting OPM databases containing such sensitive information."

CRS also delves into who might be responsible, with a strong focus on China, but notes that "criminal charges appear to be unlikely."

The report also provides a rundown of possible legislative responses, and suggests questions that lawmakers need to answer, such as: "Are the current authorities and requirements under FISMA sufficient, if fully implemented, to protect federal systems from future intrusions such as the most recent OPM intrusions? If not, what changes are needed to sufficiently reduce the level of risk?"

Verbatim: "Some in the national security community have compared the potential damage of the OPM breaches to U.S. interests to that caused by Edward Snowden's leaks of classified information from the National Security Agency. Yet the potential exists for damage beyond mere theft of classified information, including data manipulation or misinformation. While there is no evidence to suggest that this has happened, hackers would have had the ability, some say, while in U.S. systems to alter personnel files and create fictitious ones that would have gone undetected as far back as 2012."

Full report: Read the CRS report here.

About the Author

John Bicknell is a former executive editor of FCW, and the author of America 1844: Religious Fervor, Westward Expansion, and the Presidential Election That Transformed the Nation.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.