Showing posts with label data integrity. Show all posts
Showing posts with label data integrity. Show all posts

July 12, 2015

The "Real" OPM Data Breach

A lot has been made and should be made of the theft of over 21 million federal employees' sensitive personnel records and security clearances. 

Everyone rightly, although somewhat selfishly, is worried about identity theft and the compromised privacy of their information.

The government is worried about hostile nation states using the pilfered information to bribe or coerce military, intelligence, high-level politicals, and others to turn and work for them or otherwise to use against them. 

But what is grossly missing in this discussion is not what information presumably the Chinese stole and how they will use it against us, but rather what information they inserted, altered, or otherwise compromised into the OPM personnel and security databases when they got root access to it.

Imagine for a moment what could hostile nations or terrorists can do to this crown jewel database of personnel and security information:

- They could insert phony records for spies, moles, or other dangerous persons into the database--voila, these people are now "federal employees" and perhaps with stellar performance records and high level security clearances able to penetrate the depths of the federal government with impunity or even as superstars!

- They could alter personnel or security records taking prominent or good government employees and sabotaging them to have questionable histories, contacts, financial, drug or criminal problems and thereby frame or take-down key government figures or divert attention from the real bad guys out there and tie our homeland security and law enforcement establishment in knots chasing after phony leads and false wrongdoers and villains.

Given that the timeline of the hack of OPM goes back to March and December 2014, this was more than enough time for our adversary to not only do to our data what they want, but also for the backup tapes to be affected by the corrupt data entering the system. 

The damage done to U.S. national security is unimaginable. As is typically the case with these things, "An ounce of prevention is worth a pound of cure." Instead of investing in security, now we can invest in "credit monitoring and identity theft protection" for a very sparse three years, while federal employees will go a lifetime in information jeopardy, and the federal government will be literally chasing its tail on personnel security for decades to come. 

With the price so low to our adversaries in attacking our systems, it truly is like stealing and much more. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

September 26, 2007

When Information Sharing Becomes Destructive

This week Columbia University hosted a true demagogue to speak.

The Wall Street Journal 25 September 2007 states in the editorial “Columbia’s Conceit” that the the acting dean of Columbia University’s School of International and Public Affairs, not only defended having this horrific demagogue speak to the students of Columbia University, but he remarked that “if Hitler were in the United States and…if he were willing to engage in a debate and discussion to be challenged by Columbia students and faculty, we would certainly invite him.”

I assume even Osama Bin Laden would be welcome to discuss his views on killing 3000 Americans on 9-11. Free and open debate of ideas, right?

How unbelievably low Columbia University has sunk!

I grew up on the Upper West Side in Manhattan, and I fondly remember as a child taking many wonderful strolls through the the Columbia University campus. With its magnificant buildings, monuments, landscaping, and courtyards, I walked with awe and amazement up and down the paths of what I then believed to be a noble and prestigious higher learning institution.

With utter shock and dismay, I watched this week as this world demagogue and grand enemy of the United States and Israel was welcomed to Columbia and given a platform and opportunity to share his hatred and distort the truth about the nature of this country, Zionism, and even the horrific events of the Holocaust.

Columbia’s president stated “Columbia, as a community dedicated to learning and scholarship, is committed to confronting ideas.”

Well, when does confronting ideas and sharing information go from constructive to destructive? Is there a point, when allowing anyone to say anything they want, even if it is full of hatred and lies, goes beyond the point of rational ‘debate and discussion’?

I am not a lawyer, but even in this great and free country, we do not allow someone to yell fire in a crowded theatre. Nor, do we allow people to incite others to violence. There are limits to free speech and the sharing of baseless hatred and distorting the truth. In fact, our justice system is supposed to be dedicated to truth and our vast news reporting to keeping the public duly informed.

I understand now that Columbia University has agreed to invite the devil himself to speak to its students and faculty (for lively debate and discussion). The only condition placed on the devil is that he leave his pitchfork outside the campus limits. Apparently, Columbia University has not only invited the devil, but has decided to sell their soul to him as well.

So much for the great and noble institution of higher learning that a little boy once looked upon and marveled at.

As a professional enterprise architect, I believe that there are a couple of lessons here:

  • In building the architecture and plans for the enterprise, full and open debate and vetting of ideas is not only encouraged, but absolutely necessary to get the best product. However, when constructive debate turns to venting, naysaying, personal insults, and destructive criticism, then the time for debate is over.
  • The enterprise architecture is a knowledge base for the organization, and it is the role of the architects in conjunction with leadership, stakeholders, and end users to ensure that the knowledge base has integrity. Bad data just enables bad decision-making.

Share/Save/Bookmark