The attacks on the Office of Personnel Management and US Investigative Services, a private firm that conducts background investigations for the government, obviously is a planned strategy. It has exposed millions of personnel records. It is undermining public confidence in our security clearance system. This from the Washington Post today:
The massive cyberattack last year on the federal contractor that conducted background investigations for security clearances may have been even more widespread than previously known, affecting the police force that protects Congress and an intelligence agency that helped track down Osama bin Laden.
After Falls Church, Va.-based USIS suffered the intrusion, the Office of Personnel Management and the Department of Homeland Security issued stop-work orders to the company. And eventually OPM, which conducts background checks for the overwhelming majority of the federal government, canceled USIS’s contracts, effectively putting the company out of business.
But now USIS has told Congress in a letter obtained by The Washington Post that the breach may have been even more damaging: OPM, two DHS agencies — Customs and Border Protection, and Immigration and Customs Enforcement — the U.S. Capitol Police and the National Geospatial-Intelligence Agency were all hit.Who's doing this? The Russians or the Chinese, probably. We need better cyber forensics to figure it out. And a proportional means of retaliation. Our defensive strategy is sorely lacking.