Please consider donating by giving either a one-time contribution or a regular subscription, as outlined in the tip jar below.
Regular readers can support Behind The Black with a contribution via paypal:
If Paypal doesn't work for you, you can support Behind The Black directly by sending your donation by check, payable to Robert Zimmerman, to
Behind The Black
c/o Robert Zimmerman
Cortaro, AZ 85652
You can also support me by buying one of my books, as noted in the boxes interspersed throughout the webpage. And if you buy the books through the ebookit links, I get a larger cut and I get it sooner.
An inspector general report last year had advised OPM to shut down many of its computer systems because they were running without sufficient security. The agency ignored that recommendation.
In the audit report published November 12, 2014, OIG found that 11 out of 47 computer systems operated by OPM did not have current security authorizations. Furthermore, the affected systems were “amongst the most critical and sensitive applications owned by the agency.” Two of the unauthorized systems are described in the report as “general support systems” which contained over 65 percent of all OPM computer applications. Two other unauthorized systems were owned by Federal Investigative Services, the organization which handles background investigations in connection with government security clearances. OIG warned bluntly, “any weaknesses in the information systems supporting this program office could potentially have national security implications.”
Because of the volume and sensitivity of the information involved, OIG recommended OPM “consider shutting down systems that do not have a current and valid Authorization.” But OPM declined, saying, “We agree that it is important to maintain up-to-date and valid ATOs for all systems but do not believe that this condition rises to the level of a Material Weakness.”
The head of OPM also claimed in House hearings yesterday that their failure to close these systems down was justified since the hackers were already in the system when the recommendation was made.
In other words, we didn’t do anything to make the system secure, and when hackers broke in it was further justification for not doing anything.
Yeah, let’s put our healthcare under their control also!