The Star Online on many in the US government calling for cyber security reforms after the massive OPM hack even though it is doubtful such legislation would have prevented the attack:

“The fact is, we need the United States Congress to come out of the dark ages and come into the 21st century to make sure we have the kinds of defences that are necessary to protect a modern computer system,” said White House spokesman Josh Earnest.

Senate Intelligence Committee vice chairman Dianne Feinstein, a Democrat, joined the White House drive.

“Congress must take action,” to speed notifications on breaches and increase cooperation between the government and private companies.

“It’s impossible to overstate this threat,” she said.

“Trillions of dollars, the private data of every single American, even the security of critical infrastructure like our power grid, nuclear plants and drinking water are all at risk.”

The US government admitted hackers accessed the personal data of current and former federal employees, in a huge cyberattack suspected to have originated in China.

The breach of the Office of Personnel Management included records on 750,000 Department of Defence civilian personnel.

The New York Times reported that the inspector general of the department had warned in November that the office’s database was vulnerable to cyber-attack.

The newspaper reported that by the time the warning was published, hackers had plundered tens of thousands of files containing security clearances, laying the groundwork for the massive attack revealed on June 4.

“The mystery here is not how they got cleaned out by the Chinese. The mystery is what took the Chinese so long,” one senior former US government official was quoted by the Times as saying.

These are all very good points leading towards a simple conclusion: OMB employed some pretty piss-poor security practices.

That OMB could not even identify their own compromise is stunning. It took DHS using an FBI-developed system to notify OMB of the attack rather than in-house cyber security staff recognizing the breach.