Business Insider on how the US defense industry is reeling after the recent massive OPM cyber attack:
“It’s very disappointing that this information was seemingly as easy to get at as it was,” Dave Wajsgras, who heads Raytheon Co’s Intelligence, Information and Services business, told Reuters. He said it came after numerous breaches of both private and government networks that should have raised alarms.
“There is a tsunami of threats that exist in the cyber domain today. It’s something that we all collectively need to take much more seriously,” he said, urging more spending and focus on beefing up security in government and the private sector.
Wajsgras declined comment when asked how the breach would affect his company and U.S. national security, but said it had clearly added risk.
Two sources familiar with the matter said the data stolen from OPM was not encrypted, raising questions about the level of security maintained by the agency, even after a well-documented breach of the U.S. Navy and U.S. Marine Corps servers last year.
I hesitate to say I am surprised the data stolen from OPM was unencrypted. It should come as no surprise to anyone.
Because of the horribly written federal acquisition regulations, and how they have yet to be updated to reflect information technology acquisition needs, nobody should be surprised. After all, you get what you pay for, especially with the lowest bid government contract.
Did anyone really expect there to be highly sophisticated security wrapped around this OPM database when you have developers, not cyber security professionals, driving the train on these projects? Chances are security was not even involved in the early stages of development, but duct-taped on long after-the-fact.
There are so many ways this could have been prevented that its just unbelievable.