ICIT Chastises OPM’s Lack of Modern Cybersecurity in an Official Analysis

The Institute for Critical Infrastructure Technology (ICIT) describes itself as a “nonprofit (status pending), non-partisan group of the world’s most innovative experts and companies that provide technologies and solutions to support and protect our nation’s critical infrastructures.” ICIT serves as a go-between for the private sector, federal agencies, and the legislative community in key areas such as Cybersecurity, Big Data, and Health IT. It is in the scope of Cybersecurity that ICIT performed a recent analysis on the OPM (Office of Personnel Management) Breach which began in March 2014 and was publicly announced in June of 2015.

This official analysis, “Handing Over the Keys to the Castle: OPM Demonstrates that Antiquated Security Practices Harm National Security,” details the most important aspects of the breach. Some of these aspects have not been discussed in the mainstream media including:

ICIT identifies the weaknesses and failures within OPM that led to the ability of an actor to perpetrate a breach so large (affected 15% of the U.S. population, everyone who had applied for a security clearance since the year 2000). The greatest failure was a lack of comprehensive governing policy at OPM. The Office of Inspector General stated that governance factors on VPN and remote accesses were non-existent, and multifactor authentication was apparently a foreign concept. ICIT follows, “Multifactor authentication should have been OPM’s first line of defense against any breach.” ICIT concludes the analysis with a call for reform of the Cybersecurity Infrastructure, a need which is demonstrated with every major breach in any sector. “As in OPM’s case, without the proper technology, the proper governance, the proper training, our national defenses falter the moment a strong adversary approaches or the second an adversary discovers a vulnerable gap in our obsolete defenses. Unknown adversaries abscond with the information entrusted to the Federal Government, our national defenses crumble, and the American people are left out in the cold.”

Article formerly posted at https://www.hsdl.org/blog/newpost/view/icit-chastises-opm-s-lack-of-modern-cybersecurity-in-an-official-analysis