Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Lawmakers Demand Federal Encryption Requirements After OPM Hack

Posted by Soulskill on from the polls-have-shown-that-not-getting-hacked-is-good dept.

Patrick O'Neill writes: After suffering one of the biggest hacks in federal history at the Office of Personnel Management, the U.S. government is sprinting to require a wide range of cybersecurity improvements across agencies in order to better secure troves of sensitive government data against constant cyberattacks. The top priorities are basic but key: Encryption of sensitive data and two-factor authentication required for privileged users. Despite eight years of internal warnings, these measures were not implemented at OPM when hackers breached their systems beginning last year.

The calls for added security measures comes as high-level government officials, particularly FBI director James Comey and NSA director Adm. Mike Rogers, are pushing to require backdoors on encryption software that many experts, like UPenn professor Matt Blaze, say would fundamentally "weaken our infrastructure" because the backdoors would be open to hackers as well.

2 of 91 comments (clear)

  1. Re:Oh please, not another law for them to ignore by The+Grim+Reefer · · Score: 3, Informative

    Let's hope this one's got teeth; a breach of a system that has not been secured according to the regulations will result in the loss of pension of all those in the chain of command above the person responsible?Â

    That's a good one. Probably the worst that will happen is that someone higher up will be forced to retire earlier than planned, at full pension of course.

    It's not as good as the multi-million dollar golden parachute that a CEO gets for running a company into the ground, but they'll be comfortable.

  2. Re:Oh please, not another law for them to ignore by Saanvik · · Score: 3, Informative

    You're right in a way, but not the way you intended.

    The IRS requested funding to support the archiving requirement. Congress, instead, cut their budget. Even after the archiving issue became known, Congress refused to up the funding.

    If Congress again passes a requirement for departments to do something but refuses to fund it then the executive branch can't do anything.

    Breaches like this aren't a question of "what if" they are a question of "when" until Congress ends the chronic underfunding of government IT departments.