Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Lawmakers Demand Federal Encryption Requirements After OPM Hack

Posted by Soulskill on from the polls-have-shown-that-not-getting-hacked-is-good dept.

Patrick O'Neill writes: After suffering one of the biggest hacks in federal history at the Office of Personnel Management, the U.S. government is sprinting to require a wide range of cybersecurity improvements across agencies in order to better secure troves of sensitive government data against constant cyberattacks. The top priorities are basic but key: Encryption of sensitive data and two-factor authentication required for privileged users. Despite eight years of internal warnings, these measures were not implemented at OPM when hackers breached their systems beginning last year.

The calls for added security measures comes as high-level government officials, particularly FBI director James Comey and NSA director Adm. Mike Rogers, are pushing to require backdoors on encryption software that many experts, like UPenn professor Matt Blaze, say would fundamentally "weaken our infrastructure" because the backdoors would be open to hackers as well.

7 of 91 comments (clear)

  1. Back Doors Are Like Anal Sex by MightyMartian · · Score: 4, Insightful

    Back doors are line anal sex. Once you've lubed up, anyone can enter.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:Back Doors Are Like Anal Sex by MobSwatter · · Score: 4, Insightful

      While true, many governments are coming together to say outlaw encryption. In the case that has already been proven that we can't use it responsibly (ie: back doors) I agree, then there really isn't a really expensive black budget allocation care of the NSA. Of course credit card fraud would go up, but then again, has the government itself been responsible with credit? Being that they are printing money every six months to keep the doors open and still attacking the people for money I'd say no and with the example provided by government to the people, then the people shouldn't have credit either so no credit card fraud. In the case the government tries to use encryption but denies it to the people, then I'd say they should probably do away with the other parts of the constitution they haven't yet wiped their ass with yet, that being taxation. The constitution is in whole a contract of citizenship to a government, it has to be taken as a whole or not at all, they can't pick and choose which rights they want to stomp on and keep the parts they like.

    2. Re:Back Doors Are Like Anal Sex by Kozar_The_Malignant · · Score: 5, Interesting

      I'm not really clear on how you ban encryption. Do you lock up all the mathematicians?

      Ask Phil Zimmerman about that. The US didn't lock him up, but it wasn't for lack of trying.

      --
      Some mornings it's hardly worth chewing through the restraints to get out of bed.
  2. funny... by ganjadude · · Score: 5, Insightful

    Since they have been telling us how encryption makes the government weaker (in the hands of americans) yet NOW they want to keep it all to themselves????

    yeah.... too bad

    --
    have you seen my sig? there are many others like it but none that are the same
  3. Re:Oh please, not another law for them to ignore by Anonymous Coward · · Score: 4, Interesting

    The problem with security is that under normal circumstances it delivers zero value to an organization and basically just shores up against bad publicity. The best security in the world isn't enough and you can spend $ridiculous on it and still only be 99% secure. You're basically trying to outspend your competition in the hopes that they won't hire the guy that knows where the bad sprintf() is.

    To any corporation, or any department, this is just a pure money-sink with no returns on investment. It's cheaper to cover up the breaches.

  4. Re:Just use OpenBSD, for crying out loud! by ihtoit · · Score: 4, Insightful

    no, the first step is to airgap sensitive information. NEVER let it onto any sort of network. EVER. Then start worrying about what operating system you're using. *BSD has had security problems in the past and more will be discovered in the future. If you do not believe this to be the case, then you're living in a fantasy world.
    Even with the default settings on a vanilla install (which basically don't let you do ANYTHING productive) there are vulnerabilities ranging from minor annoyances on the window manager to showstoppers in the TCP stack. Let's not even go into the simple fact that the second you start services, or install and run software from the ports repository, you are introducing vulnerabilities to your setup, hence *BSD is NOWHERE NEAR as secure as you're apparently making out. It becomes every bit as vulnerable to hackers/worms/whatever as OSX, Linux, any other UNIX, or Microsoft Windows.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  5. The IRS can reorganize its internal spending by perpenso · · Score: 5, Insightful

    If Congress again passes a requirement for departments to do something but refuses to fund it then the executive branch can't do anything.

    Not true. The agency can cut spending elsewhere to implement the requirement. Which is what Congress wants the IRS to do, while the IRS want to use the excuse of no new funding to maintain things as they are. It all just theatre.