By: Lander Michel
LLM in International Law / Leiden Universiteit
The recent data breach of the US office of personnel is a clear indication of the degree to which federal governmental institutions which hold confidential and restricted information can be breached; it also says much about what the level of security of the Federal Government is.
The significance of the attack, beyond the size of the data trove stolen, is that it may allow whosoever has it to; i) create false identities based on true information (such as contacts, finger prints, social security information amongst others) ii) reconstruct the career path of personnel with restricted access and help identify them, something that should prove particularly worrisome regarding intelligence agencies and their agents who might have been compromised, the world over, as well as high ranking scientists working in sensitive or classified projects which may allow for them to be identified or their identities to be assumed by ill intended third parties.
What price would a terrorist organization or certain foreign governments or other organizations pay in order to have confidential and personal information, including psychological evaluations.
Security breaches are common the world throughout however the United States government has omitted improving cyber defenses in key areas that are not only related to defense and energy and which may be equally sensitive or requiring companies to have the highest level of security possible as data theft translates as well into the loss of millions of dollars’ worth of revenue owed to stolen technology.
A coordinated effort, at a national level, of establishing an increasing IT infrastructure resilience of government as well as ensuring that key companies have the highest standard of protection to minimize data protection breaches, instead of allowing companies to establish their own set standards, is a necessary means of protecting information and ultimately a national economy in today’s world a more significant investment in cyber security may be a far more useful investment then significant weapon systems that will not be used.
One can only hope that the latest breach spurs the federal government into employing far more useful cyber capabilities as well as launching countermeasures or attacks against the parties responsible for the theft of data wherever they are and whoever they might be.
In the 21st century the battlefield is in the digital arena no more in the physical arena between nations thus nations need develop cyber weapons of both a defensive and offensive nature in order to protect vital national interests of which, in this authors view, personal information forms a part of. In light of this the US must take and invest all sums as may be necessary in order to ensure its digital dominance and not invest as significantly in physical weapon systems.