As a newly elected Senator, I am here to tell you a hard truth: Washington does not take cybersecurity seriously.
But you probably already knew that if you’ve read anything about the massive OPM data breach. To recap today’s news from OPM, since 2013, a malicious attacker—likely the Chinese government—breached government databases and stole information on some 21 million federal employees. This included personal information like addresses and Social Security numbers. Most of these people held security clearances and for them it also included nearly 150 pages of material in what are called Standard Form 86s (SF-86), which detail nearly every aspect of their lives.
Here’s the kicker: despite today’s jaw-dropping news, the attackers were in our networks so long that it may still be a while before we figure out everything they stole. Most news coverage has centered on federal employees. But that’s an incomplete picture because it’s now clear many victims never worked for the federal government. When applying for a security clearance with the SF-86, applicants list their family members, neighbors, co-workers, foreign contacts, and even college roommates.
What this means is that not only do the hackers know lots of sensitive information about millions of government employees, they also know a great deal about many of the people they know and love. The implications for threats, intimidation, and blackmail are chilling. “Oh, you don’t want to sell out your country? OK, we get it. By the way, your parents still live at 2911 Rainbow Drive, right?”
China may now have the largest spy-recruiting database in history.
Bottom line: If you have any family or friends who work for the government and put your name down on an SF-86, a foreign government might well know a lot more about you and your kids than you’d like.