For years, Americans have been treated to previews of what could someday amount to a digital disaster. Last week, it was revealed that it might already have happened.
On Thursday, the White House revealed that a previously reported government breach was far more damaging than originally believed. The personal information of 21.5 million people was stolen. Included were addresses, health and financial histories, Social Security numbers and even some fingerprints.
The vast majority of those affected were people who had undergone government background checks over the past 15 years. The theft was related to, but separate from, a breach last month that compromised personal information of some 4.2 million employees of the federal government.
Even with Thursday’s acknowledgment, it is unknown how serious the attack was. It is possible, for example, that the hackers, believed to be in China, left behind coding that could have further security implications.
It is as catastrophic a breach as has been reported, and the details came only a day after three other failures, all of them thought to be internal, but nonetheless disconcerting. At United Airlines, the New York Stock Exchange and the Wall Street Journal website, computer crashes brought normal business to a screeching halt. And, of course, they have followed incidents in which hackers broke into White House emails, airline computers, customer accounts at Target and Home Depot and the executive offices of Sony Pictures.
Yet, it seems that never does the message truly get through that lax computer security is an open invitation to crisis. Maybe now the message will sink in. In response to the admission of the severity of the government hacking, the director of the Office of Personnel Management, Katherine Archuleta, resigned. President Obama should replace her with an expert who knows how to deal with what is going to be an ongoing threat.
Computer glitches are a part of modern life and virtually every business has encountered some kind of problem. It is, in some ways, the 21st century normal. We are tied into, and dependent upon, digital networks whose interruptions have consequences, and potentially serious ones. But that only underscores the importance of securing those systems against internal failures and especially against attacks from adversaries and terrorists, domestic and foreign.
Each disruption comes with an acknowledgment of the need to better secure computer systems in both the public and private sectors, and then business goes on as usual.
Surely we have now had the wake-up call that should not have been necessary but evidently was. The theft of information belonging to 21.5 million people creates the possibility of chaos. And worse could happen. What if hackers are able to take control of air traffic control? What if national defense systems are compromised? As our reliance on computer-based systems increases – as it will – so will our vulnerability to the consequences of failures.
We have had warning shot after warning shot after warning shot. The price has already become high and could go higher, still, if American governments and businesses don’t strengthen the digital net that envelopes and permeates modern society.
As the Los Angeles Times reported in a story carried by The Buffalo News, most companies spend less than 10 percent of their information technology budgets on security and sometimes as little as 6 percent. “What we need to see is a major shift,” said Carl Wright, general manager of TrapX, a security company.
It isn’t possible to create a foolproof system, but it is possible to do better than we are, and probably much better. That will require money and ingenuity, but less of each than a catastrophic failure might require.
It’s a fact and it’s time for government and business to play closer attention to it.