What Happened At OPM? – DataBreaches.Net

Add Adam Shostack’s post to your must-read list. Here’s a snippet:

The National Journal published A Timeline of Government Data Breaches:

I asked after the root cause, and Rich Bejtlich responded “The root cause is a focus on locking doors and windows while intruders are still in the house” with a pointer to his “Continuous Diagnostic Monitoring Does Not Detect Hackers.”

And while I agree with Richard’s point in that post, I don’t think that’s the root cause. When I think about root cause, I think about approaches like Five Whys or Ishikawa. If we apply this sort of approach then we can ask, “Why were foreigners able to download the OPM database?” There are numerous paths that we might take….

Keep reading on Emergent Chaos.

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
Romanian prisoner hacks prison IT system in plot made for a Netflix movie

Related: