Re: OPM Data Breach - Whitehouse Petition - Help Wanted

[Cryptographrix <cryptographrix () gmail com>]

Have to agree with Shawn on this.
If you watch her testimony in front of Congress, it is clear that she was
completely flustered at the inability to hire competent people, and the
lack of her superiors to prioritize the modernization project she had so
passionately advocated for.
When I've worked for organizations larger than - say - four or five office
locations in diverse parts of the U.S., I've started to see how difficult
it can become to get all of them to coordinate on *anything*, and I'm not
even talking government here.
> From the sound of it, she ran into the ceiling of available workers that
were willing to work for the pay grade that the government offers for those
positions, which is usually much less than private industry offers and - as
a consequence - they are not nearly as familiar with migrations of that
size.
I do not envy her position, and doubt in the ability of anyone in her
position to do more than she has attempted.
Give her some credit.

On Thu, Jun 18, 2015 at 11:02 AM shawn wilson <ag4ve.us () gmail com> wrote:

> On Jun 17, 2015 8:56 PM, "Ronald F. Guilmette" <rfg () tristatelogic com>
> wrote:
> >
>
> >     *)  The Director of the Office of Personnel Management, Ms. Katherine
> >         Archueta was warned, repeatedly, and over several years, by her
> >         own department's Inspector General (IG) that many of OPM's
> systems
> >         were insecure and should be taken out of service.  Nontheless, as
> >         reveled during congressional testimony yesterday, she overruled
> >         and ignored this advice and kept the systems online.
> >
> > Given the above facts, I've just started a new Whitehouse Petition,
> asking
> > that the director of OPM, Ms. Archueta, be fired for gross incompetence.
> > I _do_ understand that the likelihood of anyone ever getting fired for
> > incompetence anywhere within the Washington D.C. Beltway is very much of
> > a long shot, based on history, but I nontheless feel that as a U.S.
> > citizen and taxpayer, I at least want to make my opinion of this matter
> > known to The Powers That Be.
>
> Idk whether she was wrong or not. They were running "COBOL" systems - I'm
> guessing AS/400 (maybe even "newer" zSeries) which are probably supporting
> some db2 apps. They also mention this is on a flat network. So stopping the
> hack once it was found was probably real interesting (I'm kinda impressed
> they minimized downtime as much as they did really).
>
> I'm ok saying they were incompetent but not too sure you can do *this* much
> to mess up a network in <2 years (her tenure). I'd actually be interested
> in a discussion of how much you can possibly improve / degrade on a network
> that big from a management position.
>
> If the argument is that she should've shut down the network or parts of it
> - I wonder if anyone of you who run Internet providers would even shut down
> your email or web servers when, say, heartbleed came out - those services
> aren't even a main part of your business. One could argue that it would've
> been illegal for her to shut some of that stuff down without an act of
> Congress.
>
> I'm not saying you're dead wrong. Just that I don't have enough information
> to say you're right (and if you are, she's probably not the only head you
> should call for).