The latest hack of US government files is a blessing in disguise

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.businessinsider.com/the-latest-hack-of-us-government-files-is-a-blessing-in-disguise-2015-6?IR=T

The latest hacking of U.S. government data files, capturing personal
information on about 4 million past and present government workers, has
predictably stirred outrage.

The allegation that the hacking came from China (no published evidence
either confirms or refutes this widespread belief) has compounded the anger.

We are incensed at the brazenness of the Chinese and embarrassed by our
vulnerability. It's a national scandal.

Actually, that's not quite right.

It's also a blessing in disguise. The same might be said of most, if not
all, other hackings. The more hackings there are — and the more harmful
they seem to be — the more likely that, at some point, public opinion and
political authority will begin to take the threat seriously.

They will recognize that hacking, at its worst, can jeopardize the nation's
physical and economic security. The dangers compare with a serious
recession or even war.

Until now, the hacking has been at another level. It comes in a variety of
forms: the stealing of business information (including, presumably, trade
secrets) from U.S. companies; the theft of credit-card and other individual
financial information; spying on government and commercial networks.

All of these can involve sizable costs and inconvenience for those directly
affected. The victims of identity theft are tortured both financially and
psychologically. Companies that have lost proprietary information may
suffer profit declines.

Government agencies that have been penetrated (including the Internal
Revenue Service and e-mail systems of the White House and State Department)
may involve the loss of sensitive personal or policy documents. The
well-publicized hacking of Sony Pictures Entertainment produced an
outpouring of embarrassing material.

But none of these intrusions threatens the everyday routines of the
overwhelming majority of Americans. Unless they happen to us, cyberattacks
are just someone else's problem or tragedy. They're the hurricane and the
tornado on the evening news or the random shooting in an inner-city
neighborhood. They're unfortunate and perhaps devastating — but isolated.

This may be self-delusion. What we ultimately have to fear from hackers is
that they — and this would apply mostly to hostile governments and
terrorist groups — will get inside our most sensitive data systems with the
intent of causing havoc.

They would hijack, destroy or corrupt the data systems that regulate
energy, control financial transactions, contain medical records and oversee
transportation networks. Everyday life would be disrupted for countless
millions.

We don't know our full vulnerability because these attacks have yet to be
mounted on a grand scale. But given the success of lesser hacking, it's
hard to be confident that this most destructive variety is simply the
figment of an overactive imagination.

This is true cyberwarfare. We need to protect against it and also to stop
making more systems dependent on the Internet — an act of commercial
convenience that, with hindsight, may seem self-destructive.

Until we recognize the threat's gravity, we need to be constantly reminded.
That's why the relentless hacking may be doing us a favor.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!