

Encryption “would not have helped” at OPM, says DHS official - istvan__
http://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/

======
cgearhart
Speaking as someone personally affected by all this, I can tell you that
encryption most certainly _would_ have helped if used in a system designed
with modern security principles in mind. But (especially in government) there
is no incentive to redesign a functioning system. There isn't any money
available to fund the work, and there is no specific legal liability that
poses a risk if you don't.

It's not surprising that corporations and governments don't take steps to
avoid these problems when an 18-month membership in some identity theft
insurance program is considered equitable compensation for losing 10-years'
worth of personal information.

------
istvan__
This is gold: "OPM CIO Donna Seymour said that systems couldn't simply have
encryption added because some of them were over 20 years old and written in
COBOL."

~~~
ChuckMcM
Agreed. It is fascinating to me, having been on the other side of the "it
would cost too much to re-implement" discussion when I was at Sun and NetApp
and talking to some large enterprise type customers, the flip question is
"What does it cost for the current implementation to fail?"

Few people have direct experience with that, remember that many of these
systems are essentially the "second" generation of automation that has gone on
in government. Systems built in the 90's were not even imagining the kinds of
drive by side-load sandbox hopping attacks that are routine today. I expect it
to get worse before it gets better but the new Digital Service has some
interesting ideas there. I fear such things will lead to nationalizing the
Internet as well and that bothers me, I still believe (perhaps naively) that
it is possible to secure large networks from even persistent threats given the
tools at our disposal.

~~~
istvan__
It is kind of interesting that on one hand people are talking about how
rewriting is bad (especially managers like to think that any subpar solution
should be kept around just because it works 90% of the time) and the other
side is how much money you can lose because you refuse to reimplement. When it
comes to security I think it is extremely dangerous go for the first one as
the example shows.

