'

After OPM breach, Snowden and Manning are just the beginning

Opinion: When detailed and confidential personal information about America's trusted personnel falls into the hands of enemy actors, the repercussions can be broad-reaching and even disastrous.

Virtually every federal government employee is now a viable blackmail target, especially those who have or have applied for national security clearances.

United States national security is in deep trouble, perhaps the worst it's been in history.

All nations rely on a combination of systems and trust to protect their most secure resources. Systems (like two operators in missile silos or the staged process submariners use to approve missile launches) also involve trust, because once the systems are in place, the final action still rests with individual people.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

Read More

It is impossible to separate individual decision-making and action from the national security apparatus of any nation. Sure, we can carefully vet individuals, subject them to background checks and psychological tests. We can interview friends and neighbors. We can examine financial records and elicit stories about what they were like in college.

We can certainly weed out the obvious problem cases. But we can't keep all the problem people out of the system.

Bradley Manning and Edward Snowden are two prime examples. Manning was driven by internal demons and was goaded on by a narcissistic foreign nutcase while Snowden claimed higher motivations all while running with his knowledge of classified documents straight to Vladimir Putin's lap.

While some very misguided individuals celebrate Snowden's actions, I submit that any individual who harms the American economy to the tune of at least 47 billion dollars and costs nearly a million jobs is no hero.

No matter how you rate their motivations, the damage caused by the Manning and Snowden thefts were enormous. And no matter how bad you think those thefts were in terms of damage, here's a sobering thought: the worst is yet to come.

Last week it was revealed that the recent Office of Personnel Management penetration by, as Senator Harry Reid of the Senate Intelligence Committee described it, "the Chinese," reached not only basic personal identifying information, but also the agency's database of SF86 forms.

These are the complex forms filled out by those seeking national security clearances and contain information ranging from eye color to names of friends and neighbors at all locations where the application ever lived. These are deep, in-depth disclosure documents and now, not only does the OPM have these records, so do hackers.

The OPM breach let loose what is probably the most complete national government employee blackmail kit ever to fall into enemy hands. There is so much information in these documents (covering millions of federal employees), that enemy actors will likely be able to uncover an almost unlimited number of additional Snowdens and Mannings.

America's government employees are, generally, very hard working, very dedicated, loyal, and patriotic. But they are also human. There is no doubt that some have buttons that can be pushed. After all, Aldrich Ames was willing to give up CIA agents to the Soviets -- who the Soviets then "disappeared" (i.e., killed) -- for what amounted to a second paycheck.

There is no doubt that much of the culpability for this most recent federal breach lies with OPM. Reports are that the agency didn't come close to utilizing best practices, a problem I've been flagging in American government agencies for nearly a decade now.

But now the problem goes far, far beyond OPM. Finger-pointing and even sanctions (yes, apparently the U.S. is considering sanctions against the Chinese -- a wholely limp and inconsequential response to such a devastating security breach) will not undo the damage that has been done.

While the U.S. has certainly been vulnerable before, it has never been as vulnerable from within, from its own trusted national security personnel. as it is now.

If this were Game of Thrones, it would be time to say "Winter is coming."

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.