To hear Office of Personnel Management director Katherine Archuleta tell it, no one could have anticipated or prevented the devastating hack that released sensitive personal data about millions of US government employees.
“I don’t believe anyone is personally responsible,” Archuleta said at a Senate hearing on Tuesday. “We have legacy systems that are very old.”
Archuleta is wrong — she can and should have done more to prevent the attacks. OPM’s inspector general has been warning for years that OPM’s security was inadequate.
Pretty clearly, Ms Archuleta is mistaken. Indeed the exact matter she mentioned, that the systems were antiquated is the reason the attack could have been anticipated and even prevented. You wonder that the data was not encrypted, for example.
My question for you, however, has to do with the general problem that these attacks on commercial, private, and government systems are not some new problem. They’ve been going on for years.
I get the fact that the designers of the Internet didn’t anticipate this, and appropriate security wasn’t built into the design from the start. But why hasn’t this problem been dealt with by now?
What role might your sophisticated formal methods, and other methods, for designing, proofing, and coding play in creating accurate secure systems?