The OPM break in, and secure correct code


From a report about the recent major break in to the computer systems at the federal Office of Personnel Management:

To hear Office of Personnel Management director Katherine Archuleta tell it, no one could have anticipated or prevented the devastating hack that released sensitive personal data about millions of US government employees.

“I don’t believe anyone is personally responsible,” Archuleta said at a Senate hearing on Tuesday. “We have legacy systems that are very old.”

Archuleta is wrong — she can and should have done more to prevent the attacks. OPM’s inspector general has been warning for years that OPM’s security was inadequate.

Pretty clearly, Ms Archuleta is mistaken. Indeed the exact matter she mentioned, that the systems were antiquated is the reason the attack could have been anticipated and even prevented. You wonder that the data was not encrypted, for example.

My question for you, however, has to do with the general problem that these attacks on commercial, private, and government systems are not some new problem. They’ve been going on for years.

I get the fact that the designers of the Internet didn’t anticipate this, and appropriate security wasn’t built into the design from the start. But why hasn’t this problem been dealt with by now?

What role might your sophisticated formal methods, and other methods, for designing, proofing, and coding play in creating accurate secure systems?


Leave a comment

Filed under Software

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s