finecherrypie t1_jabbro3 wrote
They are going to paint themselves the victims here but IMO this should be viewed like any other major corporate data breach; which is a failure of their own security. If citizen data was stolen they should be held liable especially if it was unencrypted.
I'm not sure why Ransomware is even mentioned in the article besides to drum up additional sympathy and make it seem more menacing. It's not been a 'thing' since like 2018 for any serious organization who takes basic security precautions w\ endpoint software and backups.
phdoofus t1_jabom9f wrote
This is a failure by Congress mostly to not fund and prioritize IT security. The US nuke labs get their computers hammered all of the time by outside actors but you never hear about breaches there. OPM, not so much. Why? Someone at OPM probably asked about IT security at one point and Congress basically said 'Nah, there ain't no money for that and what do you need it for anyway?'. Source: have worked for nuke labs.
TitoMPG t1_jacal1t wrote
Mind if I asked why yall aren't airgapped?
phdoofus t1_jacpc58 wrote
The real systems that have the shit that you don't want anyone to touch ever, are. There are even measures beyond that to ensure security. However, depending on the lab, they also have a number of programs that need to interact either with researchers not 'behind the fence' or with other branches of the .gov or even with the public. Those get hammered all the time.
Viewing a single comment thread. View all comments