Monday, December 14, 2015

Ask The Right Questions

The Fourth Estate has been dropping the ball regarding questions.

Case in point is the recent screw-up around the Secretary of State's release of our personal data. These bozos handed out all the data necessary for bad actors to steal your identity so if you've not done so already you might want to freeze your credit.

And what is the reaction from media? Well, they want information on the chats the SoS had with recipients who have returned or destroyed the data. Wink, wink. Nod, nod. Media attention has resulted in the Secretary issuing a promise of credit monitoring (so you know when you've been robbed) but has done little to offer insight into the SoS's Oh Shit! moments.

A bigger problem is that media are not asking the right questions.

The scape goat who was fired ratted out the process causing the security breach and in so doing did a little name dropping. Turns out this work is not done BY the Secretary of State's office but is actually done FOR them. By a yankee company: PCC Technology Group. These people, whoever they are, already have access to all the data required to manufacture the security breach and probably much, much more. That is where the questioning should begin.

Just who are these people? What security clearances (or even certifications) do they have? Background checks? Does the company outsource or offshore any activities? How are data transferred to and from their systems and how do we know it is secure? Is it link security? Are log files secured? Where are the data REALLY stored? "The Cloud?" Where is it processed? How is access authentication implemented and how are accesses logged and monitored? What security reports are delivered to SoS? What security audits are performed, how often and who initiates and pays for them?

Have the Secretary of State resign and then what do we do? Government has systemic problems often caused by a blind rush to outsource their work and our security to crony companies and those are the problems that need investigation.