The outcome of these compromises goes far beyond an annoying denial-of-service attack, embarrassing Web site defacement, or identity theft. From The Washington Post:
The hackers, he said, gained access to sensitive information about the identities and locations of many Chinese dissidents and refugees he has worked with during his years in Congress. He said he suspects that he was targeted because of his human rights work.
But there's so much more:
Wolf said he was urged by government agencies not to speak out about the breaches but decided to go public now for fear that most members of Congress and their staffs do not know of the threat they face from cyberattacks by foreign governments or other groups.
Wolf has it right. The urge to be silent about breaches is one of the biggest challenges with IT security. No one wants to talk about it. Companies, government agencies, and other organizations want to just clean up a compromised system and move on. If organizations talked more openly about security, there'd be more learning, greater understanding of the challenges, and help driving innovative solutions. There'd also be the political will by government agencies and corporations to do the right thing, and that's to deploy security that is Good Enough.
"Good Enough" security is relative to the value of the information being stored. And in this case, where the names of those objecting to an oppressive Communist regime are listed, the security of those systems obviously wasn't.
Following years of lax security at government agencies, it is well beyond time this country get serious about securing government networks. Our Wolfe, Alex Wolfe, is right to say that the Senate should stop bellyaching and sign President Bush's Comprehensive National Cyber Security Initiative.