Modern field guide to security and privacy

Podcast: Lessons from OPM hack to improve federal cybersecurity

The Cybersecurity Podcast crew interviews the primary author of the US House Oversight and Government Reform Committee report looking into last year's Office of Personnel Management cyberattack.

Alex Brandon
The west front of the U.S. Capitol is photographed near dusk Wednesday, Oct. 19, 2016, in Washington.

The Office of Personnel Management (OPM) breaches were among of the most significant cyberattacks in history, and now serve as a cautionary tale for many in Washington and beyond. But what do we know a year later? What are some of the lessons the federal government needs to learn? 

To answer those questions and more, The Cybersecurity Podcast crew interviews John Costello, the senior technical adviser of the US House Oversight and Government Reform Committee report looking into the attacks.

"I don't think it was necessarily understood the level of threat OPM was facing," says Mr. Costello, who spent last year on Capitol Hill as a Science and Technology fellow through TechCongress. "I don't know if there's anyone to blame for that, but to military and intelligence personnel, it's second nature to say, 'Of course OPM is a target. The Social Security administration is a target. The Education Department is a target.

"But I don't think if you're in leadership [of those organizations] you'd necessarily view it in that lens," he continued. "I think that culture is changing."

Also on this episode, podcast cohost Peter W. Singer from New America discusses local cybersecurity challenges and Passcode's Sara Sorcher talks about a new report from George Washington University about active defense. 

Listen to the podcast on iTunes | Soundcloud | Stitcher

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Podcast: Lessons from OPM hack to improve federal cybersecurity
Read this article in
QR Code to Subscription page
Start your subscription today