On Jun 17, 2015 8:56 PM, "Ronald F. Guilmette" <rfg@tristatelogic.com> wrote:
*) The Director of the Office of Personnel Management, Ms. Katherine Archueta was warned, repeatedly, and over several years, by her own department's Inspector General (IG) that many of OPM's systems were insecure and should be taken out of service. Nontheless, as reveled during congressional testimony yesterday, she overruled and ignored this advice and kept the systems online.
Given the above facts, I've just started a new Whitehouse Petition, asking that the director of OPM, Ms. Archueta, be fired for gross incompetence. I _do_ understand that the likelihood of anyone ever getting fired for incompetence anywhere within the Washington D.C. Beltway is very much of a long shot, based on history, but I nontheless feel that as a U.S. citizen and taxpayer, I at least want to make my opinion of this matter known to The Powers That Be.
Idk whether she was wrong or not. They were running "COBOL" systems - I'm guessing AS/400 (maybe even "newer" zSeries) which are probably supporting some db2 apps. They also mention this is on a flat network. So stopping the hack once it was found was probably real interesting (I'm kinda impressed they minimized downtime as much as they did really). I'm ok saying they were incompetent but not too sure you can do *this* much to mess up a network in <2 years (her tenure). I'd actually be interested in a discussion of how much you can possibly improve / degrade on a network that big from a management position. If the argument is that she should've shut down the network or parts of it - I wonder if anyone of you who run Internet providers would even shut down your email or web servers when, say, heartbleed came out - those services aren't even a main part of your business. One could argue that it would've been illegal for her to shut some of that stuff down without an act of Congress. I'm not saying you're dead wrong. Just that I don't have enough information to say you're right (and if you are, she's probably not the only head you should call for).