The Fog of Cyber War

In the latest in a string of intrusions into U.S. agencies' high-tech systems, the Office of Personnel Management (OPM,) pictured June 5, 2015, suffered what appeared to be one of the largest breaches of information ever on government workers. The office handles employee records and security clearances Gary Cameron/Reuters

Former Director of Central Intelligence George Tenet famously said, when asked about so-called open source (unclassified) intelligence, "We only pay for secrets."

He spoke with the confidence of a man born and raised in the world of the 20th century spy and the Cold War. With the massive leak of government employee information from the Office of Personnel Management (OPM), Director Tenet's statement has been proven quite wrong for the 21st century. China and others are willing to pay for "non-secrets" and they matter.

As data breaches go, the OPM break-in was not the biggest one experienced in the past few years. Target, JP Morgan Chase and a few others were larger in breadth and scope. But, they did not contain information that could be used to target and engage in spying on the U.S. government.

As an old spy, I wanted information. I wanted people's background: where they live and had lived, who their relatives were and what personal problems they might have. That way I could figure out how to develop a successful "relationship" with someone who would spy for me. And, also, target more successfully—not waste time on someone who did not matter.

You see, the real trick in human intelligence is finding people with access to important people and their information. I don't want to recruit the Secretary of State—too big, too awkward to meet and not likely to be recruited. No, I want someone on his staff or someone who has access to his staff and especially their work product.

The OPM leak contains millions of personnel files that will help China do just that. Files on government employees and their contractors with a summary of their backgrounds and what programs they have access to is quite sufficient for my targeting purposes.

In the 21st century, information contained in files like OPM need to be treated like the old-fashioned state secrets were. I am sure whatever investigation there is will turn up either woefully inadequate IT security, inside actions or both. I am not going to debate that right now.

What I am going to say is it's up to the current Administration and those going forward to understand why date breaches like OPM are so dangerous to the national security of this country. Just because something is unclassified does not make it unworthy of security.

Welcome to 21st Century cyber conflict. Information is a weapon to use and target and cyberspace is the battlefield. So far, if OPM is the indicator, the U.S. government is getting skunked.

Ronald Marks is a Senior Fellow at the George Washington University Center for Cyber and Homeland Security.

The Fog of Cyber War | Opinion