Finally, Murray said government needs to focus not just on those who hack or steal data, but also on those who let it happen. He said government won’t get better results until it demands accountability. In virtually every case of a failure, including the OPM breach, those in charge are allowed to resign, which means they keep their pension and all other government benefits.
“There’s a lot of hand wringing, but not enough action,” Murray said. “You have to make the people in charge of holding this information accountable. Somebody should get paid a lot of money, but then told, ‘You are going to be held responsible if it leaks out on your watch.’
“You start doing that, and people will start taking it seriously,” he said.
Ultimately, if what matters is results, Obama’s legacy will suffer. Tantleff pointed to a recent book titled "The Global Cyber Vulnerability Report," that reviewed the cyber vulnerabilities of 44 nations, and ranked the US the 11th safest.
“It’s hard to believe that will help Obama’s cybersecurity legacy,” he said.
Whether things will improve under President Trump is anyone’s guess, but some early indications are not encouraging.
Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, in a post on Lawfare, declared that the president’s insistence on continuing to use an insecure Android device is, “asking for a disaster (and) should cause real panic.
“Once compromised, the phone becomes a bug – even more catastrophic than Great Seal – able to record everything around it and transmit the information once it reattaches to the network,” he wrote.
Tantleff said, “the jury is still out,” on whether Trump will be able to improve on Obama’s record. But in his view, it is not a terribly high bar.
“The level of cybersecurity that exists in government today would be disgraceful if it existed within large corporate America,” he said. “No financial or healthcare institution would be comfortable – nor would the American people – with our current efforts.”
Sign up for CIO Asia eNewsletters.