OPM (U.S. Office of Personnel Management) Information Breach - On the Eve of the 2015 Cyber War

OPM (U.S. Office of Personnel Management) Information Breach - On the Eve of the 2015 Cyber War

In 2015, American society was already facing a new concept of "war in the information space. Two years after Snowden's revelations of NSA (National Security Agency) surveillance, public trust in government information management was shaken. Then, a group of Chinese hackers broke into and stole a top-secret database of personal information held by the U.S. Office of Personnel Management (OPM).

The leaked personal information of 21.5 million individuals, including 5.6 million fingerprint data, included not only federal government employees, but also diplomats, intelligence agency personnel, and military personnel. In addition, extremely sensitive information such as detailed biographical information, friendships, mental health, and financial information at the time of application for security clearance was also extracted, shaking the U.S. intelligence network to its very foundations.

This incident symbolized the beginning of the post-Cold War "Cyber Cold War. The U.S. determined that this was State-Sponsored Cyber Espionage and lodged a diplomatic protest with the Chinese government, but the Chinese side denied any involvement. Thereafter, a new security structure, also known as the "cyber arms race," was born between the U.S. and China.

The technological background at the time was that legacy systems of government agencies were vulnerable and operated with undeveloped encryption amid the rapid shift to cloud computing and network centralization. This allowed attackers to operate undetected for months after the intrusion.

After the incident, the U.S. amended the Federal Information Security and Military Assistance Act (FISMA) and fundamentally revised security standards for government agencies. However, it became clear that the fundamental issue was the ethical and political theme of "who monitors the nation," and could not be solved by mere technical measures.

The OPM incident was a historical turning point that determined the collapse of trust in the information society and the normalization of cyber warfare between nations, and should be recorded as a symbolic chapter in the "history of information security defeat.