In another of a long string of failures for the US government to protect its own data, one starts to notice a pattern. Federal agencies seem to be unable to properly protect even their most crucial data. They lack the expertise to be able to repel attackers that are continuously trying to break into their systems from around the world.
The question that arises is "What can we do improve this situation"? and the answer is clear. Fix failed policies at the clandestine agencies. Policies that lean on offensive cyberwarfare over security. It is well known thanks to the Snowden files that the US hoards 0day attacks (bugs that compromise security that are undiscovered and unpatched) and saves them until the security flaws become public. This means that these holes are left in the computers that utilize the software worldwide until such time that someone else discovers and discloses the flaws.
This leaves critical systems and infrastructure vulnerable to attack from advanced threats that can find these flaws and exploit them. Day after day we see large businesses and government agencies fall victim to attack after attack and scramble to repair the damage.
Europol now considers cybercrime to be a larger threat than terrorism. The FTC has ranked identity theft the number one issue facing consumers for 14 consecutive years.
There's two ways that organizations like the NSA come across new security flaws. They either research it themselves, or they buy it on the black market. They then have a choice. They can either disclose the bug to the vendor and get the flaw fixed, improving the security for the world, or they can exploit it to try to gain an operational advantage in cyberwarfare. Right now, the NSA policy is the latter. The clandestine agencies would rather leave everyone vulnerable than to give up an opportunity to attack.
The policies need to change in order for this situation to improve. They can either change at the government level and the clandestine agencies can take a more defensive approach to cyberwarfare, or they can change at the corporate and federal level and these organizations can adopt safer open-source software solutions. Open-source software has the advantage of being developed in the open, allowing anyone and everyone to look over the code and find problems that can cause unreliable behavior that will lead to security breaches. Proprietary software is a liability in this sense, as the code is hidden from the end users and flaws are found by reverse-engineering the code or studying how the software actually behaves.
One thing is for certain. Something needs to change. Companies and consumer are losing billions of dollars due to these failed policies. What is 4,000,000 lost social security numbers going to cost the United States?