Public should share blame for hacking mess

A chart of data breaches is shown on Capitol Hill in Washington, Tuesday, June 16, 2015, as witnesses testify before the House Oversight and Government Reform committee's hearing on the Office of Personnel Management (OPM) data breach. (AP Photo/Cliff Owen)

For a few weeks, I’ve been wondering whether I’d get a letter from the federal Office of Personnel Management telling me my data had been hacked. I passed the foreign service exam almost 15 years ago and went through an amazingly thorough background check. I can’t say I’m particularly worried if hackers did get my data, since I’ve probably already publicly written about any minor sins that might be discovered from my application. Still, even without ever working for the government, I could be at risk. It may well be the worst cyber-breach the U.S. has ever experienced.

Yet neither the government nor the public seems to be taking it seriously. It’s been getting considerably less play than the Snowden affair did, or the administration’s other massively public IT failure: the meltdown of the health-care exchanges. Google News returns more hits on a papal encyclical about climate change that will have no obvious impact on anything than it does for a major security breach in the U.S. government. The administration doesn’t seem that concerned. The White House told Reuters on Thursday that President Obama “continues to have confidence in Office of Personnel Management Director Katherine Archuleta.”

I’m tempted to suggest that the confidence our president expresses in people who preside over these cyber-disasters, and the remarkable string of said cyber-disasters that have occurred under his presidency, might actually be connected. So tempted that I actually am suggesting it. President Obama’s administration has been marked by titanic serial IT disasters, and no one seems to feel any particular urgency about preventing the next one. By now, that’s hardly surprising. Kathleen Sebelius was eased out months after the Department of Health and Human Services botched the one absolutely crucial element of the health-care rollout. The NSA director’s offer to resign over the Snowden leak was politely declined. And now, apparently, Obama has full faith and confidence in the folks at OPM. Why shouldn’t he? Voters have never held Obama responsible for his administration’s appalling IT record, so why should he demand accountability from those below him?

Yes, yes, I know. You can’t say this is all Obama’s fault. Government IT is almost doomed to be terrible; the public sector can’t pay salaries that are competitive with the private sector, they’re hampered by government contracting rules, and their bureaucratic procedures make it hard to build good systems. And that’s all true. Yet note this: When the exchanges crashed on their maiden flight, the government managed to build a crudely functioning website in, basically, a month, a task it had systematically failed at for the previous three years. What was the difference? Urgency. When Obama understood that his presidency was on the line, he made sure it got done.

The serial IT disasters we have seen over the past seven years do not need a blue-ribbon commission or a really stern memo to fix them. If we want these holes fixed before they become catastrophic, we need leaders with a scorched-earth determination to have adequate IT. The only way that determination happens is if these failures become an existential threat to the careers of the politicians in charge.

Does the government need more money for IT? It couldn’t hurt, though my personal experience as an IT consultant was that a) everyone always wants more money and b) shortage of money was the main problem only in a minority of cases. Does Congress need to give agencies a freer hand in developing good systems? I’m all for it. Should Congressional Republicans commit to support the president in hardening our government against cyber-attacks and other disasters, rather than simply holding political show hearings? Heck yes. But these things won’t happen unless the president makes fixing government IT a bigger priority — and starts enforcing accountability for every disaster that happens on his watch. And I doubt that that will happen unless the public demands it.

That is, of course, a pipe dream. The public is far more interested in hearing how candidates can make the economy grow 4 percent a year or make everything important practically free while only taxing a few multinational corporations or hedge fund managers. That these things are not possible is irrelevant, because they sound so nice. And thus things that the president actually could do, if he really wanted to, like delivering a decent government IT infrastructure that would be reasonably secure against cyber-intrusion, fall by the wayside. We should blame Obama. And ourselves.

Megan McArdle is a Bloomberg View columnist.