I imagine Clapper was more focusing on offensive capabilities here. Not to mention, Clapper's quote is taken out of context, he wasn't bragging, he was arguing against a tit-for-tat retaliation.
Defensive is interesting considering how many federal departments there are and how they're all pretty autonomous in regards to IT. Going after employment records was especially devious as they aren't classified, so whatever requirements OPM had to follow weren't very stringent.
The real issue here, and something that affects the private sector as well is why are we not treating all IT data as classified? Why all the half measures? I think we're still in the early stages of digitization and automation and have to learn security lessons the hard way.
Also in autocratic states where information is tightly controlled, hacks like this don't make the news. We have no idea what the NSA is actually doing in these countries outside of Snowden, whose data is mostly (all?) domestic programs. And the stuff we do know about like Stuxnet, only come out because certain people wanted to turn it into a political football.
Defensive is interesting considering how many federal departments there are and how they're all pretty autonomous in regards to IT. Going after employment records was especially devious as they aren't classified, so whatever requirements OPM had to follow weren't very stringent.
The real issue here, and something that affects the private sector as well is why are we not treating all IT data as classified? Why all the half measures? I think we're still in the early stages of digitization and automation and have to learn security lessons the hard way.
Also in autocratic states where information is tightly controlled, hacks like this don't make the news. We have no idea what the NSA is actually doing in these countries outside of Snowden, whose data is mostly (all?) domestic programs. And the stuff we do know about like Stuxnet, only come out because certain people wanted to turn it into a political football.