ACI Journal Articles


Why Government Organizations Don’t Care: Perverse Incentives and an Analysis of the OPM Hack

Document Type


USMA Research Unit Affiliation

Army Cyber Institute

Publication Date



Many security experts have addressed the financial and personal security risks involved with the recent data breach at the Office of Personnel Management (OPM). This work supplements previous analyses of the event, and explores how the recently disclosed OPM breach has impacted the national security of the United States. By examining the elements of the breach - within the context of the stolen data and linkages to other data breaches - this work points to a larger offensive cyber campaign as the primary concern for U.S. leaders and policy makers. After thoroughly examining the details of the attack itself and its implications on DoD and national cybersecurity, we argue that government organizations lack appropriate incentives to secure their networks and personal data. The solution to this problem lies with organizational leaders, who must give guidance that incentivizes information security at the “tactical level.”

Record links to items hosted by external providers may require fee for full-text.