The OPM Hack Is Bad News For Federal Customer Experience Improvement
It’s been a rough nine months for federal cybersecurity. The huge Office of Personnel Management (OPM) hack is just the latest in a series of incidents that make people skeptical of Washington’s ability to protect their personal information. Since last fall, we’ve witnessed hacks of the:
- OPM. Last week’s cybersecurity failure at OPM wasn’t its first run-in with hackers. In March 2014, hackers broke into OPM networks in an attempt to exfiltrate information about security clearances. Federal authorities claimed to have blocked the hackers from the network, but last week’s OPM cybersecurity failure should make us skeptical.
- Government Publication Office and Government Accountability Office. These two offices got hacked at the same time as OPM last year.
- US Postal Service. On November 10, 2014, the USPS confirmed an intrusion into its network that resulted in the compromise of the data of more than 800,000 employees.
- State Department. On November 17, 2014, the State Department said that its unclassified email systems had been compromised a month earlier. Three months after the initial intrusion, the State Department was still unable to eradicate the effects of the attack.
- National Oceanic and Atmospheric Administration. On November 12, 2014, NOAA confirmed that hackers had breached four of its websites.
- President of the United States. The same attackers that breached the State Department in November 2014 compromised the White House's unclassified email system about a month later and gained access to President Obama’s email.
These hacks obviously have enormous implications for cybersecurity professionals in both the public and private sectors. However, in a recent research report I coauthored, we went beyond cybersecurity issues to look at the impact of these hacks on federal digital customer experience (CX) improvement efforts.
Don’t think these hacks will have any effect on federal digital CX? Consider this: Even before these high-profile hacks, Americans didn’t trust federal agencies with their personal data. A Forrester survey showed that:
- Just 35% of Americans trusted the federal government to keep their personal data secure.
- About 40% of Americans who weren’t interested in federal mobile apps offering location-based services named information security and privacy concerns as a reason.
- Over 40% of Americans who expressed disinterest in a single sign-on credential for federal digital services said information security and privacy problems were a reason.
As major hacking incidents like these continue to erode the public’s trust in federal cybersecurity, people will become more skeptical than ever about using federal digital services – even when they are as convenient as location-based and single sign-on systems. This erosion of public trust in federal digital CX will:
- Slow the rollout of new federal digital services. Thanks to help from 18F and the US Digital Service (USDS), federal agencies have increased the speed at which they roll out new digital services. That trend is about to end. Spooked by high-profile cybersecurity incidents, federal program managers will slow development of new digital services in order to re-evaluate their security.
- Cause additional friction in the federal CX community. Enthusiastic staffers at 18F and the USDS may bristle at the delays, worsening the tensions that already exist between these agile digital workshops and their more cautious agency partners.
- Undermine adoption of even the most secure new digital services. It doesn’t matter how secure new federal digital services may be. If customers don’t think they’re secure, customers won’t use them. That means federal agencies that roll out even the safest new digital services in this climate of public distrust could find they don’t get the return on investment that they’d hoped.
- Hurt federal recruitment and retention of digital CX talent. Unhappy or disenfranchised digital CX pros in 18F, the USDS, or agencies’ own internal CX shops could emigrate to private sector jobs where they can move faster because the security stakes are lower.