Any strategic wartime planning against the United States can now involve a systematic chart of the Federal employee structure. If the employee union is correct, the Hackers have personnel data on every US gov’t employee. The value of this data to undermine the potential physical security of the nation cannot be ignored.
During the days of the Cold War, espionage consisted of persons observing persons in limited locales. You could never be too sure of who you were observing and it was always possible your investment in observation and information gathering was misplaced. You could never know the full scope of the operation beneath the indicators that crossed your view. The nature of the enterprise bore its own balance and rules of engagement.
Now, the entire structure is laid bare. People, places, activities can be correlated with this database and reasonable inferences formed. More persons who are or who go abroad can be more precisely observed in mass. Espionage has been turned on its head and now a certain class of Americans are more transparent than was previously the case. A situation that may complicate efforts to keep quiet the movements of certain individuals.
A hierarchy of bad to worse actions can occur with this database. Government function can be actively undermined by targeting massive groups of individuals so they are far less effective in their official capacities. Second order effects can be enacted in many ways through some of the people associated with those whose identities have been exposed. At worse, a clear map has been laid out as to key persons and groups of persons to hold if military action became a possibility.
This was probably a test. A test of capabilities and response. A test in which the results can still be put to devastating effect short of overt action. It is a situation in which a campaign can be issued from those who have the database to undermine government function in subtle and indirect ways. Reality can be distorted.
This is all just a statement of possibilities. Maybe a breach is just a breach and nothing comes of it. If it is serious however, there are a few ways to react that are constructive and useful.
First, there is no profit in responding in kind. The particular structures and configuration of American society is what makes this kind of breach effective in the scenarios outlined. All that may occur is a back and forth escalation that would be wholly unproductive.
The smarter move is to actively disassociate Federal systems from the Internet. Connecting it to the Web was not a wise idea. You cannot prove certainty in the security of critical systems in such a configuration. Either return to paper based systems using typewriters or at least have internal communications networks with zero ability to be linked to the Internet in any way. Long-term, the best move will be to revert to paper based systems.
Next, reconfigure government. A mass wave of reassignment may need to occur. Agencies recalibrated or recast. The patterns that can be inferred from the database must be fully abolished. The main error at this point would be complacency.
Finally, the lesson is this. The very systems that enable tremendous convenience are also the very systems that are convenient to compromise. The exalted visions of seamless automation and leverage of information management mechanisms are simply incompatible with the prerogatives to sustain security and confidentiality where it is most needed.