This question has led me on a long and winding journey through multiple decades’ worth of accident and disaster literature. I read reports almost every day about tragedies that sociologists and engineers have spent years analyzing such as Three Mile Island and Challenger. My goal is to better understand what happened in OPM by looking for similarities with other large-scale organizational failures. At times, it can feel like I am running in circles. I often rotate between a variety of theories. Books and articles I read refute each other frequently and judging who is most convincing is difficult. At this time of writing I suspect that it was not the inherent size of OPM that caused the issues per se, but an internal breakdown in communication caused by something akin to office politics.
Cyber defense is a craft within a complex system. It faces an onslaught and is prone to catastrophic failure. How we treat information systems and cyber threats inside of large organizations like government agencies can now influence the course of geopolitics. By continuing the discussion on OPM, I hope to encourage officials and policymakers to consider more thoroughly the ramifications of security and organizational policy.
