The OPM breach has not been discussed in the thousands of sentences of commentary written about the hack. The problem isn’t the lack of security standards, commercial security products and services, but the fact that the existing collection of commercial hardware, firmware and software employed to provide IT services contain inherent design and implementation vulnerabilities. The only solution to this dilemma is to raise the “trustability” level of our computer systems high enough to make even sophisticated hacking riskier and more susceptible to easier identification. As they say in the military: Reduce the attack surface.”]
Source: https://www.cuinfosecurity.com/blogs/preventing-another-opm-type-breach-p-1886