I can’t believe that Kari Hunter book 3, The Dark Door, has already been out for an entire month! I hope you enjoyed the story. As I’m writing this, the book has 4.8 stars, but only 17 ratings, and only 5 of those are reviews. So, I’m guessing you liked it..? (Shameless plug: If you liked Kari 3, please let me know and give the book a little shout-out. It doesn’t have to be fancy! Click here to hit the Amazon review page.)

Kari 3 took a long time to write, and finishing it was a major accomplishment. The story was ambitious for my (then) skill set. First, it was a longer mystery than I’d ever written before, and that comes with extra challenges. Second, Kari had more emotional arcs going on. Figuring out how to treat those correctly, and in a fun and satisfying way, was another challenge. (For all you writers out there: KM Weiland’s book on themes is fantastic. Highly recommended! She even includes outlines for positive, flat, and negative change arcs.) On top of that, I was contending with Kari’s need to remain a pacifist, and to do it differently than in the first two books, because I ain’t no one-trick pony!

All of this meant that I was often stopping to research how to treat these different issues. Writing The Dark Door felt like an open-world video game where you have to slay the dragon, rescue the princess, and save the world, but you’re only level 1 and you’re armed with a pool noodle. The only way to win is through 200 side quests. So that’s what I did! I hate that it took so long, but it was all worthwhile, because that work will help me write even better stories going forward.

You might look at one of my books and think of the story, but I remember everything I learned along the way. And that’s honestly my favorite thing. I started out at level 1 with a big idea, went on a winding journey with a million side quests, and slayed the dragon in the end. As it turns out, the princess rescued herself and everyone else.

All of that just to say: I’m so happy with how The Dark Door turned out. I hope you are, too.

And HEY! The paperback is available now, too, so if you want to pick up your copy, just click this link: The Dark Door paperback.

I’m sure you’re wondering what books I’m writing next! I’ve started a spinoff trilogy involving a couple of characters from the Kari Hunter series. If you’ve finished The Dark Door, you might be able to guess who they are…

But maybe you still want a hint? How about this:

The story is set in Listowel, where the newest Immortal State tourist trap is open for business. The voodoo-themed town is her first assignment as a conservator trainee. And everything goes sideways less than thirty minutes after she arrives. Luckily, she’s not entirely alone. Someone followed her to Listowel and is determined to help her, whether she likes it or not.

Now can you guess?

I’m really excited about this trilogy, but we’ll talk more about it later, because first we need to attend to some MAGIC ENGINEERING BUSINESS.

That’s right! Buckle up, Interns of Magic Engineering fans: I’ve got an Interns novelette in the editing stage. And this book will be FREE for all my newsletter subscribers. If you aren’t subscribed, sign up now so you can get it when it’s ready.

In this next episode (technically book 3½!), Dr. Docktor divides the interns into two groups and sends them on important tasks. Charlie gets trapped on the building’s top floor. Poison is filling the air, and something’s skulking around in the darkness, trying to take her down in a very unflattering way. Luckily, Charlie’s got one of her intern friends with her, fighting back with the power of teamwork.

HAHAHA, just kidding. She’s trapped with Indigo.

This book wasn’t in the original plan, but I’ve been thinking about a new Interns trilogy for a while. Beyond the overarching story, I wanted to know what other mysteries and heinous deeds were afoot. The simplest and most effective way to find out was to jump into the world—just throw Charlie Temple into another bizarre life-or-death situation—and see what happened.

As it turns out, there’s a LOT to talk about with the Interns. I’m excited for you to read it. Make sure you subscribe to my new-release list to get the freebie when it arrives.

And hey, don’t forget—if you loved Kari 3, The Dark Door, please let me know by giving it a shout-out. Here’s the link again: shout-out for Kari 3!

Until next time,

Jen

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound.

First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.

Then, we learned that uncleared DOGE personnel had gained access to classified data from the US Agency for International Development, possibly copying it onto their own systems. Next, the Office of Personnel Management—which holds detailed personal data on millions of federal employees, including those with security clearances—was compromised. After that, Medicaid and Medicare records were compromised.

Meanwhile, only partially redacted names of CIA employees were sent over an unclassified email account. DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy.

This story is moving very fast. On Feb. 8, a federal judge blocked the DOGE team from accessing the Treasury Department systems any further. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

In any case, breaches of other critical government systems are likely to follow unless federal employees stand firm on the protocols protecting national security.

The systems that DOGE is accessing are not esoteric pieces of our nation’s infrastructure—they are the sinews of government.

For example, the Treasury Department systems contain the technical blueprints for how the federal government moves money, while the Office of Personnel Management (OPM) network contains information on who and what organizations the government employs and contracts with.

What makes this situation unprecedented isn’t just the scope, but also the method of attack. Foreign adversaries typically spend years attempting to penetrate government systems such as these, using stealth to avoid being seen and carefully hiding any tells or tracks. The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny: gaining the highest levels of administrative access and making changes to the United States’ most sensitive networks, potentially introducing new security vulnerabilities in the process.

But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.

The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.

This approach, known as “separation of duties,” isn’t just bureaucratic red tape; it’s a fundamental security principle as old as banking itself. When your local bank processes a large transfer, it requires two different employees to verify the transaction. When a company issues a major financial report, separate teams must review and approve it. These aren’t just formalities—they’re essential safeguards against corruption and error. These measures have been bypassed or ignored. It’s as if someone found a way to rob Fort Knox by simply declaring that the new official policy is to fire all the guards and allow unescorted visits to the vault.

The implications for national security are staggering. Sen. Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes. Over at OPM, reports indicate that individuals associated with DOGE connected an unauthorized server into the network. They are also reportedly training AI software on all of this sensitive data.

This is much more critical than the initial unauthorized access. These new servers have unknown capabilities and configurations, and there’s no evidence that this new code has gone through any rigorous security testing protocols. The AIs being trained are certainly not secure enough for this kind of data. All are ideal targets for any adversary, foreign or domestic, also seeking access to federal data.

There’s a reason why every modification—hardware or software—to these systems goes through a complex planning process and includes sophisticated access-control mechanisms. The national security crisis is that these systems are now much more vulnerable to dangerous attacks at the same time that the legitimate system administrators trained to protect them have been locked out.

By modifying core systems, the attackers have not only compromised current operations, but have also left behind vulnerabilities that could be exploited in future attacks—giving adversaries such as Russia and China an unprecedented opportunity. These countries have long targeted these systems. And they don’t just want to gather intelligence—they also want to understand how to disrupt these systems in a crisis.

Now, the technical details of how these systems operate, their security protocols, and their vulnerabilities are now potentially exposed to unknown parties without any of the usual safeguards. Instead of having to breach heavily fortified digital walls, these parties  can simply walk through doors that are being propped open—and then erase evidence of their actions.

The security implications span three critical areas.

First, system manipulation: External operators can now modify operations while also altering audit trails that would track their changes. Second, data exposure: Beyond accessing personal information and transaction records, these operators can copy entire system architectures and security configurations—in one case, the technical blueprint of the country’s federal payment infrastructure. Third, and most critically, is the issue of system control: These operators can alter core systems and authentication mechanisms while disabling the very tools designed to detect such changes. This is more than modifying operations; it is modifying the infrastructure that those operations use.

To address these vulnerabilities, three immediate steps are essential. First, unauthorized access must be revoked and proper authentication protocols restored. Next, comprehensive system monitoring and change management must be reinstated—which, given the difficulty of cleaning a compromised system, will likely require a complete system reset. Finally, thorough audits must be conducted of all system changes made during this period.

This is beyond politics—this is a matter of national security. Foreign national intelligence organizations will be quick to take advantage of both the chaos and the new insecurities to steal US data and install backdoors to allow for future access.

Each day of continued unrestricted access makes the eventual recovery more difficult and increases the risk of irreversible damage to these critical systems. While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

Assuming that anyone in the government still cares.

This essay was written with Davi Ottenheimer, and originally appeared in Foreign Policy.

Via https://bsky.app/profile/mtsw.bsky.social/post/3lejs4dhtl22v