The committee has scheduled another hearing Wednesday on contractors whose data may have been compromised in the breach of the OPM database, exposing Social Security numbers and other employment data of 4.2 million active and current federal workers. Officials disclosed last week that a database containing extensive background files for security clearance applications also was breached; thousands of contractors have clearances.
Lawmakers, many of whom represent districts with thousands of federal employees, are furious that Archuleta and her staff were warned repeatedly by the agency’s inspector general to make computer security upgrades but took too long, possibly opening a door to hackers.
“I am fully aware that cybersecurity is a problem that cannot be solved, but merely managed,” Rep. Jim Langevin (D-R.I.) said in a statement Wednesday calling on Archuleta to step down. “However, we must not allow leaders in government or the private sector to use this as an excuse for operating without a risk-based cyber strategy. I have seen no evidence Ms. Archuleta understands this central principle of cyber governance, and I am deeply concerned by her refusal to acknowledge her culpability in the breach.”
The OPM chief still has President’s Obama’s support, White House press secretary Josh Earnest said.
“[T]he reason that this cyber-intrusion was detected is because OPM was in the final stages of adding important security upgrades to their computer network,” Ernest said Wednesday. “There has been some discussion about this Office of Inspector General report identifying some weaknesses in the OPM computer network. That report was issued after OPM was already in the midst of upgrading their cyberdefenses.”
“… I think that is an indication that OPM, under the leadership of Director Archuleta, recognizes that this does need to be a priority and that there is significant and important work that needs to be done to make sure that they’re fulfilling their responsibility to protect the data of federal workers.”
At Tuesday’s committee hearing, Inspector General Patrick McFarland testified that last year his office found 11 major OPM systems were operating without the agency’s certification that they met security standards. Auditors recommended to Archuleta that OPM consider shutting down those systems.
Archuleta responded that the recommendation came “after the adversaries were already in our network,” a reference to a previous data breach. The personnel data was not encrypted, but Archuleta told the committee the IT networks are so old they probably didn’t support modern encryption technology anyway. A top official with the Department of Homeland Security testified that the hackers would have gotten to the data anyway because they had the employees’ credentials to access the system.
Chaffetz had planned to issue a formal letter Wednesday asking for the resignations of Archuleta and her chief information officer, Donna Seymour, but his aides said they were holding off for now.
Rep. Mark Meadows (R-N.C.), chairman of the oversight panel’s committee on government operations, and Rep. Ted Lieu (D-Calif.) also have asked for the director’s resignation.
You might also like: