Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Federal CIO Backs OPM LeadersTony Scott Professes Confidence in Archuleta to Mend InfoSec
Despite some lawmakers questioning the ability of Office of Personnel Management Director Katherine Archuleta and CIO Donna Seymour to lead critical IT security initiatives, the two OPM leaders received a strong endorsement from Federal CIO Tony Scott.
Exclusive Webinar: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs
Scott told the Senate Homeland Security and Governmental Affairs Committee on June 25 that he has been in the trenches with OPM staffers implementing new security safeguards, who've expressed confidence in the leadership of Archuleta and Seymour. Some lawmakers have called for the two OPM leaders to resign in the wake of security breaches - which some news reports claim were launched by hackers in China - that resulted in the theft of personal information of millions of government employees and retirees.
"We need to be careful about distinguishing fire starters from firefighters," Scott said. "In this particular case, they have my full support."
But OPM Inspector General Patrick McFarland, responding to a question about whether he had confidence in OPM leadership to deploy successfully new, security IT systems, said: "The intent is there but based on what we found, no."
McFarland's findings appear in a flash audit his office made public on June 17 that criticized OPM management for not developing a major IT business case, as required by the Office of Management and Budget, for a $93 million project to migrate agency data to a modern, more secure IT system.
In addition, the audit points out that OPM hasn't developed a plan for how to fund the initiative. Instead, much of the funding would come from other OPM programs.
Committee Chairman Ron Johnson, R-Wis., criticized Archuleta for not yet meeting with McFarland on the audit. But Archuleta testified that such a meeting could be held as soon as next week. Johnson also criticized Archuleta for not meeting with FBI Director James Comey. Media reports, citing the FBI, say the breaches at OPM might have exposed information on as many as 18 million individuals.
"I don't expect perfection but I'm looking for people to prioritize," Johnson said. "I'm looking at people's actions that they took. And the fact that the director did not meet with the inspector general to specifically discuss these IG reports, the fact that she has not yet met with FBI Director Comey on these very serious issues - it really gives me pretty great pause in terms of having confidence that the current management team in OPM really is up to the task."
Audio Roundup of Hearing
In the audio report on the hearing:
- Archuleta explains why she supports the continued use of contractor KeyPoint Government Solutions to conduct background checks on employees seeking security clearances. Government officials say the hackers who breached OPM systems likely stole the credentials of a KeyPoint employee who was working on OPM computers.
- McFarland explains why OPM should slow down the initiative to migrate sensitive data to a more secure, modern system.
- Archuleta defends her efforts to implement as quickly as possible the new system because of the cyberthreats the U.S. government faces from its adversaries.