Senate committee acknowledges OPM breach is latest in string of govt. failures

By Erin Ayers on June 25, 2015

opmlogo200x200While the U.S. Office of Personnel Management is the latest high-profile governmental glitch, information security and operations remain a problem across the public sector, according to Sen. John Boozman, chair of the U.S. Senate Appropriations Committee’s Subcommittee on Financial Services and General Government.

“The massive breach of OPM systems may have been the most devastating cyber-attack in our nation’s history. Unfortunately, while the news reports about these incidents have been shocking, they should not be surprising. The OPM incident follows several across government and is only the latest example of the federal government’s inability to protect itself from cyber security threats,” said Boozman in his opening statement. He went on to comment, “We are well aware of examples of projects that ended in spectacular failure, as with the initial rollout of Healthcare.gov. While that kind of crisis makes news, we should also be troubled by the accounts that don’t grab headlines, including initiatives with ongoing costs that grow year after year without demonstrating effective results or sufficient security. We must have safeguards in place to ensure that oversight of these projects is consistent, that problems are anticipated before they occur, and most importantly, that someone is actually accountable and responsible. All too often large, complex IT projects drag on for years, outlasting the Administration that initiated them and the employees responsible for managing them.”

During the hearing, OPM Director Katherine Archuleta insisted that the breach affected approximately four million federal employees, though news reports and other branches of government have suggested that many millions more had been affected by the breach, including individuals with sensitive high-level security clearance. In response to committee questions, Archuleta acknowledged that OPM had suffered another breach and the scope of that breach could not ascertained yet.

The OPM’s inspector general Michael Esser addressed comments made by numerous lawmakers in recent weeks that OPM had repeatedly been told its information security should be upgraded. Esser noted that one key problem in government can be tied to zero consequences for failing to comply with the Federal Information Security Management Act (FISMA).

“Although OPM has made progress in certain areas, some of the current problems and weaknesses were identified as far back as Fiscal Year (FY) 2007. We believe this long history of systemic failures to properly manage its IT infrastructure may have ultimately led to the breaches we are discussing today,” said Esser. However, Esser agreed with Archuleta’s statement that the OPM had taken “significant” strides to address the issues it faced.

Archuleta told lawmakers, “This is decades of lack of investments in the system … If there is anyone to blame, it is the perpetrators. Their concentrated, very well-funded, focused aggressive efforts to come into our systems, not just to OPM, but enterprise wide … is one that we are concerned about.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].