Yesterday, the House Oversight Committee received testimony from federal officials regarding the April 2015 cyberattack on the Office of Personnel Management (OPM), which compromised the personal information of approximately 4 million government employees and retirees, including social security numbers. The executive branch delayed reporting the incident until June 4, much to the dismay of the House Committee.
OPM head Catherine Archuleta was under fire for what Committee Chairman Jason Chaffetz, R-Utah, called the “most devastating” cyberattack in United States’ history. Ms. Archuleta attempted to avoid blame, explaining that the security failures were “decades in the making.” Chairman Chaffetz later called for Ms. Archuleta’s removal.
The OPM servers, part of the Interior Department data centers, are monitored by the Department of Homeland Security’s $3 billion Einstein continuous network monitoring program. Many, including former DHS deputy undersecretary for cybersecurity, Mark Weatherford, see this as a failure of the Einstein program, which should have noticed “all this information being transmitted to a foreign country’s IP range.” Mr. Weatherford further commented: “It’s a legitimate question to ask if Einstein couldn’t’ prevent this breach, is it worth the hundreds of millions we’re putting into it?”
As the details of this massive data breach unravel, the House, and likely Senate, will continue to investigate and seek legislative solutions to strengthen cyber defenses, and to hold members of the executive branch accountable for blatant security failures.