Lawmakers Want Resignations After Government Personnel Files Breach

July 9, 2015
In The News

Katherine Archuleta, left, and Andy Ozment, assistant secretary, Office of Cybersecurity and Communications, National Program Preparedness Directorate, Homeland Security Department, testify on Capitol Hill in Washington on Tuesday.

Cliff Owen/Associated Press

 

At least two lawmakers on Tuesday called for Office of Personnel Management officials to resign following a giant breach of background investigation records and other personnel files by suspected Chinese hackers, with Congress ramping up pressure on the agency to discern how much was lost.

 

Rep. Jason Chaffetz (R., Utah), chairman of the House Committee on Oversight and Government Reform, called on OPM Director Katherine Archuleta and OPM Chief Information Officer Donna Seymour to step down following the breach, which compromised millions of personnel records, background check files, and security clearance screenings. Mr. Chaffetz grilled both OPM officials at a hearing Tuesday, at times acting exasperated that he couldn’t find out more information about the intrusion.

 

“I hear, ‘We are doing a great job,’” Mr. Chaffetz told them after reading their testimony. “You are not. It is failing.”

A browbeating at the House Committee on Oversight and Government Reform is a rite of passage for any federal official going through a small or large crisis. The hearings can be theatrical at times, particularly as officials must raise their right hands and swear to tell the truth. But Tuesday’s hearing was notable in the bipartisan berating that came from lawmakers who seemed upset at the lack of information being provided.

Rep. Ted Lieu (D., Calif.) said he wanted a “few good people to accept responsibility and resign for the good of the nation.” Rep. Gerry Connolly (D., Va.) growled at the OPM officials that the breach was the worst seizure of federal employee records in U.S. history (his Northern Virginia district has a high concentration of federal employees).

 

The OPM officials tried to answer a number of the rapid-fire questions, such as when they discovered the breach and how they were notifying people that records could be stolen. But they also said there were numerous questions – such as who perpetrated the attack, how long their networks could have been compromised, and what information was stolen – that could only be addressed in a classified briefing.

Some U.S. officials believe Chinese hackers carried out the attack, which raises national security questions about the implications of the lost data. Chinese officials have denounced these accusations.

Federal agencies have faced cyberattacks for years, and lawmakers expressed that they were tired of hearing about intrusions. Rep. Elijah Cummings (D., Md.) bemoaned that many federal agencies were dragging their feet and not moving quickly enough to protect their networks.

 

“We need to operate under the assumption that the hackers are already inside,” he said. “They are already there.”

At one point in the hearing, Mr. Chaffetz asked Ms. Archuleta how many records were lost and how many years’ worth of data could have been exposed.

She answered three consecutive questions by saying, “I would be glad to discuss that in a classified setting,” which made Mr. Chaffetz furious.

“We didn’t ask you to come read statements,” he said. “You failed, okay? You failed utterly and totally.”

OPM officials, and their colleagues from the White House Office of Management and Budget and Department of Homeland Security, told lawmakers that everything was being done to determine the extent of the breach but that some details had to remain closely held as the investigation progressed.

Andy Ozment, a DHS assistant secretary who works on cybersecurity, told lawmakers that officials from the National Security Agency and other bureaus “have assessed they have fully removed the adversary from the networks” in the time since the breach was discovered.

But, he added, they couldn’t be sure.