Einstein the only winner from another flaying of OPM on the Hill
- By Sean Lyngaas
- Jun 25, 2015
Obama administration officials on June 25 took another round of verbal flaying from Congress over IT security practices in the aftermath of the devastating hack of the Office of Personnel Management. The two-hour-plus venting session saw OPM Director Katherine Archuleta defending her continued leadership and lawmakers struggling to pin down the timelines of multiple breaches at OPM. The only winner from the Senate Homeland Security and Governmental Affairs Committee hearing was a federal cybersecurity program known as Einstein: the committee’s ranking Democrat said he was readying fresh legislation to accelerate the program.
While noting that Einstein is “not a panacea” for cyber vulnerabilities, Sen. Tom Carper (D-Del.) said he and Chairman Ron Johnson (R-Wis.) were working on a bill to increase adoption of the program at civilian agencies while requiring that leading security technologies be deployed.
Begun in 2005, the Einstein program focuses on the perimeter of federal networks by installing sensors at Web access points, combing through that data for vulnerabilities and using security signatures to block malicious traffic. The program is now in its third iteration – Einstein 3A (for “accelerated”) – which boosts security capabilities by leveraging classified information.
Less than half of the civilian side of the federal government has deployment Einstein 3A in one form or another, Andy Ozment, a top DHS official, told lawmakers. The assistant secretary in DHS’s Office of Cybersecurity and Communications said that Einstein, with its focus on network perimeters, is “necessary, but not sufficient” for civilian-agency cyber defense. Private security experts agree.
Though administration officials say Einstein helped detect the breach of the personal information of at least 4.2 million current and former federal employees, the program is but one discussion point in the post-mortem drama playing out on Capitol Hill.
Another is Archuleta’s continued tenure as OPM director. Several lawmakers either asked Archuleta directly or the other witnesses if she was fit to lead the agency. Fellow witness Tony Scott, the federal chief information officer, backed Archuleta’s leadership, but senators seemed less than convinced. Carper, for his part, noted that OPM has been without a Senate-confirmed deputy director for more than three years. Consideration of the nomination of retired U.S. Navy Rear Adm. Earl Gay has been held up by Sen. David Vitter over health care policy.
Archuleta defended her leadership and blamed the agency’s IT struggles on “decades of neglect” prior to her arrival and the challenges of managing legacy IT systems. But when OPM Inspector General Patrick McFarland was asked whether Archuleta had fulfilled her promise to improve the agency’s IT security policies by working closely with McFarland, he replied, “I don’t believe she’s fulfilled that commitment specifically with me.”
The OPM boss called for more resources to help shore up her agency’s cybersecurity, saying she plans to submit a request to lawmakers for more funding for IT security by the end of the week.
Longtime DHS CIO Richard Spires told lawmakers earlier this week that money was not the problem. ““It’s more of a management issue,” he said.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.