Cybersecurity

Einstein the only winner from another flaying of OPM on the Hill

Shutterstock image (by M DOGAN): Washington DC, Capitol building.

(Image: M DOGAN / Shutterstock)

Obama administration officials on June 25 took another round of verbal flaying from Congress over IT security practices in the aftermath of the devastating hack of the Office of Personnel Management. The two-hour-plus venting session saw OPM Director Katherine Archuleta defending her continued leadership and lawmakers struggling to pin down the timelines of multiple breaches at OPM. The only winner from the Senate Homeland Security and Governmental Affairs Committee hearing was a federal cybersecurity program known as Einstein: the committee’s ranking Democrat said he was readying fresh legislation to accelerate the program.

While noting that Einstein is “not a panacea” for cyber vulnerabilities, Sen. Tom Carper (D-Del.) said he and Chairman Ron Johnson (R-Wis.) were working on a bill to increase adoption of the program at civilian agencies while requiring that leading security technologies be deployed.

Begun in 2005, the Einstein program focuses on the perimeter of federal networks by installing sensors at Web access points, combing through that data for vulnerabilities and using security signatures to block malicious traffic. The program is now in its third iteration –  Einstein 3A (for “accelerated”) – which boosts security capabilities by leveraging classified information.

Less than half of the civilian side of the federal government has deployment Einstein 3A in one form or another, Andy Ozment, a top DHS official, told lawmakers. The assistant secretary in DHS’s Office of Cybersecurity and Communications said that Einstein, with its focus on network perimeters, is “necessary, but not sufficient” for civilian-agency cyber defense. Private security experts agree.

Though administration officials say Einstein helped detect the breach of the personal information of at least 4.2 million current and former federal employees, the program is but one discussion point in the post-mortem drama playing out on Capitol Hill.

Another is Archuleta’s continued tenure as OPM director. Several lawmakers either asked Archuleta directly or the other witnesses if she was fit to lead the agency. Fellow witness Tony Scott, the federal chief information officer, backed Archuleta’s leadership, but senators seemed less than convinced. Carper, for his part, noted that OPM has been without a Senate-confirmed deputy director for more than three years. Consideration of the nomination of retired U.S. Navy Rear Adm. Earl Gay has been held up by Sen. David Vitter over health care policy.

Archuleta defended her leadership and blamed the agency’s IT struggles on “decades of neglect” prior to her arrival and the challenges of managing legacy IT systems. But when OPM Inspector General Patrick McFarland was asked whether Archuleta had fulfilled her promise to improve the agency’s IT security policies by working closely with McFarland, he replied, “I don’t believe she’s fulfilled that commitment specifically with me.”

The OPM boss called for more resources to help shore up her agency’s cybersecurity, saying she plans to submit a request to lawmakers for more funding for IT security by the end of the week.

Longtime DHS CIO Richard Spires told lawmakers earlier this week that money was not the problem. ““It’s more of a management issue,” he said.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.