Congress

Chaffetz wants answers from US-CERT, OPM on hack

Jason Chaffetz

House Oversight and Government Reform Chairman Jason Chaffetz wants more details on the response to the OPM hacks.

Overseers in Congress are teeing up material for another round of hearings on the breach of personal data on more than 22 million federal employees.

Utah Republican Rep. Jason Chaffetz, chairman of the House Oversight and Government Reform Committee, is looking for details on the timeline of the response to the hacks as reported to the U.S. Computer Emergency Readiness Team and details on computer security manuals exfiltrated from the Office of Personnel Management.

Chaffetz wants US-CERT, a unit of the Department of Homeland Security, to report on when it was first contacted by OPM to report the breach, and any reporting or analysis on the nature of the attack, including whether hackers deployed any malicious code that was known to DHS. In an Aug. 19 letter to US-CERT Director Ann Barron-Di-Camillo, Chaffetz also wants information on any site visits made by US-CERT personnel to OPM data centers, and any reports or recommendations from US-CERT to OPM.

Separately, Chaffetz is also seeking information on security document and manuals taken from OPM systems as far back as March 2014. In a June 24 hearing of the committee, OPM CIO Donna Seymour testified that the loss of the material represented a security breach, and that attackers could use the information to "learn about the platform, the infrastructure of our system."

In a letter to acting OPM Director Beth Cobert, Chaffetz asks for details on what was taken, when the thefts occurred, who discovered the breaches, and how the response was handled.

"The fact that security documents and systems manuals were accessed and taken from the network as discovered in March 2014 heightened the need for OPM to protect its network," Chaffetz wrote. The fact that subsequent breaches occurred, and were possibly enabled by the use of exfiltrated security manuals, clearly is something Chaffetz plans on digging into in the future. He wants to hear from OPM by Sept. 1, and from US-CERT by Sept. 2.

Chaffetz and other Republicans on the panel have called for Seymour's ouster as CIO, most recently in an Aug. 6 letter to Cobert.

On the other side of the aisle, Rep. Gerry Connolly, a senior Democrat on the committee, says firings are not the answer. The Virginian told FCW that calls for firings "divert attention from our failure in Congress to provide the necessary resources for investment in OPM and other federal agencies," and added that the United States was enmeshed in ongoing, but below-the-line cyber wars with China, Russia, Iran and North Korea, and that federal agencies are vulnerable targets for attack.

"Going after an agency head or CIO is a lot easier, a lot more comfortable, than dealing with the big systemic questions that Congress has failed to deal with," Connolly told FCW in an Aug. 11 interview on the sidelines of a federal IT conference.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.