OPM

Chaffetz demands mysteriously deleted OPM breach data

Jason Chaffetz

Oversight and Government Reform Chairman Jason Chaffetz wants OPM to explain its handling of a CyTech Services incident response tool.

CyTech Services, the service-disabled veteran-owned small business that may have helped detect the Office of Personnel Management breach, is back on the congressional radar.

The House Oversight and Government Reform Committee has given OPM a Sept. 23 deadline to explain why it abruptly returned, and deleted information from, a CyTech appliance it had held onto for months.

In a letter to OPM Acting Director Beth Cobert, Chairman Jason Chaffetz (R-Utah) said that CyTech, while demonstrating its high-speed incident response tool CyFIR on April 21, had turned up evidence of “malicious code” on OPM’s networks.

OPM has denied that CyTech’s tool was responsible for discovering the breach.

CyTech has publicly affirmed that CyFIR turned up malicious code, but CyTech’s president noted that he could not say whether OPM already knew of the threat before CyFIR’s revelation.

OPM never provided FCW with an exact date of breach discovery to contradict reports that CyTech had discovered the breach, but in a timeline obtained by FCW last month, federal investigators reported that OPM officials learned of their problem on April 15 – six days prior to CyTech’s demo – when the agency discovered "anomalous SSL traffic with [a] decryption tool" that had been implemented in December 2014.

CyTech representatives said the company supported OPM’s breach response until May 1, but OPM held onto the CyFIR appliance for months afterward.

On Aug. 20, one day after committee staff asked where the CyFIR appliance was, OPM returned it to CyTech, Chaffetz’s letter said. CyTech reported that it appeared the device’s data storage drive had been deleted on Aug. 17.

“The deletion or loss of that data – intentional or otherwise – would damage the Committee’s effort to determine how and why OPM’s networks were infiltrated,” Chaffetz wrote.

Sources familiar with the situation said CyFIR’s storage capacity was 16TB.

Chaffetz demanded that OPM provide his committee with all the data that was on the CyFIR appliance by the close of business on Sept. 23.

“OPM has received the committee's letter and is working to respond in a timely manner,” said OPM spokesman Sam Schumach.

CyTech leadership declined to speak about the issue on the record.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.