Education Department faces tough criticism from Congress on its IT security

Wikimedia image: Department of Education.

The Department of Education has faced scrutiny from both sides of the congressional aisle over its failing FITARA grade.

The Education Department's CIO faced bipartisan scrutiny during a House hearing earlier this week on the department's failing score on implementing the Federal IT Acquisition Reform Act and its ability to protect its core systems from cyberattacks.

The Education Department houses data on some 40 million federal student loan borrowers and manages $1 trillion in assets connected to those loans. The sensitive personal information in the department's system includes about 139 million Social Security numbers.

The House Oversight and Government Reform Committee released scorecards in early November that graded agencies on their FITARA implementation efforts to date. Education received an F overall and an F in data center consolidation.

During the committee hearing, Republican and Democratic lawmakers pressed CIO Danny Harris on whether the agency's information systems are vulnerable to a data breach like the one at the Office of Personnel Management that exposed 22 million people's personal information. Harris defended the security of Education's information systems, saying, "As of today, I would rank it a 7. We're making great progress, but I would rank it a 7."

Harris also disputed the failing FITARA grade, saying his department is meeting many of the act's requirements. "I think we're very solid with FITARA," he said. "I actually think we should have gotten a C."

Committee members disagreed, especially with Harris' statement that the department had securely consolidated its data centers. Education has 184 information systems, 120 of which are run by contractors. Harris said the department directly controls just three data centers, but some lawmakers raised concerns about who is in charge of information systems that are contracted out and who is responsible for protecting the data they contain.

If you've got hundreds of...database centers under the care of contractors," Rep. Gerry Connolly (D-Va.) said. "[The Office of Management and Budget] may not count that technically as a Department of Education database center, but it's still in your charge."

Education Inspector General Kathleen Tighe testified that she and her team detected serious vulnerabilities in the department's IT systems during a simulated attack. She said they penetrated the department's systems and gained access to the Education Department Utility for Communications, Applications and Technical Environment -- the department's general support system -- without being detected by the IT staff or the contractor.

"We could have really done anything in there," Tighe said.

Harris said his department is working hard to resolve the issues and completely modernize all its IT systems by the end of fiscal 2016.

Rep. Jason Chaffetz (R-Utah), the Oversight Committee's chairman, said Harris should meet with Education Secretary Arne Duncan more than once a month.

"They're managing more than $1 trillion in assets...for the United States," Chaffetz said. "It's basically the size of Citibank, and the CIO meets with the secretary maybe 12 times a year. That's absolutely stunning.... Almost half of the population of the United States of America has their personal information sitting in this database, which is not secure."

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.