OPM hack looms over Cobert confirmation hearing
- By Aisha Chowdhry
- Feb 04, 2016
Acting Director Beth Cobert told a Senate committee that OPM is "committed to making sure we are spending IT dollars in a responsible way."
At a Feb. 4 confirmation hearing, senators questioned the Office of Personnel Management's acting leader on the agency's apparent inability to respond to document requests from the House Oversight and Government Reform Committee.
Acting OPM Director Beth Cobert was on the hot seat in the Senate a day after Rep. Jason Chaffetz (R-Utah), chairman of the House oversight committee, filed a subpoena against OPM for documents related to the massive 2015 breach that resulted in the theft of records on 22 million individuals, including applicants for security clearances.
Sen. Ron Johnson (R-Wis.), chairman of the Senate Homeland Security and Governmental Affairs Committee, said the sticking point was the inability of the House to obtain documents related to the role cybersecurity vendor CyTech Services might or might not have played in unearthing the OPM breach during an April 2015 product demonstration.
Chaffetz had originally demanded that OPM turn over the information by Sept. 23, 2015. Internal government documents obtained by FCW peg the date of breach discovery as being several days before the CyTech demo.
Cobert, whose nomination for the role of deputy director for management at the Office of Management and Budget was favorably reported out of the Senate committee, is now seeking to be confirmed as OPM director on a permanent basis. She told lawmakers she had received the subpoena but had not had time to go through it in detail.
More generally, she offered a commitment to work with oversight committees on their requests but noted that in some cases the security of documents could be an issue.
Cobert also offered assurances to the committee that OPM would be monitoring the performance of current IT contractor Imperatis. The company was tapped in a hurried procurement process to shore up the agency's security in the wake of the OPM breach.
Sen. Claire McCaskill (D-Mo.) noted that "corners may have needed to be cut" in the rush to patch agency systems after the breach, but she told Cobert that she "wants to know if [the deal] is going south," given the history of failed IT implementations at OPM.
Cobert said that under her stewardship, OPM is "committed to making sure we are spending IT dollars in a responsible way, in a more modular way, so that each element delivers results as it goes."
Officials are also working through a list of IT security recommendations from the agency's inspector general. She said OPM has already made changes to IT security governance, added a new chief information security officer position and is prioritizing security "starting with high-value assets." Cobert added that the agency aims to close a backlog of recommendations related to the Federal Information Security Management Act.
"We're committed to just keeping at it until we get through every one of them," she said.
In addition, she pledged improvements to OPM's core business of onboarding federal employees and processing retirements. The agency is trying to cut through the backlog of retirement benefits processing by improving the digital self-service options available to retirees who need to update or change benefit information. Officials are also identifying and fixing bottlenecks in the system that supports feds who are about to retire.
Cobert also promised improvements to USAJobs.gov. OPM officials are evaluating the system and plan to incorporate changes throughout the year. Cobert said the goal is to change the system from "a job bulletin that was automating a process to a real resource to help people understand what are the opportunities in federal employment, is that a fit for them, and how can they access those positions."
OPM also plans to make improvements to the site's interface for federal hiring managers.
Aisha Chowdhry is a former staff writer for FCW.