Senators: End sequester to pay for cybersecurity

Two members of the Senate Intelligence Committee are calling on their fellow lawmakers to fully fund the Obama administration’s fiscal 2016 budget request for the Office of Personnel Management -- a boost of $32 million compared with 2015 -- after a large-scale cyberattack on OPM was revealed last week.

"This attack clearly highlights how critical it is for our national defense that Republicans and Democrats negotiate another bipartisan sequester relief package," Sens. Angus King (I-Maine) and Mark Warner (D-Va.) wrote in a June 10 letter to Arkansas Republican John Boozman, chairman of the Senate Appropriations Subcommittee on Financial Services and General Government. "This attack on OPM's IT infrastructure is not the first and will likely not be the last."

OPM’s fiscal 2016 request of $272 million includes $21 million for finishing network upgrades begun in fiscal 2014.

The OPM hack, which multiple reports have said took place in December but was not discovered until April, exposed the personal information of up to 4 million current and former federal employees.

On a June 10 call with reporters, Warner said hacks like those on OPM were a reminder of the need to "get rid of the stupidity of sequestration." The additional funding for OPM would "build up additional IT infrastructure and better protections," he said, adding that information-sharing legislation approved by the Intelligence Committee in March should be brought to the Senate floor and not attached to the defense authorization bill, as Majority Leader Mitch McConnell (R-Ky.) has suggested.

King predicted "sequestration will cause future breaches unless we start funding some of these defensive capabilities adequately."

Lankford wants answers on hack

On another front, Congress is starting to dive into the details of the hack.

Sen. James Lankford (R-Okla.), chairman of the Regulatory Affairs and Federal Workforce Subcommittee of the Senate Homeland Security and Government Affairs Committee, sent a letter June 10 to OPM Director Katherine Archuleta seeking more detailed information on the breach, how it was discovered and OPM's overall security posture.

Specifically, Lankford wants to know the date OPM learned of the breach, the overall chronology of the internal OPM investigation, when OPM notified the federal agencies charged with probing cybersecurity breaches, and the source of the funding OPM is using to offer credit monitoring to affected personnel, as well as the process by which OPM selected a contractor to provide that service. Additionally, Lankford wants to know who was responsible for crafting OPM's cybersecurity plan before June 4, when the world learned of the hack, and who executed the plan. He is requesting his answers by June 22.

Lankford also called attention to OPM's response to hacks against background check contractors USIS and KeyPoint, which compromised the records of about 73,000 feds. OPM cut ties to USIS, which was also the subject of a whistleblower lawsuit alleging shoddy investigative practices. But OPM retained KeyPoint despite the breach of their systems.

"That OPM would so disparately reprimand its contractors for their IT security, while failing to prevent a breach fifty-five times larger than the USIS and KeyPoint breaches combined, raises serious questions about the integrity of OPM's IT security," Lankford wrote.