Wednesday, June 17, 2015
Associated Press
WASHINGTON
The agency that allowed hackers linked to China to steal private information about nearly every federal employee — and detailed personal histories of military and intelligence workers with security clearances — failed for years to take basic steps to secure its computer networks, officials acknowledged to Congress on Tuesday.
Democrats and Republicans on the House Oversight and Government Reform Committee spoke in unison to describe their outrage over what they called gross negligence by the Office of Personnel Management. The agency’s data was breached last year in two massive cyberattacks only recently revealed.
The criticism came from within, as well. Michael Esser, the agency’s assistant inspector general for audit, detailed a yearslong failure by OPM to adhere to reasonable cybersecurity practices, and he said that for a long time, the people running the agency’s information technology had no expertise.
Last year, he said, an inspector general’s audit recommended that the agency shut down some of its networks because they were so vulnerable. The director, Katherine Archuleta, declined, saying it would interfere with the agency’s mission.
The hackers were already inside her networks, she later acknowledged.
“You failed utterly and totally,” said committee Chairman Jason Chaffetz, a Utah Republican. “They recommended it was so bad that you shut it down, and you didn’t.”
Archuleta, stumbling occasionally under withering questions from lawmakers, sought to defend her tenure and portray the agency’s problems as decades in the making as its equipment aged. She appeared to cast blame on her recent predecessors.