WASHINGTON – Amid reports that recent cyberattacks may have impacted sensitive information of 18 million current, former, and prospective federal employees, U.S. Senator Chris Coons (D-Del.) questioned Office of Personnel Management (OPM) Director Katherine Archuleta about the data breaches involving the OPM. Senator Coons is the Ranking Member of the Financial Services and General Government Appropriations Subcommittee, which oversees the OPM’s budget.

Just yesterday, reports indicated that investigators now believe the number of affected current, former, and prospective federal employees is roughly 18 million. Assistant OPM Inspector General Michael Esser and former Department of Homeland Security (DHS) and Internal Revenue Service (IRS) Chief Information Officer Richard Spires also attended today’s hearing as witnesses.

Broadcast quality video/audio of Senator Coons’ opening remarks is available here: https://www.youtube.com/watch?v=8Ufft2Z6LmI&feature=youtu.be 

Excerpts from Senator Coons’ opening remarks:

“The fact these security breaches happened is, frankly, terrible. They force us to grapple with the reality that in our interconnected world, we are more vulnerable than ever, and we need to do more to protect our public employees’ vital, personal information from foreign attackers.  After we’ve investigated why these cyber attacks were able to break through, we need to be willing to do what’s necessary to ensure they don’t happen again.  These attacks don’t just compromise the information of millions of federal employees, but our nation’s security as well.” 

“I think we must prevent another round of sequestration. OPM’s FY16 budget request includes a $32 million dollar increase over last year’s enacted level, virtually all of which would address IT infrastructure improvements. Sequestration could critically threaten those investments and even the livelihoods of our employees.  While some of these cuts might be weathered in the short-term, they can have serious long-term impacts, and I think we need to work together to ensure our federal agencies are prepared as best they can be to protect against cyber threats.”

Senator Coons’ full opening remarks are below:

“I’d like to welcome our witnesses, OPM Director Katherine Archuleta, Assistant OPM Inspector General Michael Esser, and former DHS and IRS Chief Information Officer Richard Spires.

“We are here today, as the Chairman has laid out, to review information technology spending and data security at the Office of Personnel Management.  As part of that review, we need to discuss recent cybersecurity attacks that have put federal employee information and our national security at real risk.  We also need to address the late-breaking Inspector General audit that expresses concerns about OPM’s IT modernization project.

“But while we conduct this subcommittee oversight of OPM and its spending and response, I also urge us to put this in the context of larger cybersecurity challenges that face our government and our society as a whole, and progress, or lack thereof, by Congress in strengthening our nation’s cyber defenses and in providing needed funding for federal cybersecurity IT initiatives.

“Regarding the cyber incidents at OPM, one breach involved personnel data of roughly 4 million federal employees, stored on Interior Department networks. During the breach investigation, investigators found another intrusion where information from background investigations was allegedly stolen.  I understand OPM only recently became aware of the security clearance theft and that the investigation is still underway, so while we may be limited in exactly what we can discuss in this context, I’m very hopeful we can have a productive and ongoing discussion.

“The fact these security breaches happened is, frankly, terrible. They force us to grapple with the reality that in our interconnected world, we are more vulnerable than ever, and we need to do more to protect our public employees’ vital, personal information from foreign attackers.  After we’ve investigated why these cyber attacks were able to break through, we need to be willing to do what’s necessary to ensure they don’t happen again.  These attacks don’t just compromise the information of millions of federal employees, but our nation’s security as well.

“It is further troubling that the IG’s office has found that OPM has not fully complied with the Federal Information Security Management Act, which mandates information security requirements for all federal agencies.  While OPM has made recent improvements, we need to remain vigilant.

“Both Director Archuleta and the OPM CIO have only been on the job for roughly year and a half, and to their credit, they have made IT security a priority, but they need to clearly understand the job is not done.

“OPM has indicated to the Subcommittee most of its IT security systems are aged and at the end of their useful life.  For some, security patches are no longer provided by the original vendor.  In Fiscal Year 2014, OPM began a three-year IT system modernization, and is seeking a third installment of $21 million to complete that project this year.  We have to understand that without that funding, the investments of the past two years cannot be meaningful completed.  

“I was alarmed by the IG’s allegations about the mismanagement of the modernization projects to date and hope that OPM’s representatives will speak to these assertions directly here today.

“Last, I just wanted to emphasize, I think we must prevent another round of sequestration. OPM’s FY16 budget request includes a $32 million dollar increase over last year’s enacted level, virtually all of which would address IT infrastructure improvements.

“Sequestration could critically threaten those investments and even the livelihoods of our employees.  While some of these cuts might be weathered in the short-term, they can have serious long-term impacts, and I think we need to work together to ensure our federal agencies are prepared as best they can be to protect against cyber threats.

“The Federal Government is a constant target of cyber attacks. It successfully wards off millions of attempts attacks a year, and I think we need to work together to protect the nation’s economic and national security interests by coming together to deal with these vital cybersecurity issues.

“Chairman Boozman, thank you for holding this hearing, and I am eager to continue to work together as we consider the needs of our federal agencies in combatting these cyber threats.”