Witnesses say OPM ignored guidance, failed to prioritize computer network security

Washington, D.C. – Today the Research and Technology Subcommittee and the Oversight Subcommittee held a joint hearing to examine recent data breaches of federal employees’ and contractors’ personal information at the Office of Personnel Management (OPM).

Chairman Lamar Smith (R-Texas): “National defense in the digital age no longer just means protecting ourselves against enemies who attack with traditional weapons.  It now means protecting America from those who launch cyber-attacks against our computers and networks, invading our privacy and probably endangering lives. This is a national security concern as these breaches expose information about members of our military and employees of national security agencies. The government should be accountable to the people, and this Committee will continue to demand answers about who is responsible for failing to keep Americans’ sensitive information secure.”

The number of cybersecurity incidents reported by federal agencies has increased over 1,000 percent in the last eight years.  In 2014, more than 67,000 cyber-attacks were reported. Private sector data breaches that cost the U.S. economy billions of dollars every year are also on the rise.

Research & Technology Subcommittee Chairwoman Barbara Comstock (R-Va.):“Cybersecurity must be a top priority in every government agency from the top Cabinet official on down.  We need an aggressive, nimble, and flexible strategy to anticipate and stop cyber-attacks.  Those who are engaging in cyber-attacks on our citizens, agencies, and companies – whether they be nation states, adversaries or hacktivist – are a reality we will be living with in the 21st century and we must develop and use all the tools and technology available to thwart them.”

Witnesses today identified the ongoing challenges for protecting personal and sensitive data government-wide from future cyber-attacks.

Oversight Subcommittee Chairman Barry Loudermilk (R-Ga.): “Unfortunately, this administration has failed to provide Americans with any level of confidence that it will adequately protect their personal information when entrusted with it. As we have witnessed over the past few months, there has been a concerning pattern of security breaches involving government computer systems. We owe it to the American people to ensure that their personally identifiable information is safe and protected from cybercriminals.”

The following witnesses testified today:
Mr. Michael R. Esser,  Assistant Inspector General for Audits, Office of Personnel Management
Mr. David Snell, Director, Federal Benefits Service Department, National Active and Retired Federal Employee Association
Dr. Charles Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology
Mr. Gregory Wilshusen, Director, Information Security Issues, U.S. Government Accountability Office

The Science, Space, and Technology Committee has jurisdiction over the National Institute of Standards and Technology, an agency responsible for key security standards and guidelines to support the implementation of and compliance with FISMA. The Committee also oversees the Department of Homeland Security’s Science and Technology Directorate and all research and development related to cybersecurity at the National Science Foundation.

For more information about the hearing, including witness testimony and the archived webcast, visit the Science, Space, and Technology Committee website