OPM pushes back on watchdog report on computer security lapses

The Office of Personnel Management (OPM) is pushing back on a scathing watchdog report that found security holes in the agency’s computer networks.

{mosads}

“[The Government Accountability Office] audit took place in October 2015 and does not reflect work OPM has completed since then,” an OPM spokesman said in an emailed statement on Wednesday. “Over the past year, OPM has taken significant steps to enhance its cybersecurity posture.”

The agency, which suffered a massive data breach discovered last summer, has faced criticism for its relationship with government watchdogs over its alleged failure to follow inspector general security recommendations prior to the hack.

The incident — widely considered to be Chinese espionage — exposed over 20 million former and current U.S. employees, contractors and others.

In a response included in Tuesday’s GAO report, the OPM also argued that in some cases the GAO failed to provide sufficient information about its findings to allow the agency to either verify or fix the alleged deficiency.

The GAO fired back in that report that the OPM itself gave investigators the information it is now saying it was never provided.

“OPM requested the underlying materials supporting our findings, noting that the ability to review the output of any scans and similar materials would enable OPM to better understand our conclusions. On that same day, we informed agency personnel that they already had all of these materials, as they had provided them to us,” the report reads.

The GAO report faulted three other agencies in addition to the OPM for “systems having weaknesses in all, or most, of the control areas.”

The OPM did agree to two of the GAO’s four recommendations and partially agreed to a third.