Lawmakers on Tuesday will get their first crack at questioning Office of Personnel Management officials about the mega breach that has the Obama administration reeling.
Two top OPM officials are expected to appear before the House Oversight and Government Reform Committee for the first of what will likely be many congressional hearings on the incident.
{mosads}“I think the public needs to hear about this, public employees need to hear about this,” said Oversight Committee Chairman Jason Chaffetz (R-Utah) during an interview that aired Sunday on C-SPAN’s “Newsmakers.”
Tensions are running high between the Obama administration and Congress over how the federal government has managed fallout from the hack.
Officials initially said 4 million current and former federal employees had been affected by the compromise. Most are expecting that number to grow to between 9 and 14 million, potentially encompassing non-government workers named in government files and government contractors.
In the process of investigating the network compromise, officials also acknowledged Friday that they had discovered another breach that had exposed securing-clearance information on millions of military and intelligence agency personnel.
The second hack has laid bare the most private details from people’s personal lives, including affairs and past drug and alcohol abuse. The information is considered a goldmine for potential blackmailers or foreign governments looking to recruit informants within the government.
On Tuesday, OPM Director Katherine Archuleta and OPM Chief Information Officer Donna Seymour will have to field lawmakers’ questions about exactly what’s going on and why it happened.
“We should have seen this coming a long time ago,” Chaffetz said.
To this point, the agency has been mostly reticent to address rampant speculation about just how far the breach goes, citing the ongoing investigation.
The ongoing fallout has led lawmakers to accuse the Obama administration of failing to comply with a major federal data security law, known as the Federal Information Security Management Act (FISMA).
“What is happening within the federal government IT systems is serious and I’m highly concerned this administration isn’t really complying with things like the FISMA law [and] is not seriously taking a look at their security measures,” Senate Homeland Security and Governmental Affairs Chairman Ron Johnson (R-Wis.) told The Hill last week.
The OPM assistant inspector general for audits, Michael Esser, will appear before the panel to answer questions about those concerns.
Esser’s office published last November a scathing report highlighting the OPM’s security shortcomings.
The watchdog report said auditors were unable to find a vulnerability scanning program at the agency and that the OPM didn’t maintain an inventory of all the servers and devices that had access to its networks.
The personnel agency is also facing criticism for not fully encrypting employee records.
Lawmakers argue the deficiencies are symptomatic of a larger problem.
“The recent cyber attack against OPM is the latest in a series of aggressive attacks against our nation,” Rep. Elijah Cummings (D-Md.), the panel’s top Democrat, told The Hill on Monday.
Numerous other government agencies, from the U.S. Postal Service to the White House have also been felled by cyberattacks over the last year.
Senior cybersecurity officials from the Department of Homeland Security and the Office of Management and Budget will testify about the administration’s broader security efforts.
“For the past two years, I have been calling on the Oversight Committee to hold hearings to examine the full extent of this problem, as well as potential solutions and best practices to defend our country’s interests,” Cummings said. “I hope our hearing tomorrow is the first step in that process.”