Cybersecurity

Chaffetz chides OPM for withholding hack details

A long-running fight over the initial discovery of the massive data breach at the Office of Personnel Management (OPM) resurfaced Thursday at a House Oversight Committee hearing.

Lawmakers tussled repeatedly with an OPM official about an outside contractor, CyTech, that was brought in to examine the OPM networks shortly before the agency disclosed two breaches that exposed personal information for more than 20 million people involved in federal background checks.

{mosads}At the center of the argument is CyTech’s digital forensics tool, called CyFir, that was used during the inspection. Before the OPM gave the tool back to the company in August, the agency wiped the information that CyFir had gathered.

Since then, House Oversight Committee Chairman Jason Chaffetz (R-Utah) has been seeking that data.

“We’ve been asking for months,” Chaffetz said on Thursday. “When will we get 100 percent of those requests?”

“What we’ve tried to do is provide a response to every question that’s been asked,” said Jason Levine, director of OPM Office of Congressional, Legislative, and Intergovernmental Affairs.

“While we’ve provided answers,” Levine added, “we do expect another set of documents coming, I would say this month, if not in the next couple weeks.”

CyTech claimed it discovered the OPM intrusions during an April scan of the agency’s systems. But OPM officials later insisted their own team had already uncovered the breaches before CyTech was brought in.

In September, Chaffetz and Rep. Michael Turner (R-Ohio) sent the OPM a letter pressing the agency to hand over all documents and communications related to CyTech’s investigation.

At Thursday’s hearing, Turner thumped a massive binder down in front of his microphone, explaining that each page had “15 to 16 titles” of documents from CyTech’s work that were erased before the OPM handed back the company’s CyFir tool.

“So it’s an enormous amount of information that would have been on that,” he said, leafing through the binder. “And obviously since we’re all very concerned about that cyberattack, certainly any information that’s contained on the CyTech device [would be valuable].”

CyTech has since provided some of these documents to the committee, Turner and Chaffetz said, but the OPM has failed to produce all of its backups.

“You better start explaining to us why CyTech is providing us documents that you aren’t providing to us, that you wrote, that you engaged in,” Chaffetz told Levine.

“And there’s no excuse in withholding that information from Congress. You have it,” he continued. “It’s in your systems. We know it because we’re looking at hard copies. And we’re checking to see if you give it to us as well. And you’re not. And that’s why you’re going to be back before this committee.”

Levine said it is “standard practice” to wipe information from a contractor’s device before returning it.

The CyTech fact-finding mission is part of Chaffetz’s broader effort to keep pressure on the OPM as the agency investigates the hacks and works to strengthen its networks.

The Utah lawmaker is also demanding to see the network security guides the agency said were exposed during the intrusion, and he has requested a more detailed timeline of the breach from the Department of Homeland Security.

Levine said his agency had provided documents related to the network security guide request.

During a less contentious exchange with Rep. Matt Cartwright (D-Pa.), Levine also explained the OPM has faced a number of challenges in expeditiously responding to all congressional document requests.

“It’s fair to say OPM is a small agency that in the past had not been challenged with this level of a document production and simply did not have the infrastructure in place … to quickly, efficiently [and] accurately produce documents in this way,” he said.

Levin insisted the OPM has concentrated on prioritizing the most important documents for members of Congress.

Chaffetz was unrelenting.

“OPM, we’re going to bring them up here and get the truth to this,” he said. “It’s one of the biggest data breaches in the history of this country, and we want 100 percent response.”