OPM Nominee Vows Better Data Security After Embarrassing Hacks

WASHINGTON – The acting director of the Office of Personnel Management offered assurances to fretful lawmakers that efforts are underway to improve cybersecurity at her agency, but concerns about the steps being taken – and an unrelated matter regarding Obamacare – could delay Obama administration efforts to give her the job full time.

Beth Cobert told members of the Senate Homeland Security and Governmental Affairs Committee that cybersecurity will be her “highest priority” should she gain confirmation to the post and that she would remain alert to the sort of breaches that have plagued the office in the past.

“Focusing on cybersecurity, protecting OPM’s systems and data, and providing services to the individuals who were affected has been my highest priority since joining OPM,” she told the panel during her confirmation hearing. “It will remain my highest priority if confirmed.”

OPM, which manages the civil service within the federal government, faced a cybersecurity crisis when it was learned in April 2015 that a hack attack resulted in the theft of about 4 million personnel records. In July 2015, the office updated its findings and declared that the number of stolen records had reached 21.5 million and included Social Security numbers and other records of government personnel and those who had undergone background checks.

The breach led to the resignation of former director Katherine Archuleta last July. Cobert has been running the agency in an acting capacity since. She told the committee that she intends to strengthen cyber defenses and IT concerns in face of evolving threats “by focusing on technology, people and processes.” Significant progress, she said, already has been made.

“For example, we now require two-factor authentication for network access, we continue to strengthen the perimeter protections with firewalls and we have installed tools to better inspect incoming and outgoing traffic and create more visibility on the network,” she said. “I have also hired a senior advisor for cybersecurity, to bring private sector experience on how best to strengthen OPM’s IT systems, modernize our IT infrastructure, and enhance the security of valuable federal IT systems and information.”

Cobert also said her agency is implementing a new incident response plan and it will periodically request independent penetration testing from interagency partners.

“More generally, we are continuing to collaborate with our interagency partners and the Office of Inspector General on ways to bolster our cyber defenses,” she said. “Going forward, we will continue these efforts as we begin to migrate our systems into a more modern and secure environment.”

Cobert stressed that all agencies within the federal government, including her own, need to take cybersecurity more seriously to avoid future hacking attempts.

“As the world of cybersecurity is changing, as we recognize the nature of these threats, we all need to change the way we interact, the way we use systems at work and at home,” she said.

“What I think is important for every agency to do is recognize what needs to change in the way they operate, what needs to change in the way their employees operate, to make sure systems are secure,” she added. “At OPM, for example, I cannot access my personal Gmail account from my OPM computer. That’s the way a lot of threats come in.”

Cobert was generally well received from both sides of the aisle. Sen Ron Johnson (R-Wis.), the panel chairman, characterized the national security consequences of the cyber breaches as “unprecedented — risking Americans’ lives and our access to essential intelligence for generations to come.”

“As we are well aware, this cyber hack is not something credit monitoring and 10 years of identity theft protection can cure,” Johnson said.

But he further asserted that Cobert “takes these concerns seriously, and I appreciate how cooperative she and her staff have been with the committee’s oversight efforts.”

“By working together we can and will make things better,” Johnson said, thanking Cobert “for her willingness to take on this important role. I hope that, when confirmed, she will continue to be responsive to the committee’s requests and engage collaboratively in this partnership.”

Sen. Tom Carper (D-Del.), the ranking member, called Cobert “an excellent nominee.”

“I’ve been very impressed with Ms. Cobert’s work and her leadership in both of the positions she’s held in the federal government,” Carper said. “We’re fortunate that she’s willing to continue to serve and that her family is willing to continue sharing her with the people of this country.”

Despite the words of support, Cobert may still face a bumpy road toward confirmation. Sen. David Vitter (R-La.) threatened to block a vote until Cobert responds to questions he has posed about a 2013 OPM ruling regarding how the Affordable Care Act, better known as Obamacare, applies to members of Congress.

Vitter has been seeking information from the Obama administration regarding the process implemented to allow Congress, the president, the vice president, political appointees and congressional employees to exempt themselves from Obamacare dictates. Vitter has specifically requested, and not yet received, correspondence between OPM and the Obama administration over the rule OPM finalized that permits members of Congress to receive their employer contribution and further allowed some congressional staffers to avoid Obamacare altogether.

In a letter to Cobert dated Feb. 2, Vitter claimed the OPM ruling allowed Congress to subvert Obamacare rules by ruling that the Senate and House of Representatives had only 45 employees.

Vitter charged the rule “undermines the intent of Congress” that members and staff “share the same burden they have imposed on American citizens.”

“Should you or anyone else within the Executive Office of the President wish to see the nomination move forward, I will be happy to oblige and help facilitate upon a complete and full response to the requested information now pending for over two years.”

In addition, Cobert has riled some members of the House over the release of documents.

Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight and Government Reform Committee, issued a subpoena for documents he claims are essential to the panel’s probe into the OPM breaches. Chaffetz claimed Cobert’s office has been uncooperative, prompting Sen. James Lankford (R-Okla.), a member of the Senate HSGAC, to inquire about Cobert’s potentially “toxic” relationship with Chaffetz and his committee.

Cobert maintained her office has been “working very actively to be responsive to their requests for information. We’ve had multiple hearings; we’ve had multiple briefings.”

The Senate Homeland Security and Governmental Affairs Committee meets on Wednesday, at which time a confirmation vote is expected to be taken.