U. s. senator james lankford of oklahoma united states office of personnel management cyber security

WASHINGTON, DC – Senator James Lankford (R-OK) today urged the Office of Personnel Management (OPM) to reveal more information regarding its recent cybersecurity incident, which was the largest breach of federal employee data in recent years.

In a letter to OPM Director Katherine Archuleta , Lankford expressed great concern with the latest breach and requested that OPM provide details regarding its detection of and response to the breach. Office of personnel management phoenix az Lankford is the chairman of the Homeland Security and Governmental Affairs Subcommittee on Regulatory Affairs and Federal Management, which has jurisdiction of the federal workforce and agencies. Office of personnel management qualifications handbook x 118c Lankford expressed deep concern of OPM’s ability to self-assess the security of its internal


IT systems, especially in light of its inconsistent responses to prior breaches by OPM and its contractors.

The Homeland Security and Governmental Affairs Subcommittee on Regulatory Affairs and Federal Management is conducting oversight on the recent Office of Personnel Management data breach. Office of personnel management retirement operations direct deposit This breach raises significant concerns as to the security of OPM’s information technology (IT) systems and the integrity of its data management.

The integrity of OPM’s IT systems underpins the agency’s ability to provide administrative and personnel services to the federal workforce, which in turn is essential to the basic functioning of the federal government. Office of personnel management retirement operations death benefit OPM has repeatedly characterized the security of its IT systems as a high-priority issue, and has within the past year “undertaken an aggressive effort to update its cybersecurity posture,” with plans to “innovate IT infrastructure . . . S office of personnel management in a way that protects the sensitive information entrusted to us by the Federal workforce and the American people.”

It is therefore extremely concerning that on June 4, 2015, officials announced that OPM’s computer systems were hacked, compromising the personally identifiable information of millions of federal workers. Gill v office of personnel management Even more troubling, although the hack was the “the largest breach of federal employee data in recent years,” it was not the first: OPM’s systems were discovered to have been breached in March 2014, and two OPM contractors, U.S. Golinski v office of personnel management Investigations Services (USIS) and KeyPoint Government Solutions, were discovered to be hacked in 2014.

OPM’s inconsistent responses to the USIS and KeyPoint breaches only deepen our concern of OPM’s ability to self-assess the security of its internal IT systems, which were likely similarly vulnerable, and which have resulted in a breach significantly more devastating. United states office personnel management In response to the self-reported USIS breach, which exposed 25,000 federal employees’ personally identifiable information, OPM went so far as to suspend work with the company and eventually cut all ties with USIS. Office personnel management oklahoma In contrast, OPM merely gave KeyPoint a slap on the wrist for a breach which comprised 48,000 federal employees, and which was only detected by the Department of Homeland Security. The office of personnel management opm At the time, OPM issued a statement promising that “KeyPoint has worked closely with OPM to implement additional security controls that will afford its network greater protection.” That OPM would so disparately reprimand its contractors for their IT security, while failing to prevent a breach fifty-five times larger than the USIS and KeyPoint breaches combined, raises serious questions about the integrity of OPM’s IT security.

As the Subcommittee charged with oversight of the federal workforce, I am extremely concerned about what is “among the largest known thefts of government data in history.” Understandably, much speculation and many questions remain. Office personnel management boyers pa In order to address these concerns, the Subcommittee is conducting oversight of this matter which may lead to a public hearing. Oklahoma office personnel management In order to understand the breadth of this data breach I ask that you please provide the following information:

• On what date did OPM fulfill its obligation under 44 U.S.C. Office personnel management opm § 3544(b)(7) to notify the Federal information security incident center of the breach?

• On what date did OPM notify affected individuals that their personally identifiable information had been compromised, and offer credit protection services?

• OPM’s press release states that the breach announced on June 4 “predated the adoption of the tougher security controls” adopted as part of OPM’s cybersecurity reforms, and “[a]s a result” of OPM’s updated cybersecurity capabilities, OPM was able to “detect[] a cyber-intrusion.” Has OPM investigated whether or not additional breaches, perhaps “predat[ing] the adoption of” these capabilities, and which could only be detected with the updated capabilities, occurred? If so, what were the results of those investigations?

• OPM officials have indicated that OPM will pay for credit monitoring services for all federal employees whose personally identifiable information has been compromised as a result of the breach. Office personnel management scam OPM has also indicated that it would provide up to $1 million in identity theft insurance for affected employees through CSID.

• Does OPM intend to revise its Strategic IT Plan in light of the security breaches within the agency over the past year, as well as those at its contractors? What additional remedial measures does OPM intend to take?

• What individual or entity created the cybersecurity plan for OPM prior to the June 4, 2015 breach? What assurances did the individual or entity give to OPM of the plan’s effectiveness?

Please provide your responses no later than June 22, 2015 at 5:00 p.m. Office of personnel management retirement services program boyers pa If you have any questions about this request, please contact John Cuaderes with Chairman Lankford’s staff at (202) 224-6704. Office of personnel management retirement services program 1099 Thank you for your attention to this matter.