Officials Say Security Lapses Left System Open to Hackers

Years of fundamental cybersecurity lapses left the government's personnel agency wide open to a pair of hacks that have exposed the private information of nearly every federal employee, along with detailed personal histories of millions with security clearances, officials acknowledged to Congress.

Democrats and Republicans on the House Oversight and Government Reform Committee were united Tuesday in heaping scorn upon the leaders of the Office of Personnel Management, the agency whose data was breached last year in two massive cyberattacks only recently revealed.

"You failed utterly and totally," said the committee's chairman, Rep. Jason Chaffetz, a Utah Republican.

The criticism came from within, as well. Michael Esser, the agency's assistant inspector general for audit, told the committee of a years-long inability by OPM to meet federal cybersecurity standards. For a long time, he said, the people running the agency's information technology had no expertise. These shortcomings made the agency especially vulnerable to cyberattack, he said.

In November, an inspector general's audit recommended that the agency shut down some of its networks because they were so vulnerable, Esser testified. The director, Katherine Archuleta, declined, saying it would interfere with the agency's mission.

The hackers were already inside her networks, she later acknowledged.

"They recommended it was so bad that you shut it down and you didn't," Chaffetz said.

Archuleta, stumbling occasionally under withering questions from lawmakers, sought to defend her tenure and portray the agency's problems as decades in the making. She appeared to cast blame on her recent predecessors, one of whom, John Berry, is the U.S. ambassador to Australia.

Offered chances to apologize and resign, she declined to do either.

Chaffetz said the two breaches "may be the most devastating cyberattack in our nation's history," and said OPM's security policy was akin to leaving its doors and windows unlocked and expecting nothing to be stolen.

"I am as distressed...

Comments are closed.