Week ahead: OPM chief on the hot seat

Office of Personnel Management Director Katherine Archuleta will face the congressional gauntlet, testifying before three committees, as she battles to keep her job in the wake of the data breach that shook the government and exposed information from up to 14 million people.

The details that continue to trickle out have done little to help OPM officials weather the storm following the initial revelation of the breach in early June.

At first, officials said they believed 4.2 million federal workers' information, including Social Security numbers, were at risk. But investigators have since uncovered a second breach involving all security clearance data for all military and intelligence community personnel.

ADVERTISEMENT

Late Thursday, officials acknowledged that hackers responsible for the second infiltration had been in the system for a full year before being discovered, leaving little doubt that the digital invaders had made off with millions of detailed security clearance background check files.

"If somebody was in last year and they had that much time ... then the odds are that they have a huge cache and have really taken all the crown jewels in that system," said Tony Cole, global government chief technical officer for security firm FireEye.

With the hearings, Archuleta will get another chance to defend her agency's response to the breach, as well as its overall plan to beef up security.

Both took hits during a Tuesday House hearing, where some lawmakers were turned off by what they thought was Archuleta's lack of contrition and an attempt to obfuscate details about the investigation.

"We need to be ... more forthcoming with our own employees," Rep. Stephen Lynch (D-Mass.) told Archuleta during the House Oversight and Government Reform Committee hearing. "All of them deserve a lot more protection than they're getting right now."

The OPM inspector general also sent a "flash audit" to lawmakers this week criticizing the agency's cybersecurity overhaul plan as poorly budgeted, weakly managed and reliant on a no-bid contract to a single vendor.

On Tuesday, Archuleta will address these concerns at a hearing of the Senate Appropriations Subcommittee on Financial Services and General Government.

Wednesday, the OPM head will be back in front of the House Oversight Committee for her second round of questioning in as many weeks.

Archuleta will round off her congressional triple-header with a Senate Homeland Security and Governmental Affairs Committee hearing on Thursday.

Sen. Ron JohnsonRonald (Ron) Harold JohnsonSunday shows — New impeachment phase dominates Rand Paul says Trump has 'every right' to withhold Ukraine aid over corruption Johnson dismisses testimony from White House officials contradicting Trump as 'just their impression' MORE (R-Wis.), who heads the panel, said Archuleta's testimony could go a long way in determining whether he presses for her resignation as House members have started to do.

"I want to be able to ask questions," he told reporters Thursday. "I haven't gotten a good briefing on it yet. So I'll reserve my judgment, but obviously we need people in place in these positions that, first of all, take the threat of cybersecurity seriously, and I don't think the [director] did."

The House Homeland Security's subpanel on cybersecurity will also hold a Wednesdayhearing on efforts to secure the ".gov" domain.


RECENT STORIES

Senate Intelligence Committee leaders will huddle soon to determine the path forward for a much-debated cybersecurity bill: http://bit.ly/1flGbiC

Sen. Marco RubioMarco Antonio RubioGOP senators plan to tune out impeachment week Republicans warn election results are 'wake-up call' for Trump Paul's demand to out whistleblower rankles GOP colleagues MORE (R-Fla.) wants the Obama administration to "immediately" release all information about the OPM hack: http://bit.ly/1d45X9o

Lawmakers want the SEC to beef up requirements on companies to disclose more information about their cybersecurity practices: http://bit.ly/1Ci5aIs

The government is distancing itself from legal culpability in the letter being sent to OPM hack victims: http://bit.ly/1GnBRFl

The OPM is telling some lawmakers their information was likely stolen: http://bit.ly/1H1v7U9