Republicans press White House to fire more officials over hack

Republicans press White House to fire more officials over hack

House Republicans on Friday called on the Obama administration to fire more officials responsible for the government’s cybersecurity shortcomings.

In a joint hearing of two House subcommittees, lawmakers chastised federal agencies for not acting more like a private business. The hearing featured testimony from several security industry representatives.

ADVERTISEMENT

“In the private sector, those who neglect their duty to keep the information of their customers secure are usually fired,” said House Science, Space and Technology Committee Chairman Lamar Smith (R-Texas), in his opening statement. “In the federal government, it seems the only people penalized are the millions of innocent Americans who have their personal information exposed.”

The catastrophic data breach at the Office of Personnel Management (OPM) over the summer, which exposed over 20 million federal workers’ sensitive data, spurred a Capitol Hill discussion of who should be held responsible for cybersecurity failures.

Then-OPM Director Katherine Archuleta eventually took the fall, resigning after being subjected to a gauntlet of contentious congressional hearings. But some on Capitol Hill believe other officials should also be dismissed.

“Although the OPM director resigned in the wake of the OPM breaches, I am still not satisfied that the responsible parties have been held accountable for the failure of the agency to address known security vulnerabilities,” said Rep. Barbara Comstock (R-Va.), chair of the House Research and Technology Subcommittee, one of the two subpanels holding Friday’s hearing.

House Oversight Committee Chairman Jason ChaffetzJason ChaffetzThe myth of the conservative bestseller Elijah Cummings, Democratic chairman and powerful Trump critic, dies at 68 House Oversight panel demands DeVos turn over personal email records MORE (R-Utah) has led the charge to get more OPM officials ousted. In particular, he has written numerous letters to the OPM and the White House requesting OPM Chief Information Office Donna Seymour's dismissal.

Beyond the OPM, lawmakers on Friday chided the administration for failing to bolster cyber defenses across the government.

“This administration owes it to the American people to significantly improve this deplorable standing in order to sufficiently protect government information and thereby our national security,” said Rep. Barry Loudermilk (R-Ga.), who chairs the Science, Space and Technology Committee’s oversight subpanel, the other subcommittee holding the hearing. 

Smith noted that federal watchdog reports consistently show cybersecurity failures, but said it hasn’t led to dramatic action.

“Last year, audits revealed that 19 of 24 major federal agencies failed to meet the basic cybersecurity standards mandated by law,” Smith said. “Yet the administration has allowed deficient systems to stay online. What are the consequences when a federal agency fails to meet its basic duties to protect sensitive information?”

Loudermilk called on the administration to delineate a plan of action.

“This administration also needs to explain how it is protecting the American people’s personal information," he said.

In the wake of the OPM hacks, the White House did order a 30-day “cyber sprint.” The administration said the sprint succeeded in plugging pressing holes in the government’s network security, such as the lack of multi-factor authentication, a more secure login method.

In November, the White House also issued a sweeping plan that set up long-term benchmarks to better secure government networks. As part of the plan, the government will redesign its protocol for responding to cyberattacks, assess the shortcomings of its cyber workforce and speed up the rollout of its intrusion detection system.

“Cyber threats cannot be eliminated entirely, but they can be managed much more effectively,” said Federal Chief Information Officer Tony Scott when the plan was released.