Federal Employee Advocates Want Special IT Task Force to Handle OPM Hack

More than two dozen advocates for federal employees and retirees want President Obama to create a special information technology task force to help investigate the massive security breaches at the Office of Personnel Management and help prevent future attacks. 

“As you did with Healthcare.gov, we call upon you to immediately appoint a task force of leading agency, defense/intelligence and private-sector IT experts, with a short deadline, to assist in the ongoing investigation, apply more forceful measures to protect federal personnel IT systems, and assure adequate notice to the federal workforce and the American public,” the Federal-Postal Coalition said in a June 25 letter to Obama. “The task force should be responsible for rebuilding the government’s personnel databases to ensure their protection and functionality to the greatest extent possible.”

The coalition includes groups that represent rank-and-file employees, postal workers, managers and senior executives across government, as well as federal retirees.

There have been at least two major hacks into OPM’s databases, going back a year and a half. The agency detected the attacks in April 2015 during cybersecurity upgrades, and informed the public in June. In one attack, the personally identifiable information of 4.2 million current and former federal employees was exposed; OPM is providing free credit monitoring for 18 months for those affected. The second breach, which was separate but related, involved an intrusion into a database housing information on security clearance applicants. There have been reports that hackers may have stolen the personal data of as many as 18 million people from OPM records related to the security clearance breach -- a number that OPM Director Katherine Archuleta has not verified.

Hackers could have obtained a vast array of personal information, not just about federal employees, but about their friends and family members as a result of a breach related to security clearance information provided on the SF-86 questionnaire. That’s because applicants have to give federal investigators contact information for reference checks. However, the total number of people affected by the cybersecurity attacks and the entire universe of information exposed to hackers remains unknown until OPM and other federal agencies completes a forensic analysis.

The Federal-Postal Coalition said that the federal government so far has not shared enough information with the workforce about the extent of the breaches and their impact, and called the financial credit reporting measures that OPM has offered “woefully inadequate.” Several lawmakers have called for Archuleta’s ouster, although Obama and Tony Scott, the federal chief information officer, still support her.

“Government employees reasonably expect their employer to faithfully protect the sensitive information they are required to disclose as a condition of their employment,” the letter said. “But the long history of systemic failure by OPM and other agencies to properly manage their information technology infrastructure has undermined that expectation.”

OPM’s inspector general has been sharply critical of the agency’s IT management over the years. IG Patrick McFarland just released a flash audit blasting OPM for its management of a long-term $93 million IT modernization overhaul. During a Thursday congressional hearing on the cyberattacks, McFarland said OPM hasn’t created a business plan for the modernization project, and doesn’t have a dedicated single source of funding, which impedes transparency and raises questions over whether OPM can come up with all the money it needs to pay for the upgrades. He called the funding situation for the project “all over the board” and “sporadic.”  

At the same hearing, Archuleta said that all of the agency’s decisions on the IT overhaul were being “tracked” and “justified,” and that OPM is “working very closely with OMB.” Still, McFarland said his warnings about cybersecurity and IT project management had been ignored over the years, and that he didn’t “feel that their systems are secure at this point.”

In the letter to Obama, employee advocates urged him to ask Congress now for supplemental funding to improve the federal government’s IT infrastructure and better protect the workforce from hackers. “Time is not on our side; we do not have years to wait for OPM to complete this task on its own,” the letter stated. 

(Image via Photosani / Shutterstock.com)