At her confirmation hearing Thursday, Beth Cobert said she would strengthen the agency’s cybersecurity and information technology systems.

At her confirmation hearing Thursday, Beth Cobert said she would strengthen the agency’s cybersecurity and information technology systems. Manuel Balce Ceneta/Associated Press

OPM’s Cobert Confronts Subpoena En Route to Confirmation

Senators and House members play tag team seeking more documents on cyber breach.

While no lawmaker threatened to block her confirmation, acting Office of Personnel Management Director Beth Cobert onThursday faced a panel of senators concerned about a just-issued House committee subpoena and a years-old dispute about OPM’s policy on Obamacare for legislative staff.

Cobert, who was deputized to run OPM after the previous director, Katherine Archuleta, was forced to step down in the wake of a massive data breach, told senators that, if confirmed, she planned “to continue improvements I believe are under way” in such areas as the response to hacked personnel records, the slow hiring process and the backlog of retirement claims.

“I pledge to support OPM’s employees as they build on the progress they have already made by focusing on management discipline, ensuring our decisions are based on reliable data, and delivering excellent government service,” said Cobert, a 29-year veteran of McKinsey & Co. who previously served as deputy management director at the Office of Management and Budget before being tapped to lead OPM.

She testified two days after OPM Inspector General Patrick McFarland, a chief critic of OPM’s information technology security systems, announced his retirement. And she appeared just hours after House Oversight and Government Reform Committee Chairman Jason Chaffetz, R-Utah, and Ranking Member Elijah Cummings, D-Md., issued a subpoena and posted a letter calling OPM “uncooperative” in producing documents relating to how the data breach was uncovered—through OPM’s protections or through a private firm called CyTech Services.

Sen. Ron Johnson, R-Wis., chairman of the Senate Homeland Security and Governmental Affairs Committee, convened the hearing by stressing how “cooperative she and her staff have been with the committee’s oversight efforts.”

Even so, he said, “Congress should not have to tell agency heads that they are responsible for protecting Americans’ most sensitive data. That responsibility should be obvious. Unfortunately, that has not been the case,” Johnson said in citing the steady criticisms of OPM data security from watchdog McFarland. Johnson also nudged the Obama administration to quickly nominate McFarland’s replacement.

A ‘Toxic’ Agency

Johnson was joined by Sen. James Lankford, R-Okla., who said the view of OPM on the House side is “toxic.” Lankford complained that many of OPM’s document releases to Congress contain “thousands of unrelated documents, or 10 that are already on a website.” He recommended that OPM negotiate if the agency feels congressional requests are too broad.

Cobert said she had not yet read the letter but noted “we are working actively to respond.” She added that OPM had shown the documents in question to lawmakers in an “in camera” private setting and that discussion is ongoing. “We are committed to a good relationship and dialogue,” she said.

Ranking member Sen. Tom Carper, D-Del., reeled off a summary of the thousands of pages of documents, testimony and briefings OPM has already produced since the June data breach.

Johnson pressed Cobert to address the national security risks of the breach, citing the vulnerability of intelligence community employees to blackmail. He mentioned new restrictions on employee use of Facebook and personal email at work due to cyber risks.  

Cobert said follow-up to the data breach is a “critical priority” that needs to be done carefully, taking all input, especially from the National Counterterrorism Center. She said she met with IG McFarland on her first day and continued biweekly meetings. “We all need to change the way we work,” Cobert added. “I cannot access my personal Gmail account from my work computer. These simple actions make an enormous difference.”

She praised the Homeland Security Department’s cybersecurity programs, particularly U.S. CERT. “I’m impressed with the incredible interagency effort to help us respond,” giving us help on how to prioritize and take advantage of the tools in the software called Einstein. “We also are bringing cyber talent into the government, with the flexibility Congress created,” she said, to which Carper replied, “That is music to my ears.”

Ongoing Management Problems

OPM’s processing of retirement claims, Lankford said, is too slow. Cobert responded that progress has been made in recent months by raising to 25 percent the portion of actions (changing an address or a bank account number) that retirees can perform for themselves online. She said the goal is to process 90 percent of retirement claims within 60 days.

Sen. Claire McCaskill, D-Mo., questioned why major IT cybersecurity contracts weren’t being rebid and criticized the security clearance process, recounting the tale of a young constituent who landed a job in climate change at the State Department, but who may lose it due to a holdup in his background check.

Cobert reminded her that the State Department runs its own background checks. But OPM is being selective in addressing the backlog of “dumped” or incomplete background checks it received from a now-fired contractor, “using a balance between contractors and employees.”

Asked about the Obama administration’s recently announced decision to move oversight of background checks to a new organization run by the Defense Department, Cobert said, “it’s a shared process,” with the National Background Investigations Bureau being housed at OPM but directed by Pentagon security experts.

The issue of whether to continue trimming the number of employees who need security clearances is a decision for the Office of the Director of National Intelligence, she said.

Asked about reducing the federal workforce’s skill gaps, Cobert said, “Bringing in great talent has been a rich part of my career.” She said she recognizes that professional development impacts public service, and that “the incredible scale and complexity of issues is challenging but also rewarding, in creating opportunities.”

On the controversial issue of overuse of administrative leave, she said OPM is seeking to train managers to use it as a “is tool of last resort.” They should understand the different types of leave track them better, she added.

The USAJobs website, which Sen. Rob Portman, R-Ohio, criticized as offputting for its key word requirements and job descriptions geared more to insiders, is undergoing improvements, Cobert said, “but it’s not where we want it to be.” 

Chairman Johnson had no success getting Cobert—who’s been at OPM only six months—to opine on an earlier agency decision to use “mental gymnastics” to interpret the Affordable Care Act. He introduced for the record a letter from Sen. David Vitter, R-La., who has held up nominees in protest of OPM’s move to allow 1,600 congressional staffers to avoid using the District of Columbia Obamacare exchanges and receive employer health care through their employers, like agency staff do.

That brought a rebuttal from Carper, who defended the practice on equity grounds, but Cobert said the issue predated her tenure.