The damage from this spring’s breach of 4 million employee and retiree records at the Office of Personnel Management is still being sorted out, but one immediate side effect is becoming clear: the incident further hurt the pride of the federal workforce.
“The latest cyberattack is yet another blow to the morale of federal employees,” Colleen Kelley, president of the National Treasury Employees Union,” told Government Executive. “It comes on top of everything else they have had to endure over the past five years—budget cuts, a three-year pay freeze followed by inadequate raises, and attacks on federal pay and retirement, to name a few. NTEU recognizes that cyberattacks are a growing problem in the private and public sectors,” she added, “but such a massive data breach is unacceptable. Information about the federal workforce and retirees deserves the highest level of protection and we are working with the administration to make sure agencies take additional precautions and put in place greater protections.”
Many federal employees, of course, are disappointed in OPM. The American Federation of Government Employees “has heard from scores of concerned members in the wake of this latest data breach,” said national president J. David Cox. “Our members are concerned that their personal information is at risk, that OPM waited two months after learning about the breach to go public, and that the federal government has not done enough to protect their most personal information from hackers.”
But the notion that the government is particularly bad at protecting against cyberattacks is belied by the fact that they “happen routinely in the private sector,” said Stan Soloway, president and CEO of the Professional Services Council, which represents 400 contracting companies. “The federal workforce is really worried, but everyone needs to be worried,” he said. “Some in the private sector are better, others are not.”
Private companies that have suffered cyberattacks in the past year include Target, SONY Entertainment and Home Depot.
Paul Wilson, vice president of federal solutions at the Ken Blanchard Companies, which provides leadership training in agencies, said, “A breach is difficult no matter how much money you have. It’s about security and feeling respected, honored and being watched out for by your employer.”
But when such attacks hit the government, “It’s a huge national security issue, and people think it’s a failure in agencies, which affects morale more than the breach” because agency missions are affected, he said.
Employee frustration, Wilson added, “is less about the breach itself than about the agency leadership’s response and communications.” Such attacks “are not a matter of if, but when, so it’s vital to have the resolution in place as part of a plan,” he said. That way employees can see “how quickly and transparently and thoughtfully it is communicated.”
OPM, as many complained, waited for months before announcing the breach, and gave “very little information” about its efforts at notification to victims and credit monitoring, Wilson said. “It would have been more effective to have had all that information in the first place” as part of maintaining an educated workforce that trusts the leadership, he said. "However, there is still plenty of time [for OPM] to respond and mitigate accordingly."
As OPM and the Homeland Security Department continue their investigation of the hack, the public should also remember that it is easy to conclude “somebody at OPM messed up,” Wilson said. “But they could have had the perfect [cyberdefense] plan and Congress didn’t provide the funding.”
(Image via KieferPix / Shutterstock.com)