Office of Personnel Management director Katherine Archuleta recently said in a blog post that she wants to make sure federal employees know that “I continue to work each and every day to make sure that the data OPM is entrusted with protecting is secure now and for the future.”
Archuleta has been under a lot of criticism since OPM reported the first of the major data breaches that hit its networks, breaches that have exposed the personal data of millions of current and former federal employees. She faced some tough questions at a hearing before a House committee last week as well as at a Senate committee hearing today in which she said that nobody at OPM is responsible for the data breach but rather that the blame lies with the Chinese hackers (see video above). A number of lawmakers have been calling for her to be fired because of how she handled the agency’s response to the data breach.
Archuleta put up a blog post on OPM’s website today that is presumably in response to the criticism and ongoing questions federal employees no doubt have about the security of their personal data under OPM’s control. In it, she stresses that federal workers should know that “OPM has continued to operate with strong confidence in the security of the data it handles, including the processing of background investigations. The agency’s systems involving personnel records and background investigations have been fortified with strong security upgrades.”
The complete blog post follows below.
June 23, 2015, 12:12 PM
As we at OPM and our partners across government work quickly to investigate the nature and scope of the cyberattacks that invaded our network and systems, I want to make sure that our Federal employee family knows that I continue to work each and every day to make sure that the data OPM is entrusted with protecting is secure now and for the future.
I am as concerned as our Federal workforce by these cyberintrusions, and I want employees to know we are redoubling our efforts to make sure our systems are as secure as possible. We know that our adversaries are sophisticated, well-funded, and focused. We know this because in an average month, OPM thwarts millions of attempts to break into our network.
Before I detail the work my OPM team is doing to upgrade our aging systems, to investigate the cyberintrusions, and to plan for the future, I want to make sure all Federal employees know that OPM has continued to operate with strong confidence in the security of the data it handles, including the processing of background investigations. The agency’s systems involving personnel records and background investigations have been fortified with strong security upgrades.
So how did we get here? In November of 2013, when the President honored me with the assignment to lead the men and women of OPM, I quickly realized that the agency’s outdated, legacy system needed to be modernized. My team got to work on the comprehensive IT Strategic Plan during my first 100 days as OPM Director. That plan clearly identified security vulnerabilities in our aging systems. We immediately began an aggressive modernization and security overhaul.
It was because of that overhaul and the tools we put in place to strengthen our cybersecurity that OPM — working with our partners at the Department of Homeland Security and the Federal Bureau of Investigation — was able to detect the cyberbreaches of personnel and background investigations data. That work continues, and continues aggressively. We have upgraded our network monitoring and logging capability and added firewalls that allow OPM to better filter network traffic. The remote access for our network administrators has been restricted.
On June 4, we publicly announced that we believed that the personally identifiable information (PII) of about 4 million current and former Federal employees had been compromised. Almost immediately, we began notifying those affected and they are getting access to credit monitoring and other services they may need. As the investigation has proceeded, we recently confirmed that OPM systems containing information related to the background investigations of current, former, and prospective Federal employees may have been compromised. We are working intensively to assess the scope of that attack and we will notify affected individuals as soon as possible.
Each and every day, as we work through the challenges of investigating these attacks and aggressively work on the redesign of our computer network, I am thinking about the millions of men and women who work – and who have worked – to serve the American people.
Our OPM team knows that you have entrusted your sensitive personal information to us. It is a trust we will continue to honor and one that is foremost in our minds as we do the critical work necessary to prevent, detect, and thwart future cyberattacks.