Wednesday, 24 June 2015

New report blasts personnel office cyber security management

Sooner or later the Office of Personnel Management (OPM) is bound to have some good news.

Just not this week.

This week is reserved for the congressional grilling of OPM Director Katherine Archuleta. Members of the House and Senate want answers to questions about the digital data breach that resulted in the theft of personal information belonging to more than 4 million current and former federal employees. Archuleta endured antagonistic questioning at the House Oversight and Government Reform Committee last week and she is scheduled for three more hearings this week.

[OPM chief berated at hearing; chairman calls for her head]

On Tuesday she faced the Senate Appropriations financial services and general government subcommittee. Though the senators treated her relatively gently, their hearing set the stage for what could be a more aggressive session when Archuleta returns to the House panel Wednesday. Then it’s back before the Senate on Thursday for the Homeland Security and Governmental Affairs Committee hearing.

Archuleta has defended her agency’s program to protect its computerized records and her initiatives to improve systems since she entered office. “Over the last 18 months, OPM has undertaken an aggressive effort to upgrade its cybersecurity posture,” she said.

But not long before she took her seat at the witness table in 124 Dirksen Senate Office Building Tuesday, OPM’s inspector general released a “flash audit alert” that sharply criticized her agency’s management of a project to overhaul its technical infrastructure.

For House members who like their red meat raw, this latest report will be a full plate.

“In our opinion, the project management approach for this major infrastructure overhaul is entirely inadequate, and introduces a very high risk of project failure,” Inspector General Patrick E. McFarland wrote in the flash audit.

Ironically, that project includes the “new, more stringent security tools,” Archuleta said OPM has implemented and without which “we would have never known that malicious activity had previously existed on the network.”

View the original content and more from this author here: http://ift.tt/1HdKiIe



from cyber security caucus http://ift.tt/1e3gQZX
via IFTTT

No comments:

Post a Comment