Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Officials Say Security Lapses Left System Open to Hackers

By Ken Dilanian, AP Intelligence Writer | June 17, 2015

Share

A chart of data breaches is shown on Capitol Hill in Washington, Tuesday, June 16, 2015, as witnesses testify before the House Oversight and Government Reform committee's hearing on the Office of Personnel Management (OPM) data breach. (AP Photo/Cliff Owen)Years of fundamental cybersecurity lapses left the government’s personnel agency wide open to a pair of hacks that have exposed the private information about nearly every federal employee, along with detailed personal histories of millions with security clearances, officials acknowledged to Congress.

Democrats and Republicans on the House Oversight and Government Reform Committee were united Tuesday in heaping scorn upon the leaders of the Office of Personnel Management, the agency whose data was breached last year in two massive cyberattacks only recently revealed.

“You failed utterly and totally,” said the committee’s chairman, Rep. Jason Chaffetz, a Utah Republican.

The criticism came from within, as well. Michael Esser, the agency’s assistant inspector general for audit, told the committee of a years-long inability by OPM to meet federal cybersecurity standards. For a long time, he said, the people running the agency’s information technology had no expertise. These shortcomings made the agency especially vulnerable to cyberattack, he said.

In November, an inspector general’s audit recommended that the agency shut down some of its networks because they were so vulnerable, Esser testified. The director, Katherine Archuleta, declined, saying it would interfere with the agency’s mission.

The hackers were already inside her networks, she later acknowledged.

“They recommended it was so bad that you shut it down and you didn’t,” Chaffetz said.

Archuleta, stumbling occasionally under withering questions from lawmakers, sought to defend her tenure and portray the agency’s problems as decades in the making. She appeared to cast blame on her recent predecessors, one of whom, John Berry, is the U.S. ambassador to Australia.

Offered chances to apologize and resign, she declined to do either.

Chaffetz said the two breaches “may be the most devastating cyberattack in our nation’s history,” and said OPM’s security policy was akin to leaving its doors and windows unlocked and expecting nothing to be stolen.

“I am as distressed as you are about how long these systems have gone neglected,” Archuleta said, adding at another point, “The whole of government is responsible and it will take all of us to solve the issue.”

Archuleta and the other witnesses offered few new details about the breaches in the public hearing, deferring most questions about methods and damage to a later, classified session.

After that session, Rep. Elijah Cummings of Maryland, the committee’s ranking Democrat, demanded that the committee hear testimony from two OPM contractors, KeyPoint and USIS, that fell victim to hacks last year. Earlier, Cummings and other lawmakers questioned whether the OPM network was compromised first through hacking of the contractors, and OPM officials declined to answer.

During the open hearing, Donna Seymour, the agency’s chief information officer, confirmed that personnel information on 4.2 million current and former federal employees had been stolen, not just accessed.

The number of security clearance holders whose data has been taken is not yet known, she said. But the records go back to 1985 and include contractors as well as federal employees. Some government officials estimate the number could be up to 14 million.

And because their security clearance applications contain personal information about friends and family, those people’s data is vulnerable as well.

Seymour also disclosed that any federal employees who submitted service history records to OPM, whether or not their personnel records are kept by the agency, likely had their information stolen. That raised the specter that intelligence agency employees who were not kept in the main personnel system for security reasons may have been exposed anyway.

Another fear is that covert intelligence officers working undercover as government employees may have been made vulnerable. If their names are not in the federal employee database, that could be revealing to foreign adversaries; there also could be holes in any bogus employee record built for spying cover purposes.

Andy Ozment, a top Department of Homeland Security cyber official, said the hackers gained access to OPM’s network using stolen credentials.

That was important because many lawmakers and outside experts had criticized OPM for failing to take the obvious step of encrypting sensitive data, including Social Security numbers. Ozment said attackers with network credentials could have accessed encrypted data, anyway.

Rep. Will Hurd, a Texas Republican and former covert CIA officer, said he didn’t doubt the good intentions of the OPM witnesses, but “the execution has been horrific.”

After the closed hearing, Hurd said it was clear to him that OPM’s cyber security failures were a key factor in the success of the attack, and in failing to detect it for months.

China denies involvement in the cyberattack, and no evidence has been aired publicly proving Chinese involvement although the government says it has “moderate confidence” China was involved.

Lawmakers voiced fears Tuesday that China will seek to gain leverage over Americans with access to secrets by pressuring their overseas relatives and contacts, particularly if they happen to be living in China or another authoritarian country.

“China now has a list of Chinese citizens worldwide who are in close contact with American officials and they can use that for espionage purposes,” said Rep. Ron DeSantis, a Florida Republican.

In the cyberattack targeting federal personnel records, hackers are believed to have obtained the Social Security numbers, birth dates, job actions and other private information on every federal employee and millions of former employees and contractors.

In the other attack, which the Obama administration acknowledged on Friday after downplaying the possibility for days, the cyber spies got detailed background information on millions of military, intelligence and other personnel who have been investigated for security clearances.


Filed Under: Industry regulations

 

Related Articles Read More >

ids-industrial-camera-manufacturer.sustainability-3
IDS focuses on sustainability in shipping
Part 5: Motion control + MQTT, OPC-UA, and other protocols for cloud services
Facebook CEO Zuckerberg Calls for More Outside Regulation
Musk’s Boring Company Calls it Quits on LA Tunnel, Instead Focuses on Hyperloop

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

May 17, 2022
Another view on additive and the aerospace industry
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings