The Big Stall: New OPM Leadership Not Eager to Get to Bottom of Data Breach Scandal

If you’re federal agency that’s been breached and the highly personal information on more than 21 million federal employees, military personnel and contractor employees has been stolen, what do you do? You stall investigations and giving misleading and inaccurate information of course.

The Office of Personnel Management (OPM) seems to be torpedoing efforts to investigate how the data breach occurred and what can be done to ensure future breaches don’t occur according to OPM’s own inspector general (IG).

In a memo, the IG claims that in the past his office experienced good relationship with open communications, but that has changed recently. Although OPM’s former head Kathleen I-Won’t-Go Archuleta is out, the IG says Donna Seymour, OPM’s Chief Information Officer (CIO), has “hindered and interfered with” his office’s oversight leading to incorrect and/or misleading information and an environment of “mistrust.”

The IG says CIO Seymour delayed a planned audit of the breached contractor – which has been described as providing the key to unlocking OPM’s personnel files. Seymour kept the IG out of investigator meetings with the FBI and kept the IG in the dark about major IT projects for over a year until planning and implementation started.

This underscored what we identified earlier, Archuleta wasn’t –and still isn’t- the only problem with OPM. There are systemic issues that start at the top and trickle down.

The Washington Post reports:

In a letter sent Thursday to [Beth] Cobert, who took over as acting director after Archuleta resigned, [Rep. Jason Chaffetz (R-Utah)] said that “it has been two weeks since the IG informed you of these serious transgressions and Ms. Seymour is still in a position of trust at the agency. Ms. Seymour has already failed the American people with her inability to secure OPM’s networks, and to learn that her office may be actively interfering with the work of the Inspector General only adds insult to injury.”

While the memo, released by both McFarland and Chaffetz, said that Archuleta and Seymour provided inaccurate or misleading information to Congress, details were redacted from the memo as it was made public.

In a response letter to McFarland, Cobert wrote that she and the agency’s leadership are committed to a productive relationship with the IG. She acknowledged his “frustration about what you perceive to be ineffective communication between your office and the OCIO” and suggested meetings monthly or more often between the IG and OCIO offices in addition to those already occurring, among other steps.

However, substantial portions of her letter, released by the OPM, also were redacted. The portions made public did not address McFarland’s specific complaints in detail beyond a promise to provide the IG with updated information on the IT upgrade.

…

The IG’s office earlier clashed with Archuleta and Seymour by issuing, on the day of one of the hearings, a memo stating that the IT upgrade that those officials credited with detecting the breach was itself at high risk of failure and cost overruns.

The IG’s office had pointed out weaknesses in OPM’s cybersecurity over a number of years, including recommendations that it shut down several of the systems that ended up being hacked. OPM officials didn’t follow those recommendations, stating since then that the issues were not serious enough to warrant shutting down so many systems so vital to the government’s personnel operations.

Like many of the other examples of mismanagement and ineptitude in federal government, the behaviors that are overlooked and even defended become such a joke.

If you want more humor in this story, maybe this will help. Chief the U.S. Information Officer Tony Scott stands by his comments back in June during a congressional hearing that he supported both Archuleta and Seymour and OPM’s responses to the breaches. He said they “serve as a template and a model for work that other agencies need to do as well” on cyber security.

That the leading national IT officer thinks making misleading statements, hiding information,  shutting out oversight, and ignoring recommendations to protect systems is exemplary behavior should be an indictment on him as well and the many federal bureaucrats who rubber stamp these rogue agents and agencies.

The moral of the story is that in Washington the same old, same old goes. Forget that millions of Americans are at risk at the expense of all taxpayers. Washington works for Washington and Washington only.