FOX News on how the OPM cyber security problem was “decades in the making” and unsurprising since the organization had almost zero cyber security expertise on-staff:
Michael Esser, an assistant inspector general with the Office of Personnel Management, testified before the House oversight committee that many of the people hired to run the agency’s IT department had no computer experience, and that the agency itself did not discipline its employees after it failed several security audits.
Esser was among several officials, including OPM head Katherine Archuleta, testifying on the cyber theft of private information for millions of current and former federal employees as well as U.S. security clearance holders.
Archuleta came under fire repeatedly at the hearing.
Committee Chairman Jason Chaffetz, R-Utah, sharply criticized the lapse in security, and called the latest cyberattack the “most devastating” in U.S. history. He added that the OPM’s security strategy was on par with leaving its doors and windows unlocked and trusting nothing would be stolen.
Archuleta said that her agency recognizes that “there’s a persistent and aggressive effort on the part of these actors to not only intrude in our system but systems throughout government and indeed in the private sector.”
Chaffetz responded, “Well, you have completely and utterly failed in that mission if that was your objective.”
Archuleta said such cybersecurity problems are “decades in the making,” though Chaffetz said, “We don’t have decades!”
How can an agency like OPM have an IT department with no computer or cyber security expertise?