Archuleta on attempted breach and USIS
The Office of Personnel Management works to recruit and retain more than 2.7 million federal workers. They also cover 2.5 million retirees and annuitants. Director Katherine Archuleta was sworn in on November 4th, 2013. She's the 10th director of OPM and the first Latina to head the agency.
In her first sit-down TV interview as OPM director, Archuleta discussed security with Government Matters.
Morris: The New York Times just published a story about an attempted breach at OPM. Hackers -- traced to China -- targeted tens of thousands of federal employees who applied for top-secret security clearance. What can you tell us about the investigation?
Archuleta: I can tell you the most important piece. No personal identification information was compromised. That's the most important thing. That happened because of the good work and dedication of our employees. In December, I was very fortunate to bring Donna Seymour from the Department of Defense on board. She has great experience in the I.T world and brought her talents to OPM. It was because of her leadership and her dedicated employees that we were able to make sure none of this PII (personally identifiable information) was compromised.
Morris: Any idea how far they got into OPM's systems?
Archuleta: We're working very closely with DHS and US-CERT to make sure that these types of efforts -- which happen all the time, every day, throughout government -- are never going to reach the data that our employees have given to us.
Morris: Tell us more about the e-Qip system. What does it contain? And how is it secured?
Archuleta: The e-Qip system is just a data management system that is around security investigations, background investigations. As we try to modernize throughout OPM, we want to be sure -- in background investigations -- to continue to modernize in that area. It's not fully functional yet because it's still in the developmental stages. They were not able to get into any of that as well.
Morris: Why not make this attempted breach public before the New York Times report?
Archuleta: OPM contacted all of the authorities that we should have contacted when you have an instance like this. As I said, throughout government -- every day -- these types of efforts are made. We made sure that we followed the notification protocol. Again, we did not have a breach in security. There was no information that was lost. We were confident as we worked through this that we would be able to protect the data.
Morris: Earlier this year, your agency -- and others -- reviewed the federal security clearance process. The Sustainabilitiy and Security PAC came out with a series of recommendations in March. How do they impact OPM?
Archuleta: OPM, NDI (National Director of Intelligence), and OMB all sit on the President's PAC to make sure that we're looking at the efforts of security and suitability. As a result of that, there was a report delivered to the President about things we could do better. Jim Clapper and I, and OMB Deputy Director Beth Cobert, are very focused on security and suitability issues.
Morris: U.S. Investigation Services - or USIS - has been one of the nation's top background check contractors. They vetted NSA Leaker Edward Snowden and Navy Yard Shooter Aaron Alexis. In February, you took USIS to task during a hearing on Capitol Hill. Here's a quote: 'OPM does not tolerate and has never tolerated fraud in any form. … The case against USIS outlined in the complaint filed by DOJ raises grave concerns of an egregious violation of the public trust.' Katherine, that complaint is still pending, but USIS just won a new $190 million contract from DHS. Did that surprise you?
Archuleta: OPM has been assured by USIS that none of the individuals named in that complaint are actually under USIS employ right now. We took a further step, as I testified, that we have now removed from the responsibility of USIS that final review of all the investigations. Now, that is not done by contractors -- USIS in that case -- but by federal employees. So, we've taken the proper steps to ensure that the security and background investigations that are completed are being reviewed by federal employees.
Morris: Back to the attempted breach. An OPM Spokesperson could not confirm or deny that it was traced to China. They emphasized it's part of an ongoing investigation. We also asked if any employee names were compromised. OPM declined comment.