U.S. lawmakers sharply attacked government hiring and technology officials Tuesday for not preventing a cybersecurity attack that compromised personal information for millions of U.S. federal workers.
"You failed, utterly and totally," Congressman Jason Chaffetz told Katherine Archuleta, chief of the government's employment agency, the Office of Personnel Management.
"OPM's data security posture was akin to leaving all the doors and windows open in your house and expecting that nobody would walk in and nobody would take any information,” said Chaffetz, chairman of the House Oversight Committee. “How wrong they were."
No encryption
Chaffetz demanded to know why the personal information of government workers and retirees was not encrypted after the employment agency's watchdog warned last year that it was vulnerable to cyberattack. At least 4.2 million current and former federal workers, and likely millions more, are affected.
"It is not feasible in systems that are too old," Archuleta said in explaining why protections are not adequate. "I want to emphasize that cyber security issues that the Government is facing is a problem that has been decades in the making, due to a lack of investment in federal IT systems and a lack of efforts in both the public and private sectors to secure our internet infrastructure."
In the last two weeks, the U.S. identified two cyberattacks on government employee records, saying they occurred over the last several months, and perhaps began much earlier. Some officials have blamed Chinese state interests for the attack, but the attacks are said to be still under investigation.
Constant attack
Archuleta said U.S. technology systems are under constant attack from foreign governments, criminals and business interests.
"In an average month, OPM, for example thwarts 10 million confirmed intrusion attempts targeting our network,” she said. “These adversaries are sophisticated, well-funded and focused. These attacks will not stop – if anything, they will increase."
Archuleta declined to answer some questions about the scope of the attack in the public hearing. She told the members of Congress she would discuss such issues only in a closed-door, classified setting.