August 12, 2015

Wyden Asks What Steps Intelligence Leaders Took to Protect Federal OPM Records, Other Sensitive Files

WASHINGTON – In the wake of multiple high-profile hacks of federal officials’ emails, personnel records and other personal information, Sen. Ron Wyden, D-Ore., today asked the top federal counterintelligence official what steps the National Counterintelligence and Security Center took to protect Office of Personnel Management records from foreign hackers.

The National Counterintelligence and Security Center, which is tasked with protecting the U.S. Government against foreign intelligence threats, has not publicly discussed the intelligence community’s efforts to protect the more than 20 million federal personnel records and more than a million fingerprints that were breached by foreign hackers. 

"The fact that such sensitive information was not adequately protected raises real questions about how well the government can protect personnel information in the future, especially as the security clearance process moves toward conducting ongoing evaluations and incorporating publicly available electronic information,” Wyden wrote in the letter to William Evanina, who heads the NCSC.

"I would like to know what actions the NCSC took prior to these OPM security incidents and what the NCSC will be doing to prepare for future attacks that will similarly target personnel and background investigation information."

In early August the Senate postponed consideration of a bill that aimed to improve cybersecurity by making it harder to sue private companies for sharing their customers’ information without customer consent.  Wyden has repeatedly argued that the benefits of this bill would be limited, and that making network owners responsible for their networks’ security would have a greater positive impact. Cybersecurity experts and the Department of Homeland Security agree. This severely flawed legislation also would not have prevented the OPM data breach.

Wyden asked Evanina: 1. If the NCSC identified OPM’s security clearance database as a counterintelligence vulnerability before the hacks; 2. If the NCSC recommended options for protecting OPM’s information; 3. If the NCSC has examined reducing the retention requirements for federal background checks to reduce intelligence vulnerabilities.  

A copy of the letter can be found here.

###

Related Files