By that time, the FBI already knew-and told OPM-that security-clearance forms had been tapped, officials said.
Archuleta said the cyberattacks were discovered because of OPM’s stepped-up efforts in the past 18 months to improve security, but she acknowledged the office still has work to do.
“They entered the network – we’re not quite sure how because of lack of logging”, she said at the hearing.
Perhaps I’m missing something here, but I was under the impression that the NSA, FBI, CIA, Department ofHomeland Security and all the rest were supposed to be protecting us from attacks from bad guys – not just launching their own attacks. “We are a data base”.
Connally said the U.S. is “facing a systematic, organized, financed, pernicious campaign by the Chinese government…to penetrate our cyber world”.
Chaffetz asked Wednesday whether the figure could actually be as high as 32 million people.
“This is a huge loss with massive potential to wreak havoc against possibly millions of people for years to come”, Lopez said.
A week later, the personnel agency revealed a second breach of a security clearance database that contained the background check files of millions of military and intelligence community. That information included details about drug use, criminal convictions, mental health issues and the names and addresses of relatives and any foreigners with whom they had contact.
But, the number of those affected is expected to continue to increase.
Archuleta promised to provide further information pending deeper investigation, but in the meantime, she said she would be hiring a cybersecurity advisor with an August 1 start date.
Committee Chairman Jason Chaffetz, R-Utah, didn’t accept a delay in producing a number, though, and pointed to a budget request for the year 2016 that Archuleta penned this past February.
In addition, she inherited an agency whose cyber-security has been neglected for decades, Archuleta suggested during the hearing.
OPM said it also developed a multi-phase strategy to secure legacy information technology applications as the agency’s infrastructure undergoes an upgrade.
The brief dispute Tuesday illustrated the internal wrangling over the Obama administration’s response to the OPM hack. David Cox, president of the American Federation of Government Employees (AFGE) wrote in a letter to OPM Director Katherine Archuleta that the union believed that the social security numbers were not stored in an encrypted state, which would give the threat actor direct access to the data.
“After an extensive analysis of this incursion, we found no evidence of the exfiltration of sensitive personal data”, Hess said.
“I am as upset as [those affected] are about what happened and what these perpetrators have done with our data”, said Archuleta, who also confirmed that attackers gained access to the network with credentials stolen from security contractor KeyPoint in 2014.
But Archuleta said the quote was being misinterpreted, arguing that she was referring only to personally identifiable information and not other files held by OPM. “To be clear, the employee was working on OPM’s systems, not KeyPoint’s”. It was the second of three Capitol Hill hearings this week on the OPM breaches. The new specialist will work with the agency’s chief information officer to manage ongoing response to the current incidents, help complete a plan to mitigate future incidents and assess whether long-term changes to the IT architecture are needed, the report noted.
View the original content and more from this author here: http://ift.tt/1LSnwp2
from hacker samurai http://ift.tt/1LSmMjN
via IFTTT
No comments:
Post a Comment