I guess the big news of the afternoon is that Katherine Archuleta, the director of the federal Office of Personnel Management, has resigned:
WASHINGTON — Katherine Archuleta, the director of the Office of Personnel Management, will resign effective Friday, according to a White House official, one day after it was revealed that sweeping cyberintrusions at the agency resulted in the theft of the personal information of more than 22 million people.
Ms. Archuleta went to the White House on Friday morning to personally inform Mr. Obama of her decision, saying that she felt new leadership was needed at the federal personnel agency to enable it to “move beyond the current challenges,†the official said. The president accepted her resignation.
Beth Cobert, the deputy director of management at the Office of Management and Budget, will step in to temporarily replace Ms. Archuleta while a permanent replacement is found.
Ms. Archuleta, who assumed her post in November 2013, had been under pressure to resign since last month, when she announced the first of two separate but related computer intrusions that compromised the personal information of 4.2 million current and former federal workers, including Social Security numbers, addresses, health and financial histories and other private details.
Obviously enough, Ms. Archuleta is becoming a political liability so she has to go. I don’t envy the new director or acting director the job. So far it appears to me that there has been a predisposition to understate the severity and implications of the security breach.
For example, in all the hooplah over the data that have been extracted from the OPM’s database, precious little attention has been devoted to what was put in. The entire network may be compromised; the veracity of all of the OPM’s data almost certainly is in question. How do you know that the results of those security checks are what they were when they were put into the system?
I maintain as I’ve maintained all along that more scrutiny needs to be devoted not merely to the OPM’s security procedures but its decision-making process. How did they go about deciding to allow off-site administration? What decision-making process lead to giving outside contractors superuser access? Why did it make sense to digitize all those thousands of pages of documents? There are some things that simply should not be computerized.
How did they go about deciding to allow off-site administration? What decision-making process lead to giving outside contractors superuser access? Why did it make sense to digitize all those thousands of pages of documents? There are some things that simply should not be computerized.
That’s what WH carpets are used for — to sweep such scrutiny under them. There are so many questions and so few answers.
Off-hand I’d guess that these decisions were made before the Obama Administration came along. It takes the federal government longer than five years to make decisions like those.
Not that I’m trying to excuse the Obama Administration from its lapses. I’m just suggesting that it probably doesn’t bear sole responsibility.
However, it’s also pretty clear that director of OPM was viewed as a sinecure. That itself is troubling.
Policies and bureaucracies flow on through each administration, no matter which party occupies the WH. So, exclusively blaming one party for errors finally exposed, is more a machination of politics than an honest timeline of a problem currently in play.
Nonetheless, the job of each incoming administration should be to discover as many flaws as possible, renovate and innovate how government functions, address problems you “inherit” in ways that are best for the country, rather than for your own political posturing, legacy etc. Consequently, while Obama certainly doesn’t entirely “own” this latest lapse of security in OPM, it’s just one of many cyber, security, infrastructure weaknesses that have been second tier to the ones eyed in his attempts to single-handedly “transform” America domestically, as he sees fit.
In the meantime, there continue to be overlapping, wasteful bureaucracies, a vulnerable electric grid needing as much updating as ones dealing with government encryption security. Our foreign policy is viewed with dismay by most allies, and is in turmoil. No creativity is being generated towards reengineering an economy geared to lifting up the middle class, with the exception of layering on more rules, regs and taxes. It’s basically the same-old, same-old leftist rule book in play, while the right wing wrestles, blocks, tackles or impotently responds to spurious, specious race, gender, class issues, oftentimes inflamed even further by the selective involvement of government.
The whole system was computerized several years ago. The SF-86 was made into an online, web-based system called e-QIP.
One of my jobs in my organization is to initiate the security clearance investigation process for new hires and people who need periodic reviews. As you can see from the link it’s currently down for “maintenance.”
Over the years I’ve gone through the process five times – my initial and then four periodic reviews – the last two were through e-QIP and not paper forms. I’m not sure about relying on paper forms, but there is no excuse for the system security not being top notch. SF-86/e-QIP data is the mother-lode of PII – the people who stole this know just about everything about me – the details, dates and descriptions for everyplace I’ve lived, worked or visited since I was 17 along with just about everyone I’ve known or associated with (including their full names, addresses, phone numbers and email addresses), all my relatives, foreign contacts, etc. There are probably 100 such people in my file alone. Multiply that by the millions who’ve gone through the clearance process and you’ll have a better idea of the true number of people affected.
I knew that the system had been computerized for some time simply because I know about the procurement process and how long the job would have taken. I also have a pretty fair notion of the cost of such digitization. For example, $.15 a page is a rock-bottom cost for scanning and indexing—the actual cost was almost certainly higher. My back-of-the-envelope calculation is that the whole shebang cost on the order of hundreds of millions and might even have reached into the billions.
Again, you have whiz kids with no idea of how the underlying structure works, and you have old farts who want to make the government more like the private sector. The result is Bradley Manning, Eric Snowden, and the OPM hack for starters, and it will get worse before it gets better.
The government should not be efficient. It should be slow, bloated, and wasteful. This allows for fraud and abuse, but so be it. When you have two systems that do not talk to each other, they have to be hacked individually, and when the government is behind the times, the networks are only connected to the internet at specific points if at all.
If the networks are old enough, they may be using Novell’s IPX/SPX or Microsoft’s NetBEUI network protocols. The networks will not have WiFi, and working at home or any remote site will be done in the movies.
Business and government security advocates have assured everybody that there is no privacy anymore, and we get a government computer system that does not bother with protecting privacy. Is this a surprise?