I guess the big news of the afternoon is that Katherine Archuleta, the director of the federal Office of Personnel Management, has resigned:
WASHINGTON — Katherine Archuleta, the director of the Office of Personnel Management, will resign effective Friday, according to a White House official, one day after it was revealed that sweeping cyberintrusions at the agency resulted in the theft of the personal information of more than 22 million people.
Ms. Archuleta went to the White House on Friday morning to personally inform Mr. Obama of her decision, saying that she felt new leadership was needed at the federal personnel agency to enable it to “move beyond the current challenges,” the official said. The president accepted her resignation.
Beth Cobert, the deputy director of management at the Office of Management and Budget, will step in to temporarily replace Ms. Archuleta while a permanent replacement is found.
Ms. Archuleta, who assumed her post in November 2013, had been under pressure to resign since last month, when she announced the first of two separate but related computer intrusions that compromised the personal information of 4.2 million current and former federal workers, including Social Security numbers, addresses, health and financial histories and other private details.
Obviously enough, Ms. Archuleta is becoming a political liability so she has to go. I don’t envy the new director or acting director the job. So far it appears to me that there has been a predisposition to understate the severity and implications of the security breach.
For example, in all the hooplah over the data that have been extracted from the OPM’s database, precious little attention has been devoted to what was put in. The entire network may be compromised; the veracity of all of the OPM’s data almost certainly is in question. How do you know that the results of those security checks are what they were when they were put into the system?
I maintain as I’ve maintained all along that more scrutiny needs to be devoted not merely to the OPM’s security procedures but its decision-making process. How did they go about deciding to allow off-site administration? What decision-making process lead to giving outside contractors superuser access? Why did it make sense to digitize all those thousands of pages of documents? There are some things that simply should not be computerized.