SoylentNews is people
SoylentNews
Director of the U.S. Office of Personnel Management (OPM) Katherine Archuleta was called to testify before the House Oversight and Government Reform Committee on Wednesday. Estimates of the number of federal workers and retirees compromised by the OPM hack could rise substantially:
NPR, along with other news organizations, has reported the hack may have exposed the personal data of more than 18 million current and former government workers. But Archuleta told lawmakers that 18 million "refers to a preliminary, unverified, and approximate number of unique Social Security numbers," adding "it is a number that I am not comfortable with."
Archuleta stood by earlier estimates that 4.2 million current and former government employees' data was exposed. Committee chairman Jason Chaffetz, R-Utah, wondered if the number "could be as high as 32 million." That was a reference to OPM's budget request in which it stated it has records for 32 million current and former employees. Archuleta reiterated that she was not going to "give you a number that I am not sure of."
Chaffetz reiterated his call for Archuleta to step down, telling her, "I think you're part of the problem." He also called for OPM Chief Information Officer Donna Seymour's resignation, telling her, "I think you're in over your head." But Gerald Connolly, D-Va., came to Archuleta's defense, saying "it's easy to make a scapegoat out of somebody," but what the government is facing is "a much bigger threat than a management snafu." Connolly said the U.S. is "facing a systematic, organized, financed, pernicious campaign by the Chinese government... to penetrate our cyber world."
The Intercept has details about the parent company of a contractor involved in the OPM hack:
Officials at the Office of Personnel Management claim that their system was breached using credentials that were stolen from KeyPoint Government Solutions, a government contractor that provides background checks. The hack, which exposed personal information for potentially tens of millions of Americans, has drawn scrutiny to KeyPoint's security practices, with one senior lawmaker even calling for OPM to cease use of outside contractors.
But for KeyPoint's parent company, Veritas Capital, a private equity firm based in New York City, the hack is only the latest incident in a long history of controversial government contracting. [...] Of the many defense-related investments made by the company, the most famous has been the 2005 purchase of DynCorp International, a scandal-plagued company that played a pivotal role in the wars in Iraq and Afghanistan. Though DynCorp prospered under Veritas ownership, the special inspector general for Iraq reconstruction found that DynCorp benefited from lax oversight and frequently billed the government for work that was never requested. In Afghanistan, Wikileaks cables revealed that DynCorp workers paid for young "dancing boys" to entertain policemen. In 2010, Veritas sold its stake in DynCorp.
In 2008, Veritas and another investment fund purchased Global Tel-Link, a telecommunications company that provides telephone services for prison systems. Under Veritas control, Global Tel-Link charged as much as $5 for a ten-minute call to inmates, a charge criticized as "basically a surtax on inmates and their families." The firm also acquired MZM Inc., an intelligence contractor, after the firm's founder was investigated for providing bribes to Rep. Duke Cunningham, R-Calif., in exchange for help obtaining Pentagon contracts. MZM under Veritas was renamed Athena Innovative Solutions, and as Bloomberg reported, the Pentagon later approved Athena's takeover of all of MZM's contracts.
Throughout its history, Veritas has fostered close ties to government officials. Campaign finance records show executives at the investment firm have given over $100,000 to various politicians, mostly Republicans. In 2014, Veritas paid Bill Clinton $250,000 for a speech. [...] For KeyPoint, Veritas again leveraged its relationship with a former official. Shortly after KeyPoint became a Veritas portfolio company in 2009, Veritas brought on former Secretary of Homeland Security Michael Chertoff to serve on its board of directors. "I look forward to working with Jeff, and the KeyPoint and Veritas teams on broadening the critical services KeyPoint provides to the government," Chertoff said in a statement released by the company.
Original Submission
(Score: 3, Interesting) by frojack on Friday June 26 2015, @09:50PM
"it's easy to make a scapegoat out of somebody," but what the government is facing is "a much bigger threat than a management snafu."
I'd have to agree.
Like firing a Manager of a baseball team when the players can't seem to hit the ball, even when the manager has no choice in hiring players.
A top level pointy-haired-boss is likely to be the last one to know of weak security, data breaches, best practices, etc. I've seen too many of them that were never trained in these fields even though they came to govern them.
They get fed hoqwash by fast talking contractors, they stop listening to their own employees, and pretty soon they run the place.
(And for the record I've been on BOTH the employee and the contractor side of this situation).
Security should be an outside agency with the ability to enforce rules upon line-agencies. And probably it shouldn't be an agency subject to the same Cabinet Level organization. And, I admit I haven't a clue how to bring that about. (Although several state governments have managed).
No, you are mistaken. I've always had this sig.
(Score: 1, Insightful) by Anonymous Coward on Friday June 26 2015, @10:21PM
Sadly, even the one's at the bottom end of the food chain, who are actually running the security systems, often have no knowledge of what they are doing. They buy canned, commercial, software that has a checkbox for FIPS compliance, and a checkbox for "secure" and install it, and believe they are safe.
(Score: 2) by tathra on Saturday June 27 2015, @04:39PM
thats what happens when you privatize 90% of all government functions instead of hiring and training people to know what they're doing and then keep them around for their experience.
(Score: 2) by tathra on Saturday June 27 2015, @04:41PM
for the pedants, replace "privatize government functions" with "constantly use temporary independent contractors" and the rest remains the same for private business stuff.