“Improving Security and Efficiency at OPM and the National Background Investigations Bureau”

Hearing Date: February 2, 2017 9:00 am 2154 RHOB

TAKEAWAYS:

  • Oversight Committee investigation and majority staff report provided useful recommendations to improve cybersecurity and IT management at OPM.
  • The background investigation process is taking longer.
    • In FY2015, it took on average 95 days to process a secret clearance and 179 days for a top secret clearance.
    • In FY2016, it took on average 166 days to process a secret clearance and 246 days for a top secret clearance.
  • The federal government should reevaluate the pay scale for IT professionals to incentivize top talent to enter or remain in the public sector.
  • 100 percent dual authentication has been implemented to initially access OPM systems using a personal identity verification (PIV) card and PIN.
  • NBIB should expedite its inclusion of social media in its criteria during the evaluation of an individual’s fitness to hold a security clearance.
PURPOSE:
  • To review the state of IT security at the Office of Personnel Management (OPM).
  • To receive updates on reforms and challenges with the security clearance process.
BACKGROUND:
  • In September 2016, the Committee issued a report on its yearlong investigation of the 2015 OPM data breach that details the circumstances that led to the breach, OPM’s incident response, and OPM’s IT modernization efforts.
  • The report offers 13 recommendations including improvements to federal cybersecurity, updates to procurement of incident response services, and accountability of the National Background Investigations Bureau (NBIB).
  • In January 2016, the federal government announced the creation of NBIB under the Department of Defense to assume IT responsibilities pertaining to background investigations; however, a recent Performance Accountability Council report showed background investigation times have increased.

KEY VIDEOS:

Chairman Chaffetz (R-UT): “This is what drives people crazy about the government. You had to conduct a study to find out if looking at social media is valuable and the conclusion is: ‘it might be, yes’?”… Let me answer the question for you: Yes, looking at publicly available social media should be part of the process.”

Information Technology Subcommittee Chairman Hurd (R-TX): “Why did we get to this situation? I ask that question in order to learn from this experience, so that we can take those lessons learned and apply it across the federal government.”

Government Operations Subcommittee Chairman Meadows (R-NC): “That’s basic, I’ve got encryption better than that on my home computer and here we are we have resources.”

Witnesses and testimonies

Name Title Organization Panel Document
Ms. Kathleen McGettigan Acting Director Office of Personnel Management Document
Mr. Cord Chase Chief Information Security Officer Office of Personnel Management Document
Mr. Charles Phalen Director National Background Investigations Bureau Document
Mr. David DeVries Chief Information Officer National Background Investigations Bureau Document
Mr. Terry Halvorsen Chief Information Officer U.S. Department of Defense Document