Under Attack, Federal Cybersecurity and the OPM Data Breach, Hearing Before the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Fourteenth Congress, First Session, June 25, 2015 [open pdf - 4MB]
This is the June 25, 2015 hearing held before the Senate Committee on Homeland Security and Governmental Affairs entitled "Under Attack: Federal Cybersecurity and the OPM [Office of Personnel Management] Data Breach." From the opening statement of Chairman Ron Johnson: "Earlier this month, the Office of Personnel Management (OPM) announced that over the past year hackers stole 4.1 million federal employees' personnel records. Then, just days later, we learned the attack was actually far broader, involving some of the most sensitive data the federal government holds on its employees, and likely, many more records. It is hard to overstate the seriousness of this breach. It has put people's lives and our nation at risk. This massive theft of data may be the largest breach the federal government has seen to date. But it's not the first data breach affecting federal agencies, or even the OPM. Unfortunately, I doubt it will be the last. Our nation is dependent on cyber infrastructure and that makes our future vulnerable. The cyber threats against us are going to continue to grow--in size and sophistication. The purpose of this hearing is to lay out the reality of that cyber threat and vulnerability. The first step in solving any problem is recognizing and admitting you have one. We must acknowledge we have a significant cybersecurity problem in the federal government, especially at the OPM. This intrusion on the OPM's networks is only the latest of many against the agency, and the OPM has become a case study in the consequences of inadequate action and neglect. Cybersecurity on federal agency networks has proved to be grossly inadequate. Foreign actors, cyber criminals and hacktivists are accessing our networks with ease and impunity. While our defenses are antiquated, our adversaries are by comparison proving to be highly sophisticated. Meanwhile, agencies are concentrating their resources trying to dictate cybersecurity requirements for private companies, which in many cases are implementing cybersecurity better and more cheaply." Statements, letters, and other materials submitted for the record include those of the following: Katherine Archuleta, Tony Scott, Andy Ozment, and Patrick E. McFarland.
S. Hrg. 114-449; Senate Hearing 114-449
Government Publishing Office: http://www.gpo.gov/