U.S. Chief Information Officer Tony Scott, along with other administration officials, faced angry House lawmakers Thursday, as they defended a plan to create a new federal agency funded by the Defense Department to oversee background security checks for government employees and contractors.
During a two-hour hearing on security clearance reform, lawmakers objected to everything from the proposed agency’s structure, to its funding, implementation and failure to leverage social media.
Dubbed the National Background Investigations Bureau, the agency would replace the Office of Personnel Management’s Federal Investigative Services unit, which currently performs the checks.
A pair of data breaches at the OPM in 2014 exposed personal information on some 21.5 million current and former federal employees and their families, including over a decade of security clearance data, the agency revealed last year.
The hearing came just days after the resignation of OPM CIO Donna Seymour. Katherine Archuleta, the agency’s director at the time of the breaches, stepped down earlier this year, amid calls for her resignation from lawmakers.
Under the plan, the Defense Department would oversee the design, development, security and operation of the new agency’s IT systems, although the agency itself would remain housed in the OPM, according to the proposal unveiled in January.
During the hearing, Mr. Scott said the new agency will “strengthen how the federal government performs background investigations,” in part by leveraging the Defense Department’s “expertise in information technology and cybersecurity for processing background investigations and protecting against threats.”
By the end of the year, he said, the agency will offer government-wide capabilities, such as eApplication and eAdjudication tools, that will “greatly improve the effectiveness, efficiency, and security of key aspects fo the background investigation process,” he told members of the House Oversight and Government Reform Committee.
The initiative also would be enhanced by the ongoing implementation of the Cybersecurity National Action Plan, which includes stronger authentication controls for workers accessing government networks and systems, such as the use of Personal Identification Verification cards or two-factor authentication.
Beth Cobert, the acting director fo the OPM, who also testified Thursday, said the agency will help “modernize the federal government’s security clearance and background investigation processes.”
But lawmakers were having none of it. Many objected to putting the Defense Department on the hook for paying for the agency’s IT systems, from $95 million drawn from its 2017 budget.
“We ought not to be weakening and diminishing our land forces to pay for some data breach,” said Rep. Steve Russell (R., Okla.).
Rep. Jason Chaffetz (R., Utah), the committee chair, wanted to know why there were no efforts in the plan to include employee backgrounds checks on Facebook, Twitter or other social media tools. “Go hire a bunch of teenagers and they’d do it better than we’re doing it,” Mr. Chaffetz said, citing the use of social media by ISIS and other terrorist groups.
He also criticized the high level of spending on IT across the federal government in recent years, saying it had done little to protect agencies from ongoing cyber attacks.
“This is designed to fail,” said Rep. John Mico (R., Fla.), “I guaran-damn-tee you this will continue to be a disaster.”
Hats off to CIO Tony Scott for recommending a radical change it shows he he is not accepting meteoricy and the status quo. Tony make NIST, FEA and ITAM mandatory for funding and you are there. Tony continue to turn the screws!
The idiot - Jason Chaffetz - thinks that teenagers on facebook can do a better job than US Defense Department on Cyber Security. Then why the hell does he want to spend $700 billion dollars on defense? We should just let teenagers do it. Why do we allow such foolish statements to be made by people who are responsible for making life and death decisions for this country? Shouldn't the press hold these idiots accountable?
Error Correction Control ....Donna Seymour was fired not resigned for incompetence
"“We ought not to be weakening and diminishing our land forces to pay for some data breach,” said Rep. Steve Russell (R., Okla.)."
Actually you should. We lack much in terms of a Cyber defense and if you review the data breach of the OPM, that has put many former and current military and law enforcement members at risk.
The problem is that those in the government are not technical enough to 'get it', nor capable of hiring the right staff to architect a comprehensive solution.
If the decision is to go with the standard, usual "establishment" stale technology other than cutting edge data protection solutions that actually work ( e.g dlpthatworks from gtb technologies ), then one should expect failure.