The House Oversight Committee majority staff released a massive report on Tuesday criticizing OPM agency leaders for failing to protect sensitive records for more than 20 million current and former government employees. “The long-standing failure of OPM’s leadership to implement basic cyber hygiene, such as maintaining current authorities to operate and employing strong multi-factor authentication, despite years of warnings from the inspector general, represents a failure of culture and leadership, not technology,” the report states. The report noted that had the breach been discovered in its early stages, the results would not have been nearly as damaging. However, the 2014-2015 breach was able to develop into one of the biggest breaches in history after ignoring several warning signs. Additionally, the report noted that the breach is “likely connected and possibly coordinated” by Chinese government-sponsored groups. The 231-page report offered 13 recommendations including reducing the use of Social Security numbers, improving cybersecurity practices and placing an emphasis on recruiting the best cybersecurity personnel.
In response to the Republican report, Democratic committee staff quickly responded with a rebuttal memo on Tuesday stating, “The Republican staff report fails to adequately address federal contractors and their role in cybersecurity.” The memo attempted to lighten the blame on OPM by faulting contractors and citing the sophistication of the attacks. “The most significant deficiency uncovered during the committee’s investigation was the finding that federal cybersecurity is intertwined with government contractors, and that cyber requirements for government contractors are inadequate,” the report explained. The rebuttal also noted that the same hackers were responsible for other advanced cyber-attacks, citing the Anthem breach as an example. While there is clearly a disagreement with who’s to blame, the GOP report does praise OPM’s current acting director, Beth Cobert’s efforts thus far.