recommended reading

OPM Cybersecurity Hearing Devolves into Russia Hacking Squabble

House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, R-Utah.

House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, R-Utah. // Molly Riley/AP

A House oversight committee hearing focused on shoring up the cybersecurity of federal employee information devolved Thursday for more than 10 minutes into a partisan battle over Russian meddling in the 2016 election.

Chairman Jason Chaffetz, R-Utah, and ranking member Elijah Cummings, D-Md., frequently spoke over each other during the squabble, offering yet another sign the election season hacks and the legislative response to them could overshadow other cybersecurity priorities.

During the dispute, Rep. Stephen Lynch, D-Mass., repeatedly urged the oversight committee to launch its own investigation into the election season hacks that wreaked havoc on Democratic nominee Hillary Clinton’s campaign while Chaffetz responded only the House Intelligence Committee is equipped to launch a full investigation.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Meanwhile, Cummings pushed his bill to form an independent 9/11-style commission to investigate the Russian government-backed breaches at the Democratic National Committee, the Democratic Congressional Campaign Committee and the Clinton campaign, and Chaffetz declared one or the other of the Democrats “out of order” at least seven times.  

Witnesses, including acting Office of Personnel Management Director Kathleen McGettigan and retiring Defense Department Chief Information Officer Terry Halvorsen, remained silent throughout the dispute.

Senate Intelligence Committee Chairman Richard Burr, R-N.C., and ranking member Mark Warner, D-Va., have agreed to launch a formal investigation into the Russian hacks, while House Intelligence Chairman Devin Nunes, R-Calif., has pledged only to investigate the breaches as a normal part of the committee’s oversight activity.

House Intelligence ranking member Adam Schiff, D-Calif., has joined Cummings and other Democrats pushing for a broader investigation.

The fact that Nunes served on President Donald Trump’s transition team could cause some observers to question that committee’s findings, Cummings argued during Thursday’s hearing, a point that caused additional conflict between the chairman and ranking member.

Chaffetz accused Cummings of questioning Nunes’ integrity and Cummings accused Chaffetz of putting words in his mouth.

“I’m not questioning the integrity of Mr. Nunes,” Cummings said, adding, “when people look at the report and they see someone on the transition team for Mr. Trump, then it becomes questionable.”

A spokesman for Nunes declined to comment on the dispute.

It would make little sense for the oversight committee to investigate the election season breaches, Chaffetz insisted, because the committee is ill-equipped to investigate either the attacker or the breach victims.

On the attackers’ side, the committee cannot investigate without delving into sources and methods U.S. intelligence agencies used to gather information about the Russian hackers—typically, the domain of the Intelligence Committee working in a closed session.

On the victims’ side, he said, it would be inappropriate for a congressional oversight committee to investigate an independent political party.

In the case of the OPM breach, he said, “we could look at those that were breached and how inept their systems were and how bad it was set up and how the inspector general was warning of these things.”

He later added, “If you want me to start issuing subpoenas on the DCCC, I’m probably not going to do it, but go ahead and request it.”

Cummings and Lynch both insisted the oversight committee could begin an investigation looking only at documents that are unclassified and already public, such as January reports from intelligence agencies and the Homeland Security Department describing the breaches and the larger Russian influence operation during the campaign.

“The idea that Russia could come in and interfere with our elections, all of us should be going berserk,” Cummings said.

Witnesses reported during the hearing that:

  • All OPM systems now require dual-factor authentication for access.
  • Only one OPM database containing federal employee Social Security numbers and other sensitive data remains unencrypted. That database is scheduled to be upgraded to encrypted status next month.
  • OPM is in the midst of a small pilot focused on examining precisely how to integrate public social media posts into the current background check systems.

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.