[BreachExchange] Beleaguered OPM CIO Departs

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 23 20:53:37 EST 2016


http://www.databreachtoday.com/beleaguered-opm-cio-departs-a-8888

Donna Seymour, who served as chief information officer of the Office of
Personnel Management when word surfaced nearly a year ago that a breach at
the agency exposed the personal information of 21.5 million individuals, is
stepping down.

Seymour's departure, characterized as a retirement unveiled Feb. 22,
received mixed reaction from the leaders of the House Oversight and
Government Reform Committee, in which panel Chairman Jason Chaffetz,
R-Utah, criticized her and then agency director, Katherine Archuleta, for
failing to adequately and speedily address vulnerabilities in OPM's IT
system raised by the agency's inspector general (see Members of Congress
Intensify Criticism of Agency).

'Turning Point for OPM'

Archuleta resigned last July and was replaced by Federal Chief Performance
Officer Beth Cobert as acting director, who President Obama nominated to be
the permanent director (see Archuleta Resigns as OPM Director).

Chaffetz called Seymour's retirement "good news and an important turning
point for OPM."

"While I am disappointed Ms. Seymour will no longer appear before our
committee this week to answer to the American people, her retirement is
necessary and long overdue," Chaffetz said, referring to a scheduled Feb.
24 committee hearing on the breach. "On her watch, whether through
negligence or incompetence, millions of Americans lost their privacy and
personal data. The national security implications of this entirely
foreseeable breach are far-reaching and long-lasting. OPM now needs a
qualified CIO at the helm to right the ship and restore confidence in the
agency."

But the ranking member of the committee, Democratic Rep. Elijah Cummings of
Maryland, took issue with Chaffetz's description of Seymour. Cummings
pointed out that the breach of the OPM system was underway when Seymour
took office in December 2013 and that a number of experts had commended
Seymour for her work to detect the attack and to take strong remedial
measures in its wake. "Unfortunately," Cummings said, "efforts by
Republicans to blame her for the cyberattack on OPM are both unfair and
inaccurate, and they set a terrible precedent that will discourage
qualified experts from taking on the challenges our nation faces in the
future."

'Significant Progress'

Cobert, in an email to agency employees obtained by several news
organizations, said Seymour "inherited enormous information technology
challenges that were years in the making." Cobert credited Seymour for
making "significant progress" in addressing those challenges.

At her confirmation hearing earlier this month, Cobert said OPM was
systematically addressing three core cybersecurity deficiencies identified
by the agency's inspector general as contributing to the massive data
breach, which officials say originated in China (see Nominee Explains OPM's
Recovery from Massive Breach). "Focusing on cybersecurity, protecting OPM
systems and data, and providing services to individuals who were affected
had been my highest priority since joining OPM; it will remain my highest
priority if confirmed," Cobert testified before the Senate Homeland
Security and Governmental Affairs Committee.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160223/6093e1ba/attachment-0001.html>


More information about the BreachExchange mailing list