Given the recent data breach of the Office of Personnel Management, a “30 day cybersecurity sprint” has been ordered by the Obama Administration on government agencies.
The directive comes from U.S. chief information officer Tony Scott, who hopes to “patch vulnerabilities, immediately report possible hacks and make access more difficult by requiring multiple forms of verification.” James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, believes that the plan sounds promising but remains skeptical of its success. “The problem is always follow-up,” he says. “How do you make sure people do it? The question will be, 30 days from now, what happens to an agency that doesn’t follow through?”
Some are now estimating the OPM breach could have compromised 14 million people – a jump from the 4 million originally reported. Jason Chaffetz, a Utah Republican and chairman of the House Oversight committee, criticized OPM Director Katherine Archuleta for the cybersecurity failure. He charged, “Your systems were vulnerable. The data was not encrypted….they [inspector general’s office] recommended it was so bad that you shut it down, and you didn’t. And I want to know why.”
After the June 16th hearing, Chaffetz called for Archuleta’s resignation.