OPM on a Path to Cybersecurity Fix, but Big Gaps Remain
It’s a stark admission that comes directly from acting OPM Director Beth Cobert during a recent government oversight committee hearing. OPM still has time, though, as their target date for full encryption on all personnel data in its systems isn’t until September 30, 2016.
According to the article, Rep. Stephen Lynch (D-Mass.) however, dismissed all the “happy talk” he is hearing with regards OPM’s progress towards its goal.
Federal CIO Tony Scott chimed in on efforts and achievements at OPM so far, including:
• Regular meetings between Scott, OPM and DoD officials on issues and fallout from the breach.
• The establishment of the National Background Investigations Bureau. A new agency that has taken over background investigations from OPM’s Federal Investigative Services and puts DoD in charge of IT operations used in federal background checks.
• Implementation of continuous diagnostics and mitigation, coordinated by DHS.
• Two-factor authentication for network logins. A lack of such authentication was identified as one of the main reasons the hack at OPM was made possible (a weakness that FISMA and this blog warned aboutprior to the OPM hack).