OPM on a Path to Cybersecurity Fix, but Big Gaps Remain
The one-year anniversary of the OPM data breach has come and gone, yet the sensitive data of four million federal employees still remains unencrypted, reports FCW.
It’s a stark admission that comes directly from acting OPM Director Beth Cobert during a recent government oversight committee hearing. OPM still has time, though, as their target date for full encryption on all personnel data in its systems isn’t until September 30, 2016.
According to the article, Rep. Stephen Lynch (D-Mass.) however, dismissed all the “happy talk” he is hearing with regards OPM’s progress towards its goal.
Federal CIO Tony Scott chimed in on efforts and achievements at OPM so far, including:
• Regular meetings between Scott, OPM and DoD officials on issues and fallout from the breach.
• The establishment of the National Background Investigations Bureau. A new agency that has taken over background investigations from OPM’s Federal Investigative Services and puts DoD in charge of IT operations used in federal background checks.
• Implementation of continuous diagnostics and mitigation, coordinated by DHS.
• Two-factor authentication for network logins. A lack of such authentication was identified as one of the main reasons the hack at OPM was made possible (a weakness that FISMA and this blog warned aboutprior to the OPM hack).
• Use of DHS’ Einstein 3 Accelerated (E3A) network security system to detect malicious activity.
Read the full article here.
Related Blogs
• 4 Things DoD Has Learned from the OPM Data Breach
• One Year from the OPM Breach: How the Federal Cybersecurity Landscape is Changing
• Finding the Positives in the Wake of the Data Breach at OPM