House Oversight chairman: Fire top OPM tech official

House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-Utah) is redoubling his efforts to get a senior official fired from the agency that lost millions of Americans’ personal information.

Chaffetz sent a request on Thursday to the Office of Personnel Management (OPM), which is still struggling to recover from the recent cyberattacks that laid bare over 22 million people’s sensitive information.

{mosads}Spurred by recent revelations, the committee chairman is again demanding the agency fire its chief information officer, Donna Seymour, who oversees the entire agency’s computer systems and networks.

“I am deeply troubled Ms. Seymour remains at her post,” Chaffetz said.

In the wake of the data breaches, first revealed in June, Chaffetz led the chorus of outrage on Capitol Hill. Over two bruising hearings, he berated OPM officials for failing to heed years of warnings from the agency’s inspector general about glaring network security deficiencies.

In a number of testy exchanges, Chaffetz repeatedly cut short Seymour and then-OPM Director Katherine Archuleta, exasperated at their refusal to answer questions.

Chaffetz was an early proponent of outing both Archuleta and Seymour from their posts. Archuleta eventually stepped down amid the growing calls for her firing. But Seymour has remained.

Chaffetz is restarting his efforts to get Seymour following new information from the OPM’s inspector general (IG). Earlier this week, the Oversight Committee received a concerning note from the watchdog, Chaffetz said in the letter.

The IG sent a letter in July to Beth Cobert, the newly installed Office of Management and Budget acting director, informing her that Seymour’s office was stymying the IG’s accountability work.

“There have been situations where actions by the [Office of the Chief Information Officer (OCIO)] have interfered with, and thus hindered, the OIG’s work. Further, the OCIO has repeatedly provided the OIG with inaccurate or misleading information,” the letter said, according to Chaffetz.

He called the letter evidence of “serious transgressions.” Yet, Chaffetz added, “Ms. Seymour is still in a position of trust at the agency.”

To move past the OPM hacks and improve government cybersecurity, Seymour must be dismissed immediately, Chaffetz urged.

“Ms. Seymour has already failed the American people with her inability to secure OPM’s networks, and to learn that her office may be actively interfering with the work of the Inspector General only adds insult to injury,” he said.

The Obama administration quickly fired back.

An Office of Management and Budget (OMB) official said the government’s top CIO, Tony Scott, stands by his support of Seymour. 

“The work that is going on right now in OPM would serve as a template and a model for work that other agencies need to do is well,” Scott told senators during a June hearing.

The OPM also strongly defended Seymour in a statement.

In just a few short weeks, Cobert has seen Seymour’s team “working side-by-side with experts from across the federal government,” said OPM press secretary Samuel Schumach.

Since the hacks, Seymour and others have been striving “to enhance the security of our information technology systems and support those who have been affected by the recent cybersecurity incidents.”

Schumach pointed to the recent White House-ordered 30-day “cybersecurity sprint,” during which agencies were directed to raise the number of users required to use multi-factor authentication to access government networks.

At the end of the sprint, the OPM was near the top of the government’s list, with 97 percent of its users now having to use multi-factor authentication. The result represented a 56-percentage point jump for the agency from shortly before the sprint began in early June.

“Since Ms. Seymour’s arrival at OPM in late 2013, OPM has undertaken an aggressive effort to upgrade the agency’s cybersecurity posture, adding numerous tools and capabilities to its various legacy networks,” Schumach said. “These efforts were critical in helping OPM to identify the recent cybersecurity incidents.”

— Updated 2:53 p.m.