Cybersecurity

Oversight chairman wants to know who discovered OPM hack

by Cory Bennett 09/18/15 12:33 PM ET

House Oversight Committee Chairman Jason Chaffetz (R-Utah) is pushing to find out exactly who discovered the massive data breach at the Office of Personnel Management (OPM) that exposed more than 20 million people’s personal information.

The chairman recently sent a letter to the hacked agency requesting more details about an outside contractor, CyTech, that was brought in to examine the OPM networks.

{mosads}CyTech was briefly a point of controversy during a series of Oversight hearings following the breach.

The digital forensics firm said it found the network intrusion during an April scan of the agency’s systems. But OPM officials insisted during the hearings that their own team had previously uncovered the breach, before CyTech was brought in.

The confusion over who first discovered the hackers — believed to be from China — led to several contentious exchanges between Chaffetz and then-OPM Director Katherine Archuleta, during the hearings.

“So the New York Times and others who wrote that were wrong?” Chaffetz asked.

“That is correct,” Archuleta responded.

Chaffetz now wants to know more about CyTech’s diagnostic tool.

According to the letter, CyTech’s forensics tool, known as “CyFIR,” was returned to the company on Aug. 20, or “the day after the Oversight and Government Reform staff made inquiries to several federal agencies to inquire about the CyTech appliance.”

The data that CyFIR gathered was also deleted on Aug. 17.

“The data and evidence contained on CyTech’s appliance is relevant to the Committee’s investigation,” says the letter, which is also signed by Rep. Michael Turner (R-Ohio).

“The deletion or loss of that data — intentional or otherwise — would damage the Committee’s effort to determine how and why OPM’s networks were infiltrated.”

The letter requests all documents and communications related to CyTech’s investigation. The committee asked for the data by Sept. 23.

The fact-finding mission is part of Chaffetz’s broader effort to keep pressure on the OPM as it fills in the picture of exactly how the agency was breached and works to strengthen its networks.

The Utah lawmaker is also demanding to see the network security guides the agency said were exposed during the intrusion, and he has requested a more detailed timeline of the breach from the Department of Homeland Security.

“Fundamental questions about the detection of the security breach at OPM and the agency’s response in the aftermath largely remain unanswered,” Chaffetz told The Hill in August.