OVERNIGHT CYBERSECURITY: OPM chief fights to save her job

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–FIGHT FOR YOUR RIGHT: Office of Personnel Management (OPM) Director Katherine Archuleta is fighting for her job. The agency head is coming under heavy fire on Capitol Hill, with lawmakers on both sides of the aisle demanding that she step down for what could be the most devastating data breach in American history. Archuleta has taken a beating in a series of tense congressional hearings. Lawmakers have accused her of shifting blame for the hack and moving too slowly to correct persistent security problems that were apparently exploited by China in a breathtaking siege of U.S. networks. “Personal accountability is paramount,” said House Oversight Committee Chairman Jason Chaffetz (R-Utah), during a four-hour hearing Wednesday. Chaffetz is leading the growing congressional chorus calling for Archuleta to be fired. To read our full piece, click here.

{mosads}–HOW MANY?: At the hearing, Archuleta finally addressed rampant speculation that a second hack on a security clearance database may have laid bare up to 18 million people’s information. Her comments were alarming. “It is my understanding that the 18 million refers to a preliminary, unverified and approximate number of unique Social Security numbers in the background investigation data,” Archuleta said before the Oversight Committee. The 18 million approximation does not include friends and family members named in background checks, Archuleta cautioned, meaning the total could grow if the agency decides those people “should be considered individuals affected by this incident.” Eighteen million “is a number I am not comfortable with at this time because it does not represent the total number of affected individuals,” she said. To read our full piece, click here.

–32 MILLION?: Chaffetz pressed Archuleta to go further. He cited an OPM budget request claiming the agency was “a proprietor” of personally identifiable information on 32 million federal employees and retirees. “Are you here to tell me that information is all safe? Or is it potentially 32 million records here that are at play?” Chaffetz asked. “We’re reviewing the number and scope of the breach,” Archuleta replied. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

–AWKWARD. President Obama on Wednesday pressed top Chinese officials on cyber attacks during a closed-door meeting at the White House. The meeting was part of a three-day summit of U.S. and Chinese officials in Washington, which has been overshadowed by a massive hack of federal government data. The administration is still reeling from a crushing breach that officials have privately blamed on China.

State Department officials vowed before the talks to directly address the data breach with Chinese officials, although public statements on cybersecurity throughout the meetings have been mostly oblique.

“The kinds of conversations that take place behind closed doors in the context of a summit as significant as the Strategic and Economic Dialogue are different than the kinds of public discussions that take place,” White House press secretary Josh Earnest told reporters on Tuesday.

 

LIGHTER CLICK:

–TIRED OF THE OPM HACK? We sure are. Take a break by watching a few of the 168 Seinfeld episodes, now available streaming on Hulu. New York magazine ranks every single episode from worst to best here.

 

WHO’S IN THE SPOTLIGHT:

–KEYPOINT GOVERNMENT SOLUTIONS, the government’s major background check contractor, who on Wednesday denied reports that hackers used data stolen from its networks to conduct the initial OPM intrusion that exposed 4.2 million federal workers’ data.

But it does appear that a KeyPoint employee’s credentials were stolen, just while that employee was on the OPM system.

Lawmakers on Wednesday didn’t take kindly to the distinction.

“Did that KeyPoint employee have OPM credentials as part of his or her scope of employment within KeyPoint?” asked Rep. Matt Cartwright (D-Pa.), during an Oversight Committee hearing.

KeyPoint CEO Eric Hess agreed.

“You understand under traditional concepts of the law, KeyPoint is responsible for the acts of its employees acting within the scope … of their employment,” Cartwright concluded.

“I’m not familiar with that,” Hess replied.

To read our full piece, click here.

 

A REPORT IN FOCUS:

–ON THE UP AND UP. Washington, D.C., had the largest gain in Internet speed in the U.S. over the first quarter of 2015, according to Akamai’s latest state of the Internet report. Although you wouldn’t believe it based on the Capitol Hill Wi-Fi. Check it out here.

 

A LOOK AHEAD:

THURSDAY

–The Hill will hold an event on women in cybersecurity at 8 a.m. Sen. Deb Fischer (R-Neb.), and Reps. Marsha Blackburn (R-Tenn.) and Kyrsten Sinema (D-Ariz.) will all speak.

–The Senate Homeland Security Committee will hold a hearing at 9:30 a.m. on the OPM hack. OPM Director Katherine Archuleta is slated to testify.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The OPM on Wednesday released 15 new steps intended to shore up its security. (The Hill)

Senate Majority Leader Mitch McConnell (R-Ky.) slammed OPM Director Katherine Archuleta on Wednesday, suggesting that the recent hack was the result of a “management problem.” (The Hill)

Login credentials for websites linked to nearly 50 government agencies have been found scattered across the Internet, according to a new report from Recorded Future. (The Hill)

President Obama spoke with French President François Hollande on Wednesday to stem the damage from new revelations that the U.S. had spied on his and other leaders’ personal communications for years. (The Hill)

French President François Hollande said on Wednesday that it is “unacceptable” for the U.S. to have intercepted his and two other French presidents’ communications. (The Hill)

Defining the recent OPM data breach as two hacks “allowed officials to initially deny millions of the government’s most sensitive employee security records had been stolen, according to officials familiar with the matter.” (The Wall Street Journal)

For KeyPoint Government Solutions’ parent company, Veritas Capital, the hack is only the latest incident in a long history of controversial government contracting. (The Intercept)

NSA chief: Don’t assume China hacked OPM. (Defense One)

Samsung software updater disabled Microsoft’s built-in Windows Update, which delivers critical patches for security bugs and holes among other fixes. (The Guardian)

The social network backed by Anonymous isn’t so secure after all. (Motherboard)

What the Houston Astros hack can teach you about cybersecurity. (CBS News)

Israeli Prime Minister gave the opening speech at an annual cybersecurity conference in Tel Aviv. (Info Security Magazine)

 

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A