With the Chinese hack of employee records underscoring weaknesses in federal computer security, two senior GOP senators say the White House has failed to tell Congress what it’s doing to protect its own networks from intruders.
In a letter to President Obama, Sens. John Thune (R-S.D.) and Ron Johnson (R-Wis.) note that the Executive Office of the President has failed to follow a law called the Federal Information Security Management Act, the roadmap for all executive branch agencies to ensure that they not just implement a cyber security program but report annually on whether it is up to date.
The Executive Office of the President has not submitted a review of its own systems to the Office of Management and Budget or to a number of congressional committees with oversight over cyber security for at least three years, the senators wrote. And OMB has not said it received such a review since fiscal year 2008, they wrote.
“Recent reports that the Office of Personnel Management suffered multiple significant intrusions, resulting in the exposure of millions of employees’ personal information, only underscore the importance of every federal agency, including the EOP, to take steps to improve its cybersecurity posture,” wrote the senators, the chairmen, respectively, of the committees on Commerce, Science and Transportation and Homeland Security and Governmental Affairs, two of the congressional panels that agencies are required to report to.
The White House has not been immune from hacking attacks. Hackers thought to be working for the Russian government breached the unclassified White House computer networks last fall, a breach that resulted in temporary disruptions to some services while cybersecurity teams worked to contain it.
That incident helped galvanize the effort to create U.S. Cyber Command, a military organization dedicated to defending the country’s critical computer systems — including those in the private sector — against foreign cyberattack, as well as helping combatant commanders in operations against adversaries. The command is expected to have some 6,000 personnel by 2016, officials said.
“All agencies, even agencies with sensitive information operating national security systems, must comply with the requirement to report on information security performance,” the senators’ June 22 letter to the president said.
OMB spokesman Jamal Brown declined to comment on the letter.
The senators asked the president to explain why the White House has failed to comply with the law’s reporting requirements and whether it is actually reviewing the effectiveness of its computer security systems.
Source: The Washington Post