Cyberattacks such as the one that exposed the personal data of millions of federal workers will continue and are likely to increase, says the head of the U.S. Office of Personnel Management. OPM Director Katherine Archuleta came under fierce criticism during a congressional hearing on Tuesday over the OPM data breach revealed last week. That hack reflected decades of neglect of government computer systems and could have been much worse, Archuleta said. Some U.S. officials suspect the cyberattack was linked to China but the Obama administration has not publicly accused Beijing. China denies any involvement.
Archuleta said government and non-government entities are under “constant attack” by sophisticated, well-funded cyber adversaries. “In an average month, OPM, for example, thwarts 10 million confirmed intrusion attempts targeting our network. These attacks will not stop — if anything, they will increase,” she told the House Committee on Oversight and Government Reform.
In a three-hour hearing punctuated by committee member attacks, snide jabs and demands for simple yes/no answers, Archuleta and her CIO Donna Seymour defended their agency’s response to two security breaches OPM detected this spring. Archulet said the breaches were discovered and contained because of new security measures taken in the last year. One breach discovered in April affected personnel records and the other, detected in May, affected background investigations for current, former and prospective government employees. Archuleta said 4.2 million employees were affected by the OPM hack discovered in April, but refused to say how many people had been affected in the other attack. She also refused, despite repeated questions, to say how many years’ worth of records had been affected.