The embattled director of the Office of Personnel Management will hire a cybersecurity advisor to assist the agency after a pair of major breaches compromised deeply personal data for millions of federal employees and job applicants.
OPM director Katherine Archuleta made the announcement Thursday, during testimony before the Senate Homeland Security Committee. It was her last of three Capitol Hill hearings this week about the OPM hacks.
In her opening testimony on Thursday, Archuleta detailed "some new steps that I am taking."
First, Archuleta will hire a new cybersecurity advisor who will report directly to her. This person, whom she expects will be at the agency by August 1, will work on several projects: manage OPM's recovery and response after the two recent hacks, develop a plan to prevent future breaches and determine whether the agency's entire IT system needs an overhaul.
Archuleta is also planning to meet with chief security officers at large private companies to discuss cybersecurity challenges and solutions, she said.
OPM, which screens and hires federal workers, revealed on June 4 that it had discovered a cyberattack involving data for 4.2 million current and former federal employees. On June 12 OPM disclosed a second attack that targeted information for millions more Americans who applied for security clearances, though Archuleta said this week the agency doesn't yet know many people were affected by the second breach.
Archuleta reiterated that point Thursday: "I am providing the status as we know it today and reaffirming my commitment to providing more information as soon as we know it."
The pair of breaches has made OPM the poster child for inadequate federal cyber protections, and a growing group of lawmakers has called for Archuleta to resign as a result of the fallout. She defended herself again at Thursday's hearing in response to subcommittee members who questioned her sense of urgency and asked whether she understands the overall cybersecurity threat.
"Of course I do. Of course I do," Archuleta said forcefully. "I am as upset as you are about this."
Archuleta faced strong questioning from several lawmakers on Thursday, but Sen. John McCain, R.-Ariz., was the toughest on the OPM director.
Among other items McCain pressed Archuleta about widespread reports that Chinese hackers were behind the attack, but she declined to name China or any other entity as the perpetrator, saying OPM doesn't deal in attribution.
A visibly exasperated McCain replied: "I've seen a lot of performances in my day ... yours ranks as one of the most interesting."
Archuleta spoke several times about the need for more funding and staff to help identify problems in OPM's online systems and prevent future breaches.
"We need more resources to get things done, she said, "and that’s why we’ve come to Congress to ask for them."