What was scheduled to be a relatively blasé bureaucratic update to members of the House Committee on Oversight and Government Reform regarding OPM’s cybersecurity posture diverged from prepared witness testimony and instead became a grandstanding showcase laden with hyperbole.
During Thursday’s hearing, lawmakers displayed what appeared to be a basic misunderstanding of federal cybersecurity, encryption technologies and rudimentary facts concerning the actual 2014 OPM breach incident.
“I asked [Katherine] Archuleta, who was running OPM at the time, I said ‘Had you actually gone back and encrypted the social security numbers of these employees, were they encrypted,’ and she said ‘No, they were not,” recalled Rep. Stephen Lynch, D-Mass.
That led OPM Chief Information Officer David De Vries to explain to Lynch how they encrypted the systems, not the data itself.
“In 2016, we began a program to encrypt the databases,” De Vries said, “it’s not just [about] encrypting the social security numbers. It’s encrypting those databases that contain critical information.”
Social security numbers for government employees are not, nor have they ever been, individually encrypted at OPM.
Unfazed, Lynch responded to De Vries, “You’re not answering my question [specific to social security numbers].” He then quickly transitioned into a speech about the impact of Russian hacking — though there is no evidence to suggest that the OPM and Democratic National Committee breaches are in any way connected to one another.
“We have enough here, right here,” Lynch said while pointing to a stack of unclassified intelligence reports, “to do an investigation [into Russian hacking]. Look, look, they hacked the American election — that’s worth looking into.”
House Oversight Committee Chairman Jason Chaffetz, R-Utah, then intervened to clarify Lynch’s statement. “There is no evidence of [the election being hacked]. And President Obama said that wasn’t even possible.”
Beyond Capitol Hill, there’s been some confusion in the public regarding which systems were compromised by Russian intelligence services and how those individual breaches ultimately influenced election results. The Department of Homeland Security has, on multiple occasions, explained that the voting process itself was in no way affected.
As OPM’s leadership sat silently before the committee, a debate ensued between Chaffetz and Lynch about whether the House Oversight Committee should launch an independent investigation into recent Russian hacking efforts. There are already three different Senate committees investigating the matter.
Ranking committee member Rep. Elijah Cummings, D-Md., came to Lynch’s defense.
“What I am most concerned about is when we have 17 intelligence agencies who unanimously agree that there has been hacking with regard to our elections and one of the things I have noticed is that there has been an effort by some … to say it didn’t affect the results.”
“You’re going well outside the scope of this hearing,” countered Chaffetz, “I have given you ample time … [And now] I ask this rhetorically, do the Democrats truly want this committee to do an investigation of the DNC and the DCCC?”
“Yes,” replied Cummings.
Multiple democratic congressmen also asked witness Charles Phalen, director of the National Background Investigations Bureau, about the clearance process necessary for acting National Security Advisor Michael Flynn and Chief Strategist Steve Bannon to serve in the White House.
The FBI, not the NBIB, is responsible for screening White House staff.