Finger-pointing starting in blame for government hack
Washington — Finger-pointing burst into the open on Capitol Hill Wednesday over blame for hacking into the U.S. government’s personnel records, which the chairman of a House oversight committee said might affect as many as 32 million current and former employees and others.
The head of the U.S. Office of Personnel Management, Katherine Archuleta, acknowledged to lawmakers that she was responsible for keeping the files safe but blamed the hackers, and an executive disputed an official account that hackers had used one of his employee’s credentials in one of the break-ins. It was the third congressional hearing on the subject in recent days.
For Archuleta, it was the latest appearance before angry lawmakers demanding answers about the personal information, including information used for background investigations for those seeking a security clearance. Some lawmakers have urged the White House to fire her.
Archuleta said it was the responsibility for protecting records of her and her chief information officer, but she again sought to steer blame to the hackers, whom she described as a “very dedicated, focused actor.” Asked directly about reports that U.S. officials blamed China’s government, she responded: “That’s classified.”
Across town, senior China diplomats were meeting with U.S. officials in the final day of meetings about strategic and economic issues.
On Capitol Hill, the chief operating officer for a federal contractor, KeyPoint Government Solutions Inc., told lawmakers that it wasn’t his company’s fault.
“There is absolutely no evidence that KeyPoint was responsible for that breach,” executive Eric Hess said.
Hess countered assertions by Archuleta on Tuesday and Wednesday. She told lawmakers that hackers used a stolen KeyPoint credential to break into the network. Credentials are equivalent to electronic keys.
“There was a credential that was used and that’s the way they got in,” Archuleta said, answering a question from Rep. Bonnie Watson Coleman, D-N.J.
Hess later told lawmakers that Archuleta was referring to a KeyPoint employee who had an OPM account.
Archuleta told a Senate appropriations subcommittee on Tuesday that while a KeyPoint credential was used “we don’t have any evidence that would suggest that KeyPoint as a company was responsible or directly involved in the intrusion.”
She said, in fact, that no one person was responsible, and blamed the hackers for the intrusion.
Archuleta has declined to say how many current or former government employees, contractors or job applicants may have been affected, repeating only the original figure of 4.2 million people disclosed last month.
Committee Chairman Jason Chaffetz, a Utah Republican, asked Wednesday whether the figure could actually be as high as 32 million people.
Lawmakers pushed back as Archuleta again defended herself and her agency.
“I disagree that nobody is to be held personally responsible,” Chaffetz said. “As the head of the agency Ms. Archuleta is in fact statutorily responsible.”
The focus on Capitol Hill over the federal government’s hacking continued during Wednesday’s conclusion of important U.S.-China diplomatic meetings in Washington, known as the strategic and economic dialogue. It was not immediately clear whether the hacking came up during the meetings, although Secretary of State John Kerry on Tuesday said he anticipated “a very frank discussion of cyber security and other ongoing concerns.”
White House spokesman Josh Earnest has declined to discuss details of those meetings and said the government has not made any “public declaration” of who was behind the hack.
“The kinds of conversations that take place behind closed doors in the context of a summit as significant as the security, strategic and economic dialogue, are different than the kinds of public discussions that take place,” Earnest said Tuesday. “After all, that’s the reason that we would invite senior Chinese official to the United States, is so that we wouldn’t have conversations through the media, but actually have an opportunity in a private setting to have a direct face-to-face discussion.”