The Office of Personnel Management (OPM) has been criticized by its internal watchdog for not taking the necessary actions to ensure that massive computer hacks of its network don’t reoccur.

Earlier this year it was revealed that OPM allowed two cyberattacks to breach its computer databases containing official and personal information for millions of Americans. One hack compromised the records of 4.2 million current and former federal employees, while a second exposed the records of 21.5 million individuals who applied for security clearances or renewals since 2000.

Since these cyberattacks, OPM officials have been trying to bolster the agency’s network from future infiltrations. But OPM’s inspector general, Patrick E. McFarland, warned in a report (pdf) that the project is suffering from planning and funding problems that could result in a high risk of failure, according to The Washington Post.

McFarland has also said OPM leaders had rejected several recommendations made by his office in a June audit. These included going through a full planning process for projects such as this called a Major IT Business Case. The report also pointed out that since the first audit, the previous OPM chief, Katherine Archuleta, had resigned and the Senate turned down more funding for the project. “In such a turbulent environment, there is an even greater need for a disciplined project management approach to promote the best possibility of a successful outcome,” the report said.

OPM also downplayed the IG’s concerns about lack of competition for the contract for the first stages of the work,” the Post’s Eric Yoder reported.

The agency defended its actions by saying it didn’t have time to do all the planning suggested by the IG’s office because it was more concerned about closing “the cyber barn doors” to future hacks.

Additionally, McFarland has accused OPM’s information technology office of interfering with his office’s efforts to determine how well the agency had guarded security clearance and federal employee personnel files that were hacked and how well it responded to those breaches.

McFarland said the Office of the Chief Information Officer had “hindered and interfered with” his office’s oversight and “has created an environment of mistrust by providing my office with incorrect and/or misleading information.”

-Noel Brinkerhoff

To Learn More:

OPM Response to Cyberbreach Challenged Again (by Eric Yoder, Washington Post)

Memo to OPM (Office of Inspector General, OPM) (pdf)

OPM Officials Hindering Scrutiny of Hacked Computer Systems, Watchdog Says (by Eric Yoder, Washington Post)

Chinese Stole Personal Details of 7% of Americans in OPM Hacks (by Danny Biederman, AllGov)

Is the Chinese Hacking of U.S. Government Employees’ Data Really any Different than What the U.S. Does to China? (by Noel Brinkerhoff, AllGov)