With the total number of people affected by the data breach at the Office of Personnel Management now estimated to be as many as 18 million, OPM Director Katherine Archuleta has mounted a public relations counter-attack, defending the agency's efforts to improve security during her tenure and crediting those efforts with finding the malware at the heart of the breach in the first place. But the news of the exposure has caused a wave of fear and distrust among federal employees—with some who work in the intelligence community now concerned for their families' safety.
Archuleta defended her tenure before a Senate hearing on June 23. "I'm as angry as you are that this is happening," she said in a message to federal employees and retirees during her testimony. "I am dedicated to ensuring that OPM does everything in its power to protect the federal workforce, and to ensure that our systems will have the best cyber security posture the government can provide.” And she insisted that no one at OPM was to blame for the breaches, saying, "If there is anyone to blame, it is the perpetrators."
Today, OPM e-mailed an eight-page document outlining OPM's "Actions to Strengthen Cybersecurity and Protect Critical IT Systems" to members of the media. In the document, OPM officials asserted, "Upon Director Archuleta’s arrival, OPM engaged in an end-to-end review of its IT systems and processes. Based on that review, the agency developed a Strategic Plan for Information Technology to guide its efforts to protect its legacy systems to the maximum extent possible as it replaced them with more modern and secure systems. This plan laid out a multi-phase strategy to bolster security through realignment of professional staff, adherence to relevant laws, policies and best practices, and investments in modern tools."