Counterintelligence Agency Shrugs Off Responsibility for OPM Breach

The nation’s top counterintelligence agency is ducking responsibility for failing to identify or help address the Office of Personnel Management’s poor cyberdefenses before the massive data breach ascribed to the Chinese government, saying that wasn’t its job.

In response to a letter from Sen. Ron Wyden, D-Ore., who asked what the National Counterintelligence and Security Center had done to help OPM secure its systems or root out counterintelligence vulnerabilities, director William Evanina wrote that existing laws governing his office “do not include either identifying information technology (IT) vulnerabilities to agencies or providing recommendations to them on how to secure their IT systems.”

On Wednesday, Wyden blasted the agency for its officious response: “The OPM breach had a huge counterintelligence impact and the only response by the nation’s top counterintelligence officials is to say that it wasn’t their job,” he wrote.

“This is a bureaucratic response to a massive counterintelligence failure and unworthy of individuals who are being trusted to defend America. While the National Counterintelligence and Security Center shouldn’t need to advise agencies on how to improve their IT security, it must identify vulnerabilities so that the relevant agencies can take the necessary steps to secure their data.”

Wyden concluded his letter by repeating his stand against the Cybersecurity Information Sharing Act (CISA), a bill in the Senate that would make it much easier for companies to share personal information on users with the government, with immunity from current surveillance laws. “The way to improve cybersecurity is to ensure that network owners take responsibility for plugging security holes, not encourage the sharing of personal information with agencies that can’t protect it adequately,” wrote Wyden.