TRENDING:

Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

Beleaguered OPM CIO Departs

Donna Seymour Criticized, Praised for Response to Office of Personnel Management Hack Eric Chabrow (GovInfoSecurity) • February 22, 2016    
Beleaguered OPM CIO Departs
Donna Seymour

Donna Seymour, who served as chief information officer of the Office of Personnel Management when word surfaced nearly a year ago that a breach at the agency exposed the personal information of 21.5 million individuals, is stepping down.

See Also: Deception-Based Threat Detection: Shifting Power to the Defenders

Seymour's departure, characterized as a retirement unveiled Feb. 22, received mixed reaction from the leaders of the House Oversight and Government Reform Committee, in which panel Chairman Jason Chaffetz, R-Utah, criticized her and then agency director, Katherine Archuleta, for failing to adequately and speedily address vulnerabilities in OPM's IT system raised by the agency's inspector general (see Members of Congress Intensify Criticism of Agency).

'Turning Point for OPM'

Archuleta resigned last July and was replaced by Federal Chief Performance Officer Beth Cobert as acting director, who President Obama nominated to be the permanent director (see Archuleta Resigns as OPM Director).

Chaffetz called Seymour's retirement "good news and an important turning point for OPM."

"While I am disappointed Ms. Seymour will no longer appear before our committee this week to answer to the American people, her retirement is necessary and long overdue," Chaffetz said, referring to a scheduled Feb. 24 committee hearing on the breach. "On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency."

But the ranking member of the committee, Democratic Rep. Elijah Cummings of Maryland, took issue with Chaffetz's description of Seymour. Cummings pointed out that the breach of the OPM system was underway when Seymour took office in December 2013 and that a number of experts had commended Seymour for her work to detect the attack and to take strong remedial measures in its wake. "Unfortunately," Cummings said, "efforts by Republicans to blame her for the cyberattack on OPM are both unfair and inaccurate, and they set a terrible precedent that will discourage qualified experts from taking on the challenges our nation faces in the future."

'Significant Progress'

Cobert, in an email to agency employees obtained by several news organizations, said Seymour "inherited enormous information technology challenges that were years in the making." Cobert credited Seymour for making "significant progress" in addressing those challenges.

At her confirmation hearing earlier this month, Cobert said OPM was systematically addressing three core cybersecurity deficiencies identified by the agency's inspector general as contributing to the massive data breach, which officials say originated in China (see Nominee Explains OPM's Recovery from Massive Breach). "Focusing on cybersecurity, protecting OPM systems and data, and providing services to individuals who were affected had been my highest priority since joining OPM; it will remain my highest priority if confirmed," Cobert testified before the Senate Homeland Security and Governmental Affairs Committee.

Previous
Apple-FBI Battle: Where the Presidential Candidates Stand
Next
Apple, FBI Escalate Crypto Fight

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.