Security VARs: OPM Director's Resignation Serves As 'Wake-Up Call' For Prioritizing Security

Solution providers are calling the resignation of federal Office of Personnel Management Director Katherine Archuleta "a wake-up call" for prioritizing security as a top investment.

Archuleta announced her resignation Friday, one day after it was revealed that a pair of cyberattacks on the U.S. government's personnel agency that were discovered in May had compromised the personal information of more than 21 million people.

"If this isn’t a wake-up call, more people need to fall on the sword here," said Douglas Grosfield, president and CEO of Xylotek Solutions, a Cambridge, Ontario-based solution provider. "As a CIO, it is your responsibility to employ the technologies to prepare for these kind of things. … It has to be a wake-up call. Organizations of any kind have to really look at this stuff and make a strategic decision, rather than a business decision focusing just on the cost and taking an ostrich approach, with their heads in the sand, hoping 'this won't happen to me.' "

[Related: Massive Federal Breach Impacts 21.5M People, Highlighting Need For More Government Security Investment]

id
unit-1659132512259
type
Sponsored post

After a deep, interagency investigation, it was found with "high confidence" that 21.5 million individuals were affected by a pair of cyberattacks, including 19.7 million individuals who had applied for a background check and 1.8 million others associated with those applicants.

The information exposed includes sensitive background information, including Social Security numbers, residency and educational history, employment history, information about immediate family and other personal and business acquaintances, health, criminal and financial history, and more. Of the total individuals affected, 1.1 million individuals had their fingerprint information exposed, the investigation found.

President Barack Obama personally accepted Archuleta's resignation Friday morning after many political figures called for her to step down. Beth Cobert, deputy director for management at the Office of Management and Budget, will take over as interim OPM director, according to officials.

Xylotek Solutions' Grosfield said the revelation of the extent of the breach brought attention to the need to approach security on many levels.

"Security is a moving target, and the risk has to be mitigated in a layered approach," Grosfield said. "To hear of a breach like that, it sounds like there must have been multiple points of failure, as employees' Social Security numbers were compromised. That isn’t sitting somewhere on a server in a demilitarized zone. That's internal stuff that should have been protected. Technology exists to protect inbound threats."

Steve Halligan, president and chief operating officer of Washington, D.C-based N2Grate, a data center and cloud solutions provider in the federal IT market, said security funding should be a "top priority because the ramifications are so great." He said customers should first plan their security approach and funding before allocating other things on their priority list.

Halligan said breaches such as this should sway organizations to prioritize cybersecurity as a top need, but expressed doubt that that will be a reality.

"This one hits closer to home on personal information in a government agency," he said, but "I don't see this being a compelling event to change federal security posture."

Archuleta had been at the head of the OPM since November 2013.

PUBLISHED JULY 10, 2015