OPM to federal agencies: We got hacked, but you have to help pay for the response
After
it failed to safeguard millions of files filled with sensitive personal
information, the government’s personnel office is now telling other
federal agencies they will be expected to cover the costs of responding
to the massive computer breach.
The cost of addressing the breach
– which compromised security clearance files affecting 21.5 million
federal workers, military personnel and contractor employees –
represents an unanticipated expense hitting late in the government’s
fiscal year, when agency budgets are especially tight. And
agencies whose employees have been put at risk should expect to absorb
even more costs in the future, according to a previously undisclosed
memo from the Office of Personnel Management, whose systems were
breached.
“Given the limited resources available to OPM at this
time to deal with a contract of this size, agencies will be asked to
contribute FY 2015 funding to cover the first full year’s costs of
credit monitoring and related services / benefits” for the incident,
wrote acting OPM director Beth Cobert.
The breach involves highly
personal information on virtually everyone who applied for a security
clearance or had one renewed since 2000, and in some cases before.
OPM
has come under intense fire from employees and lawmakers over the
failure to prevent several computer breaches and over the response to
those hacks. The agency’s director, Katherine Archuleta, resigned under
pressure earlier this month.
Some federal employees were taken
aback after officials from government agencies were informed at a
briefing late last week that they would be expected to pay for the costs
of responding to the breach of the security clearance database.
“My
mouth dropped open when I read this. I get the fact that the money has
to come from somewhere, but, man, oh man,” said a federal official, who
was not authorized to speak on the record on the matter.
The
amount of the costs is still unknown, since OPM has not yet issued a
contract to notify and provide services to those affected by the
clearance files breach.
For
a separate breach involving personnel records of some 4.2 million
current and former federal employees held for OPM on computers at the
Department of Interior, the cost of sending notices and providing
services was $21 million. OPM and Interior paid for that contract, but
officials said they cannot afford to cover what could be much higher
costs to address the breach of the security clearance database.
The
Office of Management and Budget “fully supports the decision for cost
sharing across all agencies given these circumstances,” wrote Cobert,
who was transferred from her post as OMB deputy director for management
after Archuleta stepped down.
The
decision by senior Obama administration officials to distribute the
costs across the government means that agencies will have to find
potentially substantial savings in their budgets late in the current
fiscal year.
Typically, when agencies must find such savings,
they look to cutting administrative costs, such as employee awards,
training and travel, and overhead such as office equipment. Those
accounts, which in many cases already are pinched by years of budgetary
restrictions, also pay employee salaries. While salaries could not be
cut, restrictions on those accounts could translate into pressure to
hold down the number of employees.
Finding the funds will be all the more difficult since there are now barely two months left in the budget year.
In
addition to paying costs for credit monitoring, personal identify
protection and other measures related to the hack of the the clearance
files, the memo says, agencies will be charged higher rates for OPM to
process clearance applications on their behalf, retroactive to the start
of this fiscal year.
It
adds that while the total costs won’t be known until the second
contract is issued, “OPM is currently working to approximate each
agency’s portion of the total number of individuals impacted and we are
gaining more information on the anticipated cost per person in the
coming week based on requirements.”
No comments:
Post a Comment