Click here to skip navigation
An official website of the United States Government.
Skip Navigation

In This Section

Our Director Director's Blog

Cybersecurity

The cybersecurity report issued today by the Republican members of the House Oversight and Government Reform Committee (HOGR) on the cyber intrusions at the U.S. Office of Personnel Management (OPM) does not fully reflect where this agency stands today.

While we disagree with many aspects of the report, we welcome the committee’s recognition of OPM’s swift response to the cybersecurity intrusions and its acknowledgement of our progress in strengthening our cybersecurity policies, and processes. We also appreciate the panel’s willingness to work with us on these important issues and find many of the final recommendations to be useful for OPM and the Federal Government at-large.

It is therefore important to take stock of our progress and outline the course we are charting for the future.

Over the past year OPM has worked diligently with its partners across government and made significant progress to strengthen our cybersecurity posture, and reestablish confidence in this agency’s ability to protect data while delivering on our core missions.

For example:

  • We require those who log into OPM’s systems to use strong multi-factor identification forms. This level of security provides a powerful barrier to our networks from individuals who should not have access.
  • We are in the process of rebuilding and enhancing the web-based application system that individuals use to provide OPM with the information we need to conduct background investigations.
  • We are one of the first agencies in the Federal Government to fully implement the Continuous Diagnostics and Mitigation program developed by the Department of Homeland Security (DHS), as well as DHS’s Einstein 3a. These initiatives allow agencies to detect and prevent cyber attacks before they can reach our systems, and continuously identify cybersecurity threats and vulnerabilities that might arise.
  • We have strengthened our legacy technology systems while developing a new, modern IT infrastructure, which will provide a secure environment for OPM well into the future.
  • We are working with our partners at the Department of Defense who are designing, building, and will operate the IT infrastructure for the new National Background Investigations Bureau, the OPM-based entity that will conduct background investigations for the Federal Government in the future. 

These are just a few of the initiatives we have underway, but there is more to this story. At OPM we recognize that cybersecurity is not just about technology – it’s about people. In addition to strengthening our technology, we have added seasoned cybersecurity and IT experts to our already talented team.

OPM has brought on a senior cybersecurity advisor who reports to the Director of OPM. We have hired a new Chief Information Officer as well as a number of new senior IT leaders. And we have centralized our cybersecurity resources under a new Chief Information Security Officer, whose sole responsibility is to take the steps necessary to secure and control access to sensitive information. We also have a strong working relationship with our Office of Inspector General.

The cybersecurity incidents at OPM provided a catalyst for accelerated change within our organization. Throughout this agency, management has embraced cybersecurity as a top priority. I am proud of the way the team at OPM rose to the challenge and appreciate the collaborative spirit with which our partners across government worked - and continue to work – side by side with us each and every day.

We hope Congress will also continue to support our efforts and provide us with the resources we need to continue to strengthen our cybersecurity posture now, and into the future.

In an increasingly interconnected world, the threats we face in the realm of cybersecurity are persistent, sophisticated and constantly evolving. To confront these threats we must remain vigilant in our quest to protect systems and information. At OPM we are committed, we are dedicated, and most importantly we are working tirelessly to continuously enhance the security of our data and fulfill our important mission for the American people.

 


Today the Administration is directing a series of actions to identify, recruit, develop, retain, and expand the pipeline of the best, brightest, and most diverse cybersecurity talent for Federal service and for our nation.

Every day, Federal departments and agencies face sophisticated and persistent cyber threats that pose strategic, economic, and security challenges to our Nation. Addressing these cyber threats has required a bold reassessment of the way we approach security in the digital age and a significant investment in critical security tools and our cybersecurity workforce. And these threats demand that we continue to enhance the security of the Federal digital infrastructure and improve the ability to detect and respond to cyber incidents as they occur. That is why, in 2009, President Obama initiated a comprehensive strategy to confront this ever-evolving challenge. The strategy brings all levels of government together with private industry, academia, international partners, and the public, to raise the level of cybersecurity in both the public and private sectors; deter and disrupt adversary activities in cyberspace; improve capabilities for incident response and resilience; and enact legislation to both incentivize and remove legal barriers to cybersecurity threat information-sharing among private entities and between the private sector and the Government. While we have made significant progress, we must do more.

The Challenge

The Federal cybersecurity workforce has the challenging mission of protecting government information technology (IT) systems, networks, and data from sophisticated adversaries; safeguarding sensitive data; supporting our Nation’s financial, energy, healthcare, transportation, and other critical systems; and securing our critical infrastructure and intelligence systems. However, the supply of cybersecurity talent to meet the increasing demand of the Federal Government is simply not sufficient. As part of a broad-sweeping review of Federal cybersecurity policies, plans, and procedures, the Cybersecurity Sprint launched by the Office of Management and Budget last year revealed two key observations about the Federal cybersecurity workforce:

  1. Federal agencies’ lack of cybersecurity and IT talent is a major resource constraint that impacts their ability to protect information and assets; and,
  2. A number of existing Federal initiatives address this challenge, but implementation and awareness of these programs are inconsistent.

Moreover, this shortfall affects not only the Federal government, but the private sector as well. Recent industry reports project this shortfall will expand rapidly over the coming years unless private sector companies and the Federal Government act to expand the cybersecurity workforce pipeline to meet the increasing demand.

The Opportunity

To address these and other cybersecurity challenges, earlier this year the President directed his Administration to implement the Cybersecurity National Action Plan (CNAP) – a capstone of more than seven years of determined effort – which takes near- term actions and puts in place a long-term strategy that builds on other cybersecurity efforts while calling for innovation and investments in cybersecurity education and training to strengthen the cybersecurity talent pipeline. As directed by the CNAP and the President’s 2017 Budget, today we are releasing the first-ever Federal Cybersecurity Workforce Strategy to grow the pipeline of highly skilled cybersecurity talent entering federal service, and retain and better invest in the talent already in public service. And it sets forth a vision where private sector cybersecurity leaders would see a tour of duty in Federal service as an essential stop in their career arc.

The Strategy establishes four key initiatives:

Expand the Cybersecurity Workforce through Education and Training. The Cybersecurity Workforce Strategy supports the CNAP initiatives that propose investing $62 million in Fiscal Year (FY) 2017 funding to expand cybersecurity education across the Nation. This funding will lay the foundation needed to ultimately address the shortage of cybersecurity talent across the country. These initiatives include offering competitive scholarships and covering full tuition for college and university students through the CyberCorps®: Scholarship for Service program; collaborating with academic institutions to develop guidance for cybersecurity core curriculum and allow colleges and universities to expand their course offerings; and providing program development grants to academic institutions to hire or retain professors, adopt a cybersecurity core curriculum and strengthen their overall cybersecurity education programs.

  • Recruit the Nation’s Best Cyber Talent for Federal Service. The Workforce Strategy initiates efforts to implement a government-wide recruitment strategy that includes enhanced outreach efforts to diverse cyber talent — including women, minorities, and veterans— from apprenticeship programs, colleges, universities, and private industry, as part of a comprehensive plan. Over the coming months we will partner with agencies to find ways to streamline hiring practices consistent with current statutes and leverage existing hiring authorities, as appropriate, to quickly bring on new talent. We will explore opportunities to establish a cybersecurity cadre within the Presidential Management Fellows program that leverages the recent success of the Presidential Innovation Fellows program and other dynamic approaches for bringing top technologists and innovators into government service. Additionally, we will explore opportunities to expand the use of new or revised pay authorities that can serve as a model for future government-wide efforts.

  • Retain and Develop Highly Skilled Talent. To improve employee retention and development efforts, the U.S. Office of Personnel Management (OPM) will work with Federal agencies to develop cybersecurity career paths, badging and credentialing programs, rotational assignments, and foster opportunities for employees to obtain new skills and become subject matter experts in their field. Additionally, the Workforce Strategy directs the development of a government-wide cybersecurity orientation program for new cybersecurity professionals to improve information sharing and employees’ knowledge of upcoming developmental and training opportunities. The Workforce Strategy also looks to increase the use of special pay authorities, and improve training and development opportunities for cyber and non-cyber employees.

  • Identify Cybersecurity Workforce Needs. Cybersecurity is a dynamic and crosscutting field, and effective workforce planning requires a clear understanding of the gaps between the workforce of today and the needs of tomorrow. The Workforce Strategy directs agencies to adopt a new approach to identifying their cybersecurity workforce gaps by using the National Cybersecurity Workforce Framework developed by National Initiative for Cybersecurity Education (NICE) partner agencies, which identifies 31 discrete specialty areas within cybersecurity workforce. Agencies are now able to better identify, recruit, assess, and hire the best candidates with specific cyber-related skills and abilities, and we are already making progress in this effort. The Federal Government has already hired 3,000 new cybersecurity and IT professionals in the first 6 months of this fiscal year. However, there is clearly more work to do, and we are committed to a plan by which agencies would hire 3,500 more individuals to fill critical cybersecurity and IT positions by January 2017.

Cybersecurity is a shared responsibility among agency leadership, employees, contractors, private industry, and the American people. And the Workforce Strategy details numerous initiatives to harness this collective power and help strengthen the security of Federal networks, systems, and assets. To address cybersecurity challenges in the immediate future, the Administration will invest in the existing Federal workforce through initiatives focused on training and retaining existing talent. At the same time, the Government will adjust the way it recruits, including the way it approaches talented students and potential employees in the cybersecurity workforce outside Federal service.

We must recognize that these changes will take time to implement, and the Workforce Strategy’s long-term success will depend on the attention, innovation, and resources from all levels of government. The initiatives discussed in this Strategy represent a meaningful first step toward engaging Federal and non-Federal stakeholders and provide the resources necessary to establish, strengthen, and grow a pipeline of cybersecurity talent well into the future.

Shaun Donovan is the Director of the Office of Management and Budget.
Beth Cobert is the Acting Director of the U.S. Office of Personnel Management.
Michael Daniel is Special Assistant to the President and Cybersecurity Coordinator.
Tony Scott is the U.S. Chief Information Officer.

Also see:


The President’s fiscal year 2017 budget and Cybersecurity National Action Plan (CNAP) released this week makes it clear that this Administration is committed to taking bold actions to protect Americans in today’s fast-moving digital world.

For OPM, the President’s budget proposal provides additional funding to continue the progress of enhancing our cybersecurity posture as well as modernizing our IT systems to meet evolving cybersecurity challenges.

During the past year, OPM acquired and deployed new cybersecurity tools that enhance our ability to rapidly identify and respond to emerging cyber threats. We also built a new modern infrastructure that strengthens the security of the environment to house our systems. The resources in the President’s spending plan will help us accelerate the movement of OPM’s current systems to this new, enhanced security infrastructure. Completing this migration will be a major step forward for OPM.

The CNAP roadmap will better enable OPM to build on our cybersecurity partnerships across government and will fortify our efforts to empower agencies to hire the cyber talent they need.

First, CNAP calls for the kind of increased collaboration between agencies that OPM has already established with DHS’s U.S. Computer Emergency Readiness Team (US-CERT) and other government partners to proactively take steps to enforce and enhance network security infrastructures.

The CNAP takes this collaboration a step further by directing DHS and the General Services Administration to increase the availability of government-wide shared services for information technology and cybersecurity.

The President wants to take individual agencies like OPM out of the business of building their own new security services or capabilities when there is an opportunity to leverage the collective strength and power of the Federal Government.

Second, the CNAP places a strong emphasis on enhancing cybersecurity education and training across the country, enabling Federal agencies to hire more cybersecurity experts now, and into the future.

A critical element of OPM’s mission is to provide agencies with the assistance and tools they need to recruit, hire, and retain cybersecurity talent. As part of this work that is already underway, OPM hosted a cybersecurity talent summit this week where we brought together human capital specialists from throughout the Federal Government to learn what tools and flexibilities can help them attract the employees they need.

The President’s budget invests in several CNAP initiatives that will help support OPM’s efforts and help create a pipeline of cybersecurity experts. These include expanding the Scholarship for Service program by establishing scholarships for Americans who want to pursue a cybersecurity education and serve their country by joining the Federal workforce. The initiative would also establish a cybersecurity core curriculum and enhance student loan forgiveness programs for cybersecurity experts who enter Federal service.

As OPM continues its journey to transform its information technology infrastructure and help agencies bring on board the talent they require to bolster their cyber workforce, we will benefit from the resources included in the President’s FY 2017 spending plan as well as the national cybersecurity mission outlined in the Cybersecurity National Action Plan.


Developing and retaining the Federal cybersecurity workforce is a top priority for OPM as we work to strengthen our Federal networks and systems and safeguard critical data in one of the most important challenges of our time. But we cannot do it alone.

Across the Federal Government, we are working together to address critical cybersecurity skills gaps and help address the higher education needs of the Federal workforce. To help accomplish this goal, we are leveraging the expertise of higher education partners we have formed alliances with in recent years, including University of Maryland University College and Champlain College.

As part of our broader effort to attract more cybersecurity talent to Federal service, I’m excited to announce the launch of a program that will help us close this critical skills gap. Champlain College’s new Master of Science in Information Security Operations is being offered at a 50 percent discount to Federal employees via the truED® alliance. This 30-credit program can be completed in 20 months, and more accelerated options may be available for highly-motivated students.

This program is one example of how our relationships with our higher education partners are shaping what is being taught in classrooms to develop future generations of Americans who aspire to public service, and inspire new programs designed to ensure that our Federal workforce continues to be high-performing, well-prepared, and well-trained.

The M.S. in Information Security Operations is an advanced program taught by specialists in the field and is designed to marry tactical abilities with strategic expertise at the operational level. This program is also designed to help security professionals advance and hone their ability to successfully prevent, respond to, and mitigate threats. The program delivers hands-on learning that directly applies to the challenges and responsibilities Federal information security professionals face each day.

For more details on the M.S. in Information Security Operations, you may call 1-877-887-3960 to talk to an admissions representative at Champlain College or register to attend one of the free upcoming Federal informational webinars:

Since April 2015 when OPM partnered with Champlain College to provide Federal employees, their spouses, and legal adult dependents access to top-rated, affordable post-secondary education in high-demand fields, nearly 1,000 Federal employees from agencies across government have enrolled in courses through truED.

Champlain College is designated a National Center of Academic Excellence in Information Assurance Education by both the U.S. National Security Agency and the U.S. Department of Homeland Security.

I hope Federal employees across government will consider taking advantage of this new degree program and other educational opportunities with our partners.

Dark blue background. A white outlined earth with blue colored lands and oceans. The earth contains a white lock.


I’m pleased to report that we have established a verification center to help individuals who have had their information stolen in the malicious cyber intrusion carried out against the Federal Government.

This verification center will help those who believe their data may have been taken but have not received a notification letter from the government. The center will also assist individuals who have received a letter letting them know they were impacted by the background investigation records intrusion, but who have lost the PIN code that allows them to sign up for the free services that the Federal Government is providing.

The notification process is still underway. We are sending out about 800,000 notification letters each day and we are on schedule to finish the mailing in the next two weeks.  If you do not receive a letter by the middle of December, either the government could not identify a valid address for you after using both government and commercial data sources, or our records indicated that your Social Security Number was not compromised in the intrusion.

So far nearly 1.2 million individuals have enrolled in the credit monitoring and identity protection services that the Federal Government is offering for three years, free of charge, to those individuals whose data was taken, and to their minor dependent children.

We want to make sure that all those impacted are notified and have the opportunity to take advantage of these services. So I urge anyone who has not received a letter by the middle of this month and who believes his or her data may have been taken, to reach out to the verification center so we can confirm your correct address and send you a letter. Once you submit your information, you should receive a response in about two-to-four weeks.

You can access the online verification center through a link at OPM’s cybersecurity resource center – www.opm.gov/cybersecurity. Or, you may call 866-408-4555 Monday through Friday between 9 a.m. and 9 p.m., Eastern Time, to speak to an agent.

OPM and our partners across government continue to work hard every day to protect the safety and security of the information of Federal employees, contractors, and others who provide their information to us. The verification center is one more way we are working to help those who were impacted by the background investigation intrusion receive the services available to them.

Graphic with blue background. Headline: LEARN MORE AT. Subhead: OPM.GOV/CYBERSECURITY.  


Control Panel

Unexpected Error

There was an unexpected error when performing your action.

Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.

Working...