At this critical time as OPM and its government-wide partners work to strengthen the Federal Government’s cybersecurity posture, I’m excited to once again answer the call to public service.
Let me tell you a little bit about myself. I began my cybersecurity work as an officer in the U.S. Army Signal Corps after graduating from the United States Military Academy at West Point.
After my military career, I continued my IT security work in civilian life, working with some of America’s largest companies and industry leaders in telecommunications, oil field services, tractor, automotive, and aerospace industries. Before accepting Acting Director Cobert’s request that I return to serving the American people, I was a managing partner at SteelPointe Partners, a global management consulting company.
As OPM’s new Senior Cyber and Information Technology Advisor, I am committed to working in collaboration with the talented team at this agency, our partners across government, and our stakeholders to continue efforts to strengthen our cybersecurity posture and provide assistance to those affected by the recent cybersecurity intrusions.
All of us have an important role to play in securing our systems and protecting our information, and I am looking forward to supporting these critical efforts across the Federal Government.
I am eager to help support OPM’s ongoing response to the cybersecurity incidents, complete the development of OPM’s IT infrastructure improvement project, which will help further guard against and mitigate future incidents, and provide recommendations to Acting Director Cobert for further measures we can take. I believe we can best secure the agency’s IT architecture by leveraging the talent and resources of this agency along with those who have been supporting us across the Federal Government and the private sector. We cannot define and provide the best solutions alone.
OPM, in partnership with other organizations such as DHS and the FBI, has identified many positive actions to enhance the security posture of the agency, and several of those have been completed or are near completion.
Two-factor “strong-authentication” for all of our users within the agency was a major effort that is now completed. We have also expanded continuous monitoring of all our systems, and deployed additional advanced network security technologies. These actions have significantly improved our perimeter and internal security controls. I look forward to continuing down this path of progress as we work on additional opportunities to enhance the security and performance of our systems.
I look forward to continuing OPM’s commitment and relentless dedication to protecting its valuable IT systems and information. I appreciate Acting Director Cobert and her team’s confidence in my ability to make a contribution to this important work.
Together, I know we will continue to provide a comprehensive response to the cybersecurity intrusions into OPM’s systems, and continue to develop OPM’s IT infrastructure, thereby serving the needs of OPM’s customers and protecting the safety and security of its data
Clifton Triplett is the Senior Cyber and Information Technology Advisor at the U.S. Office of Personnel Management.
It’s been an exciting and busy first two weeks for me as the new Acting Director of the U.S. Office of Personnel Management. I will be regularly using this space to share the latest news about what we are doing to address one of my top priorities for OPM – our response to the recent cybersecurity incidents. As we make progress on this front, I also will be highlighting the achievements of OPM’s dedicated team that is working every day to fulfill the agency’s mission: to recruit and develop a world-class Federal workforce.
First, this week we were able to bring back online the system that we use to process background investigation forms for Federal employees and Federal job applicants. We had shut down the e-QIP system temporarily on June 26 after we discovered a vulnerability during a comprehensive security review of OPM’s information technology systems. Even though we didn’t find any malicious activity, we took this step in order to be proactive and to fortify the system’s security controls.
Cybersecurity expertise from across the Federal and private sectors was brought to bear to remediate and test the e-QIP system. Thanks to the hard work of OPM staff, in collaboration with our interagency partners at the Department of Homeland Security and the Office of Management and Budget, we were able to bring the system back online with enhanced security features in less than four weeks.
Second, we continue to build on our efforts to support members of the Federal family whose personal information was stolen in the cyberintrusions. We have just added some helpful features to our online resource center at opm.gov/cybersecurity in response to feedback from users.
The website is now easier to navigate and specific information is easier to find. We’ve added a “Recent Updates” section and a “Stay Informed” feature, plus tools such as an RSS feed allowing users to get automatic alerts when new information is posted. Our agency partners and outside organizations can now place a digital badge on their own websites that will link their users to OPM’s online resource center. Please visit this website to get the most current information about the incidents and about steps individuals can take to protect themselves from cybercrime.
Being new to OPM, I recently took the agency’s IT Security and Privacy Awareness Training. The training was a good reminder that using cybersecurity best practices is a responsibility we all share and that we must remain on guard against phishing emails and other threats that are ever present in today’s digital workplace.
Even as we keep cybersecurity front and center, I am looking forward to working with our talented and hard-working team at OPM to fulfill the agency’s mission of supporting and providing exceptional service to our Federal family. We have multiple plans and programs underway to improve the hiring process for Federal jobs, to develop top-drawer training and leadership programming, and to collect and process rich data sets that lead to greater employee engagement, to name just a few. The Federal Government is counting on OPM to deliver. And I know that we will.
As we at OPM and our partners across government work quickly to investigate the nature and scope of the cyberattacks that invaded our network and systems, I want to make sure that our Federal employee family knows that I continue to work each and every day to make sure that the data OPM is entrusted with protecting is secure now and for the future.
I am as concerned as our Federal workforce by these cyberintrusions, and I want employees to know we are redoubling our efforts to make sure our systems are as secure as possible. We know that our adversaries are sophisticated, well-funded, and focused. We know this because in an average month, OPM thwarts millions of attempts to break into our network.
Before I detail the work my OPM team is doing to upgrade our aging systems, to investigate the cyberintrusions, and to plan for the future, I want to make sure all Federal employees know that OPM has continued to operate with strong confidence in the security of the data it handles.
So how did we get here? In November of 2013, when the President honored me with the assignment to lead the men and women of OPM, I quickly realized that the agency’s outdated, legacy system needed to be modernized. My team got to work on the comprehensive IT Strategic Plan during my first 100 days as OPM Director. That plan clearly identified security vulnerabilities in our aging systems. We immediately began an aggressive modernization and security overhaul.
It was because of that overhaul and the tools we put in place to strengthen our cybersecurity that OPM -- working with our partners at the Department of Homeland Security and the Federal Bureau of Investigation -- was able to detect the cyberbreaches of personnel and background investigations data. That work continues, and continues aggressively. We have upgraded our network monitoring and logging capability and added firewalls that allow OPM to better filter network traffic. The remote access for our network administrators has been restricted.
On June 4, we publicly announced that we believed that the personally identifiable information (PII) of about 4 million current and former Federal employees had been compromised. Almost immediately, we began notifying those affected and they are getting access to credit monitoring and other services they may need. As the investigation has proceeded, we recently confirmed that OPM systems containing information related to the background investigations of current, former, and prospective Federal employees may have been compromised. We are working intensively to assess the scope of that attack and we will notify affected individuals as soon as possible.
Each and every day, as we work through the challenges of investigating these attacks and aggressively work on the redesign of our computer network, I am thinking about the millions of men and women who work – and who have worked – to serve the American people.
Our OPM team knows that you have entrusted your sensitive personal information to us. It is a trust we will continue to honor and one that is foremost in our minds as we do the critical work necessary to prevent, detect, and thwart future cyberattacks.
Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. There is no indication that Heartbleed has been used against OPM.gov or that any personal information has ever been at risk. However, we are asking users to change their current password for e-QIP applications out of an abundance of caution to ensure the protection of your information.
There was an unexpected error when performing your action.
Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.