Skip to page navigation
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. / News / Speeches & Remarks

Speech of Acting OPM Director Beth Cobert

DIA Intelligence Information Systems Conference

Atlanta, Georgia

August 2, 2016

As prepared for delivery
Good morning! Thank you, Kelly (Fitzpatrick), for that introduction and for your work at the Defense Intelligence Agency. I’m told that you’ve been there just a year since graduating from the University of Arizona and are already working on two innovation projects for the Chief Technology Office. I think we can all agree that we need more talented people like Kelly working in CIOs. And I’m glad that she’s working for the Federal Government!

I’m honored to have been asked to address you today at this premiere conference for IT and cybersecurity professionals. I want to talk to you about three issues I see as fundamental to the work government and industry are doing in this challenging and ever-changing time to be involved in cybersecurity.

First, for the Federal Government as a whole to continue making progress on cybersecurity, we have to form closer working relationships across our different agencies and disciplines. OPM’s work with our interagency partners on responding to our cybersecurity challenges and charting a course for the future is a clear example of a more efficient and creative partnership between government entities. This must also include a closer and more significant collaboration with the private sector.

Second I want to talk to you about what OPM is doing to help agencies across government meet the challenge of finding the IT and cybersecurity talent we all need to fulfill our missions. And I’ll describe how the work we’re doing in this area will help build a pipeline of cyber talent for the future that will benefit government and industry alike.Finally, I want to describe what we’re doing to improve a system that most everyone in this room – including myself – has come in contact with – the security clearance process. I’ll fill you in on what we doing to help get the talent you need cleared and how the new government-wide service provider we’re developing to conduct background security investigations will result in a more effective, efficient, and accountable process.

But first, I thought I would tell you a little bit about myself – and how I came to be leading the team of people that is making these initiatives happen.

As Kelly said, before I joined the Federal Government in 2013 I spent 29 years as a director and partner at McKinsey & Company. So on one level it’s surprising that I would be standing before such a distinguished group of IT and cyber experts. I’ll bet that if someone told you two years ago that the head of the Office of Personnel Management would be addressing this conference you would have thought it a bit odd.

But actually, it’s entirely appropriate that we have this time together today. When I joined the Office of Management and Budget in 2013, I immediately began working on cyber issues, particularly in my role as chair of the President’s Management Council – or PMC as it is commonly referred to. In fact, when we analyzed what the PMC spent most of its time on, the single biggest topic was cyber, particularly when it came to bringing cyber to the top of senior leadership’s priority list.

And of course, there were the series of events that led to my move to OPM in the summer of 2015. We’ve tried to learn from our experiences and have fundamentally improved the security posture at OPM so that we can have effective program system defense in a world of evolving threats.

It has been a challenge to make that transition while recognizing that we cannot operate on a classified system. We and most of our Federal partners need to interact with the public. At OPM, the public needs to be on our systems to apply for jobs or provide us the information needed for a background security clearance. For example, at Health and Human Services, the public needs to apply for Medicare using their systems. At the Social Security Administration, the public needs to apply for retirement benefits on their system.

So the challenge we face is even as we know that there are many different kinds of people out there who would like to go after the information in our system, how do we serve our missions and interact with the public in a safe and secure way.

OPM is a case study in how after the malicious cybersecurity intrusions against the Federal Government, experts from across government came together to provide support, innovative ideas, and the resources we needed to work the problem. We especially received support from NSA, FBI, DoD, OMB, the Department of Homeland Security, and many others. Our interagency partners worked side by side with our OPM team. DHS and the National Security Agency helped us figure out what happened and how we could better defend ourselves.

It’s a relationship that continues to this day. We now have NSA and DoD staff working on the fourth floor. They’ve been assigned to us to share their best practices and help our talented team from OPM as we continue the work to strengthen our systems now and for the future. We are also partnering with DoD’s CIO and the Defense Information Systems Agency as we develop the next generation of cybersecurity architecture and the systems architecture for the National Background Investigations Bureau, which I’ll talk more about in a few minutes.

As you know in January of this year, the Federal Government announced the establishment of a National Background Investigations Bureau to fundamentally change and strengthen how the government conducts background investigations. Through the NBIB, the background investigations process will continue to be housed within OPM. But DoD will be responsible for designing, building, securing, and operating the IT systems for NBIB.

An interagency transition team is working hard to stand up this new entity and the relationship between OPM and its partners in this work is a perfect example of effective collaboration. The collaboration exists at all levels – from the daily communication among the staff to high-level meetings at the Pentagon once, and sometimes twice a week. This is not an add-on responsibility for the people shepherding through this start-up. These are dedicated staffers assigned to building this team and this relationship and who are making remarkable progress each and every day. I’ve also been spending more time at the Pentagon than I had ever imagined I would. I’m there so much I’ve even thought about bringing my dry cleaning and doing some of my shopping there.

I want to mention one more important aspect of collaboration and that’s the critical importance of collaboration across disciplines. To respond to the challenges of cybersecurity, we cannot just collaborate with the CIO. We need people who understand the law, who understand privacy, who understand how people think. It’s crucial that system users continue to be trained and that we work across the security spectrum to establish effective Insider Threat programs. We need a series of partners, each of whom brings their own set of unique capabilities. We need to work with all of them to be successful.

Let me give you an example. When we talk at OPM about our collaboration with DoD, we are talking about a number of different groups, not just DISA. For one, we are leveraging the contracting expertise at NAVSEA as well as the Air Force. I’m pretty sure that everyone in room got a nice holiday letter from me last year outlining the credit monitoring services available in the aftermath of the breach. We needed the services of DFAS to print that letter and DLA to mail them. Folks will tell you that I’ve instituted a new rule at OPM that no one can refer to DoD anymore unless they are talking about the secretary. Tell me exactly what group or division you are referring to, as each one contributes its own expertise and value.

I started out this talk focusing on collaboration but not just because it’s a major theme of this conference. It’s because one of the clearest lessons I’ve learned from my work, first at OMB and especially since I’ve been at OPM, is that all leaders – whether in the government, academia or industry – need to be engaged together in and focused on cybersecurity. You are the best ambassadors for that message – whether it’s at conferences like this or among your peers throughout government.

Often we think just about the obvious classified nature of the information housed by national security and intelligence community agencies. But there is lots of information across government – from the Department of Education to Treasury to Health and Human Services – that is sensitive and also needs to be guarded. We need to leverage your valuable expertise to help us protect that information. Just as OPM has partnered with you in the effort to secure our systems, we need to find ways to learn from you and to take a whole of government approach to this work. And just as we’re asking you and your peers to help us get all of government engaged in collaborating on cybersecurity, we’re using our expertise at OPM to help bring more IT and cybersecurity talent into government.

That brings me to something that is a high priority for this President and for the Administration – investing in and growing cybersecurity and information technology talent. Earlier this year the president released his Cybersecurity National Action Plan – or CNAP. Included in that sweeping agenda is an emphasis on hiring, training, and retaining an excellent Federal cybersecurity workforce.

As part of CNAP, the President proposed investing $62 million in FY 2017 to expand cybersecurity education across the nation. He specifically referenced the CyberCorps Scholarship for Service program that has so far graduated 2,000 scholars. And 97 percent of them have been placed in government positions. We’re grateful that the Intelligence Community uses this program and some of your agencies have participated in our annual job fair.

Last month, OPM released its cybersecurity hiring strategy. One of its goals is to make it easier for agencies to leverage existing hiring authorities and pay authorities and flexibilities to help them bring in the top talent they need. The Intelligence Community is also a leader in this. For example, the NSA has used its pay flexibilities to establish specific pay rates for certain STEM positions, including IT and cyber.

In an effort to promote and recognize the skills and achievements of the cybersecurity professionals we bring into government, we are also modeling a government-wide cybersecurity professional credentialing framework after some highly successful examples in the military. When someone says they are a Navy Seal or Army Ranger, we immediately know that means they have special advanced skills; that they are at the top of their game.  We are working on developing badges that will provide our cyber professionals with that kind of recognition. So when someone says they are a cyber-defender, cyber warrior, or cyber investigator, their level of expertise will be instantly understood and recognized. In addition, DoD, working with OPM, is developing an excepted Cyber Civilian Hire Service for these specialized areas. This will mirror the excepted service for the intelligence field.

Now we all know that across government, the private sector, and in academia, the need for cybersecurity talent has grown faster than our ability to meet it. None of us will succeed in securing the employees we need to fulfill our missions unless we grow the pie of talent, not continue to keep sharing it. And so the cybersecurity plan invests in education and training and outreach to encourage more people to join this discipline.

Beyond that, I see a real opportunity here, particularly given individuals’ changing employment patterns. The days when someone chose between a lifelong career in government or the private sector are by and large gone. So are the days when someone went to work for one company or agency and stayed there for decades, particularly among the next generation of workers.

We’re working on hiring policies and talent development strategies that will make it easier for cybersecurity professionals to go back and forth from sector to sector, and to do so multiple times. Yesterday I spoke here in Atlanta with a group of college and university leaders who are educating the next generation. I told them that we need talent from their institutions to set their sights on careers in IT and cybersecurity.

We’ve also signed agreements with colleges and universities across the country to provide discounted tuition to Federal employees and their families. Partnerships with such institutions as the University of Maryland University College and Champlain College in Burlington, Vermont have taken hold. For example, employees at the National Geospatial Agency and the CIA have taken advantage of these tuition breaks. These programs will help us develop the existing workforce. Rotational assignments – something that the IC and DoD are also leading in – are another example of the way we are building and sustaining the cybersecurity talent already in government.

Finally today, I want to update you on the work we’re doing in the short term and long term to bolster the security clearance process. As I said, we are working to stand up the new government-wide National Background Investigations Bureau. At the same time, we are working to improve the timeliness and sustain the quality of background investigations for security clearances. When it comes to the backlog, we have implemented a number of initiatives that are helping us turn the corner: We have expanded Federal hiring. Our goal is to bring on an additional 400 Federal agents. As of today we have 237 new agents in the field across the country. We have also brought back retired agents and are using overtime to increase production. And, we continue to work with our contractors to build more investigative capacity.

OPM, along with the DNI, USDI and our other PAC members is working on accelerating the adoption of a continuous evaluation program for eligibility for access to classified information. As another initiative, we are working closely with 18F to develop a new, more responsive replacement for e-QIP. Let me be clear. We are working very hard at this every day and we still know that we have more work to do to get where we want to be.

We’re doing this work on bolstering investigative capacity even as we work to fulfill our ambitious plan to stand up the NBIB by Oct. 1 as the foundation for continuous modernization of the security clearance process. The continuing focus on automation and building smarter systems that leverage Big Data provides a brighter future for this mission space. Here again, both the work going on during the transition to this new entity and the structure of the new bureau are examples of exemplary interagency cooperation. These efforts will result in a stronger, more effective, and more accountable Federal Government background security investigations process and enable us to maintain the highest security of the information collected for these investigations.

I’ve walked through the ways we can all collaborate both within government and between government and industry to make progress on our cybersecurity challenges. I’ve talked about how we can grow and sustain the pool of cybersecurity talent we need to meet those challenges and fulfill our missions. And I’ve explained what OPM and our interagency partners are doing to strengthen the background investigations process and to stand up the new National Background Investigations Bureau.

I hope you come away from my remarks today with a clear understanding of how seriously we take our responsibility to move on these challenges and how important it is that we continue to work together. As you know, OPM has many responsibilities in serving our customers. We provide agencies with the tools they need to hire the talent they need. We provide access to high quality, affordable health benefits to Federal employees. We provide excellent customer service to our retirees and their families. And, we provide high-qualify investigations results in the awarding of security clearances for 95 percent of the Federal Government.

To succeed in meeting each of these aspects – and more- of our mission, we must make sure that our information technology is reliable and accountable. We can’t accomplish this mission alone. Everyone in this room can serve as ambassadors in the cause of partnering across government and with industry so we can all improve when it comes to cybersecurity. We need all of you to be part of the solution to the challenge of building, training, and sustaining the cybersecurity infrastructure and workforce of the future.

I want to thank you again for inviting me to be with you today. I appreciate you devoting so much time at your conference to the absolute need for collaboration within our own agencies, throughout the Federal government and with our colleagues in industry.  The better all of our systems and safeguards are, and the better the cybersecurity workforce is throughout the Federal Government and the private sector, the more we can spot issues early and prevent problems before they happen. That puts us in a better national security posture.

My OPM experience has taught me how much we can raise our game with focus from our senior leadership, commitment from our team at every level of our enterprise, and support from our partners. I look forward to our moving ahead together on this important national challenge. Thank you.

Control Panel