A government watchdog, who repeatedly raised warnings about computer security at the Office of Personnel Management both before and after breaches of its databases containing personal information on millions of people, has announced his retirement.
“It has been my great honor to be the longest serving Presidentially-appointed and Senate-confirmed Inspector General in the Federal Government,” he wrote in a resignation letter Monday to President Obama, effective Feb. 19.
The watchdog’s role at OPM commonly is low-key — conducting routine audits of federal employee health insurance providers, for example — but McFarland became a prominent figure last year after OPM discovered that personnel files and background investigation databases had been hacked in 2014.
The two thefts together involved identifying information on some 22 million current and former federal employees, military personnel and government contractor employees, plus others investigated as they sought access to certain government facilities. The files of those investigated for security clearances further included highly sensitive personal information that must be disclosed on those applications, and fingerprints of more than 5 million people also were stolen.
McFarland’s work became a key part of congressional investigations into the breaches, with members of both parties stressing that he had previously warned that the databases were vulnerable to just the sort of breaches that ultimately occurred. Soon after the first of those hearings, he issued an urgent report warning that the security upgrade intended to prevent a repeat was itself vulnerable.
[interstitial_link url="https://www.washingtonpost.com/news/federal-eye/wp/2015/06/23/effort-to-improve-security-for-federal-employee-records-at-high-risk-of-failure-audit-finds/"]Computer system that detected massive government data breach could itself be at ‘high risk,’ audit finds[/interstitial_link]
A later report complained that OPM’s Office of the Chief Information Officer had “hindered and interfered with” his office’s oversight of the project and had given the IG “incorrect and/or misleading information.”
[interstitial_link url="https://www.washingtonpost.com/news/federal-eye/wp/2015/08/06/opm-officials-hindering-scrutiny-of-hacked-computer-systems-auditor-says/"]OPM officials hindering scrutiny of hacked computer systems, watchdog says[/interstitial_link]
A still later report again criticized the upgrade, saying that agency management “did not take the time to complete the necessary planning, budgeting, and technical analysis before initiating this massive undertaking.”
[interstitial_link url="https://www.washingtonpost.com/news/federal-eye/wp/2015/09/14/opm-response-to-cyberbreach-challenged-again/"]OPM response to cyberbreach challenged again[/interstitial_link]
Yet another report challenged how OPM contracted to provide identity monitoring and other services to victims of the personnel files breach; similar services are available to victims of the background investigations breach through a separate contract with a different provider.
In the midst of the investigations by Congress and McFarland, then-OPM Director Katherine Archuleta resigned and was replaced on an acting basis by Beth Cobert, an Office of Management and Budget official. Cobert has since been formally nominated; a confirmation hearing is scheduled Thursday.
Cobert and other administration officials recently announced that control of the background investigation files would be shifted to the Defense Department, even as a new entity is to be created within OPM to perform those checks.
[interstitial_link url="https://www.washingtonpost.com/news/federal-eye/wp/2016/01/22/pentagon-to-take-over-control-of-background-investigation-information/"]Pentagon to take over control of background investigation information[/interstitial_link]
In his letter, McFarland said that Cobert “appears to have wrapped her arms around the multitude of challenges currently facing OPM. Further, she seems to be arduously striving to institute high standards of professionalism as she works to reinvigorate this great agency.”
“However, she cannot achieve the goals she has set for herself and for OPM without a permanent and independent Inspector General who will tell her the unvarnished truth about any shortcomings the OIG may discover,” he added, recommending that Deputy IG Norbert Vint be nominated to replace him.
Cobert said in a statement that “OPM values greatly the mission of the IG, and the role Pat has played, in providing input and oversight of OPM services and programs. Pat’s leadership and contributions to this agency and its directors over the past 25 years have been a tremendous asset to OPM and the federal government.”
