[Congressional Record (Bound Edition), Volume 161 (2015), Part 7]
[House]
[Page 9691]
[From the U.S. Government Publishing Office, www.gpo.gov]




               OFFICE OF PERSONNEL MANAGEMENT DATA BREACH

  (Mr. LANGEVIN asked and was given permission to address the House for 
1 minute and to revise and extend his remarks.)
  Mr. LANGEVIN. Madam Speaker, in the past 2 weeks, we have learned 
that the data millions of Americans entrusted to the Office of 
Personnel Management have been taken as a result of a cybersecurity 
breach.
  It did not have to happen this way. Since 2007, OPM's inspector 
general has documented repeated deficiencies in information security 
practices. Yet OPM's response has been glacial, and its systems remain 
antiquated. It was only after a security breach last year that OPM 
finally, in its 2016 budget request, asked for additional funds for the 
Office of Chief Information Officer. Well, it is about time.
  The question we need to ask, though, is: Why did OPM underinvest in 
cybersecurity before that breach happened? While I would hope that we 
find a definitive answer during oversight hearings, there is one thing 
that certainly contributed to the problem. There was no one in charge 
of cybersecurity with both policy and budgetary authorities to compel 
action.
  Even as we rely on agencies to be primarily responsible for 
protecting their networks, we lack a Federal cyber coordinator with 
budgetary authority to review agency spending and security plans. My 
Executive Cyberspace Coordination Act would remedy this by providing 
for a Senate-confirmed independent officer with the power to compel 
agency action.
  Let's get this done.

                          ____________________