[Congressional Record (Bound Edition), Volume 161 (2015), Part 8]
[Senate]
[Pages 10377-10378]
[From the U.S. Government Publishing Office, www.gpo.gov]




                             CYBER SECURITY

  Mr. McCONNELL. Mr. President, on another matter, here is a headline 
from an Associated Press article that ran yesterday: ``Federal Agencies 
Are Wide Open to Hackers, Cyberspies.'' That headline is scary enough, 
but read just a little further, and it gets even worse.

       Passwords written down on desks. Outdated anti-virus 
     software. ``Perceived ineptitude'' in information-technology 
     departments.
       The federal government, which holds secrets and sensitive 
     information ranging from nuclear blueprints to the tax 
     returns of hundreds of millions of Americans, has for years 
     failed to take basic steps to protect its data from hackers 
     and thieves, records show. In the latest example, the Office 
     of Personnel Management is under fire for allowing its 
     databases to be plundered by suspected Chinese cyberspies in 
     what is being called one of the worst breaches in U.S. 
     history. OPM repeatedly neglected to implement basic 
     cybersecurity protections, its internal watchdog told 
     Congress.

  Let me repeat that--``one of the worst breaches in U.S. history.'' If 
you are looking for something scary to tell the kids around the 
campfire tonight, I would suggest reading the rest of the article. It 
gets a lot worse. To call this alarming would be quite an 
understatement.
  So when the head of the agency that allowed that big breach to happen 
testified before a Senate subcommittee yesterday, you would think she 
would have come with a detailed action plan. You would think she would 
have announced that heads were rolling. You would think she said this 
could never ever be allowed to happen again under her watch. That is 
what the American people expect when a breach happens in the private 
sector and information is stolen. Why should they not expect as much 
from the public sector? But what did we hear instead? World-class buck-
passing. World-class buck-passing. A complete lack of accountability 
and urgency. That tired and predicable excuse that the absence of 
leadership can be solved by throwing a few more dollars at the problem.
  Well, Congress can certainly look at the funding angle. I know we 
will. But as we learned yesterday, it was not just the old stuff that 
was breached, it was the new stuff, too. More money is not going to 
solve a management problem, either. Let's be honest. This appears 
primarily to be a management problem. This appears primarily to be a 
management problem.
  Here is what the American people were really looking for the OPM 
Director to address: Accountability. Accountability. A plan for the 
future. Confidence in the ability of the bureaucracy they hired and 
rarely, if ever, can fire to break out of the stereotype and show they 
can put the people's concerns first.
  I thank Chairman Boozman for holding that hearing. We learned a lot, 
but it is not the end of the story. The OPM Director will testify 
tomorrow before Chairman Ron Johnson's homeland security committee, 
too. I hope she will take that opportunity to articulate a credible 
plan of action. I hope she will

[[Page 10378]]

better address the legitimate concerns of the American people. That 
means a resolve to get to the bottom of what happened. That means 
giving the American people renewed confidence in a creaking 
bureaucracy. And that means pledging to work with policymakers to enact 
real reforms rather than simply accepting failure.
  Whatever happens tomorrow, one thing does not change: the need for 
the Intelligence Committee's cyber security bill we tried to pass 
earlier this month. I am going to continue working with my colleagues 
toward that end. In the meantime, I look forward to seeing what happens 
in tomorrow's committee meeting.

                          ____________________