OPM ignored warnings last year its computers were insecure

Scroll down to read this post.
For many reasons, mostly political but partly ethical, I do not use Google, Facebook, Twitter. They practice corrupt business policies, while targeting conservative websites for censoring, facts repeatedly confirmed by news stories and by my sense that Facebook has taken action to prevent my readers from recommending Behind the Black to their friends.
Thus, I must have your direct support to keep this webpage alive. Not only does the money pay the bills, it gives me the freedom to speak honestly about science and culture, instead of being forced to write it as others demand.


Please consider donating by giving either a one-time contribution or a regular subscription, as outlined in the tip jar below.


Regular readers can support Behind The Black with a contribution via paypal:

Or with a subscription with regular donations from your Paypal or credit card account:

If Paypal doesn't work for you, you can support Behind The Black directly by sending your donation by check, payable to Robert Zimmerman, to
Behind The Black
c/o Robert Zimmerman
P.O.Box 1262
Cortaro, AZ 85652


You can also support me by buying one of my books, as noted in the boxes interspersed throughout the webpage. And if you buy the books through the ebookit links, I get a larger cut and I get it sooner.

An inspector general report last year had advised OPM to shut down many of its computer systems because they were running without sufficient security. The agency ignored that recommendation.

In the audit report published November 12, 2014, OIG found that 11 out of 47 computer systems operated by OPM did not have current security authorizations. Furthermore, the affected systems were “amongst the most critical and sensitive applications owned by the agency.” Two of the unauthorized systems are described in the report as “general support systems” which contained over 65 percent of all OPM computer applications. Two other unauthorized systems were owned by Federal Investigative Services, the organization which handles background investigations in connection with government security clearances. OIG warned bluntly, “any weaknesses in the information systems supporting this program office could potentially have national security implications.”

Because of the volume and sensitivity of the information involved, OIG recommended OPM “consider shutting down systems that do not have a current and valid Authorization.” But OPM declined, saying, “We agree that it is important to maintain up-to-date and valid ATOs for all systems but do not believe that this condition rises to the level of a Material Weakness.”

The head of OPM also claimed in House hearings yesterday that their failure to close these systems down was justified since the hackers were already in the system when the recommendation was made.

In other words, we didn’t do anything to make the system secure, and when hackers broke in it was further justification for not doing anything.

Yeah, let’s put our healthcare under their control also!



  • schwit


    Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is ‘so what’s new?'”

  • Brian H

    Oh this was left un-secured for a reason… so that data could be taken…

  • pzatchok

    Just remember.

    The vast majority of government workers are people who could not get jobs in the private sector.
    They are mindless drones interested in only putting in their 8 hours and getting home as fast as possible.
    They have little to no security on their own personal computers and blame other people when their crap goes tits up.
    Do you really think they are going to care more for the computers or systems they have at work?
    Hell no.
    They think computer security is turning off the monitor at night and locking the doors. Sorry, locking the doors is the custodial staffs business, not theirs.

    The weakest link to any security system is the human element. And in a computer environment the first, fastest, and best security for a office network is the IT guy. Next time you go into any office look at the IT guy, does he really look like he is up to a top security task? Or does he look like some young collage geek who it doing the IT work just for a little cash until classes start again? Does he really look like he belongs on a serious security team? Mine has trouble installing a printer the right way. If windows doesn’t do it automatically it can not be done.

  • Edward

    Also from the Congressional hearing:
    https://www.youtube.com/watch?v=A9Y6IefNq2Q (4 minutes)
    “I wish that you were as strenuous and hard working at keeping information out of the hands of hackers as you are at keeping information out of the hands of Congress.”

    Who was it that said the government wasn’t the solution but was the problem? That’s right: Ronald Reagan. Still right, after all these years.

Leave a Reply

Your email address will not be published. Required fields are marked *