Hurd on the Hill: 'Do As I Say, Not As I Do'

June 29, 2015
Hurd on the Hill: Local Columns

After six months serving as the Representative for the 23rd Congressional District of Texas, I think I have discovered the mantra Washington bureaucrats seems to live by – do as I say, not as I do.

If you watch the news at all, you have heard that the Office of Personnel Management (OPM) was hacked (presumably by a foreign adversary) and that the personal information of millions of current and previous federal employees was compromised – including my own.

As most of the people impacted by this hack had submitted to a security clearance process, there is some pretty sensitive data that has been exposed.  How will our attackers use this information? We cannot be certain, but likely it will be sold and then used to discover weaknesses in the digital security of both our federal government and for the individuals involved.

While these attacks are alarming, I am even more frustrated and bewildered by the lack of action by the Director of OPM, Katherine Archuleta.  Despite having received warnings every year from their Inspector General (IG) since at least 2010, little to no action was taken by Director Archuleta to shore up their digital security. Basic cybersecurity protection measures were simply ignored.

While Archuleta claimed to be frustrated and concerned about the attacks in recent testimony before Congress, there were no apologies offered to the millions of Americans who stand to be negatively affected by her unwillingness to do her job. The closest OPM came to an apology was to say in their letter to me and millions of others was that they had “regrets” about what happened. But of course, they also said in the same letter that they accepted no liability either.

My father taught me that simply saying you are sorry can go a long way. He is right,and that is where OPM should start.  Then they should continue by getting out the past few years of IG reports and start implementing the suggested actions. I will not ever claim that if they had done this in the first place that the breach would never have happened.  But I will assert that if they had practiced basic cyberhygiene, the breach would have been discovered much faster and the potential damage would have been minimized.

I have called for the resignation of Director Archuleta, and the OPM Chief Information Officer Donna Seymour, because I believe that federal agency officials should be held to the same standard that they hold our American business owners to. When a breach like this happens in the private sector, the federal government levies numerous fines and perhaps even threatens criminal investigations against the owners and executive officers of that company.

But when federal agency officials are guilty of the same negligence, they seem to think that sending their regrets makes everything all right. This ‘do as I say, but not as I do’ mentality in Washington is an affront to the American people and a serious breach of trust. I will continue to shine a bright light on this abuse of power and do what I can to stop it.