{ "id": "R44111", "type": "CRS Report", "typeId": "REPORTS", "number": "R44111", "active": true, "source": "EveryCRSReport.com", "versions": [ { "source": "EveryCRSReport.com", "id": 443080, "date": "2015-07-17", "retrieved": "2016-04-06T18:46:44.068204", "title": "Cyber Intrusion into U.S. Office of Personnel Management: In Brief", "summary": "On June 4, 2015, the U.S. Office of Personnel Management (OPM) revealed that a cyber intrusion had impacted its information technology systems and data, potentially compromising the personal information of about 4.2 million former and current federal employees. Later that month, OPM reported a separate cyber incident targeting OPM\u2019s databases housing background investigation records. This breach is estimated to have compromised sensitive information of 21.5 million individuals.\nAmid criticisms of how the agency managed its response to the intrusions and secured its information systems, Katherine Archuleta has stepped down as the director of OPM, and Beth Cobert has taken on the role of acting director. In addition, OPM\u2019s Electronic Questionnaires for Investigations Processing (e-QIP) application, the system designed to help process forms used in conducting background investigations, has been taken offline for security improvements.\nOfficials are still investigating the actors behind the breaches and what the motivations might have been. Theft of personally identifiable information (PII) may be used for identity theft and financially motivated cybercrime, such as credit card fraud. Many have speculated that the OPM data were taken for espionage rather than for criminal purposes, however, and some have cited China as the source of the breaches. \nIt remains unclear how the data from the OPM breaches might be used if they are indeed now in the hands of the Chinese government. Some suspect that the Chinese government may build a database of U.S. government employees that could help identify U.S. officials and their roles or that could help target individuals to gain access to additional systems or information. National security concerns include whether hackers could have obtained information that could help them identify clandestine and covert officers and operations.\nThe cybersecurity of most federal information systems is governed by the Federal Information Security Management Act (FISMA, 44 U.S.C. \u00a73551 et seq.). Questions for policymakers include whether existing provisions of law give agencies the legislative authority and resources they need to adequately address the risks of future intrusions. In addition, effective sharing of cybersecurity information has been considered an important tool for protecting information systems from unauthorized intrusions and exfiltration of data. The 114th Congress is considering legislation to reduce perceived barriers to information sharing among private-sector entities and between them and federal agencies.", "type": "CRS Report", "typeId": "REPORTS", "active": true, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/R44111", "sha1": "61d1424e1244860d0c9a9280427008a2e7ddc563", "filename": "files/20150717_R44111_61d1424e1244860d0c9a9280427008a2e7ddc563.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/R44111", "sha1": "cd8fac759558fd1798cff4f333facd40a8cbb821", "filename": "files/20150717_R44111_cd8fac759558fd1798cff4f333facd40a8cbb821.pdf", "images": null } ], "topics": [ { "source": "IBCList", "id": 4300, "name": "Cybersecurity" } ] } ], "topics": [ "American Law", "Asian Affairs", "Foreign Affairs", "Intelligence and National Security" ] }