Two Years After OPM Cyberattack, More Must Be Done

Two years ago this month, officials revealed the largest hacking of the federal government in history when more than 20 million Americans’ personnel files were stolen from the Office of Personnel Management. Among the information exposed: Social Security numbers, fingerprints and sensitive details stemming from background checks.

Government investigators have said that while the hack was attributable in part to some easily fixable problems like weak user names and passwords, a major culprit was OPM’s outdated information technology systems, which were increasingly vulnerable in this era of relentless cyberattacks.

In the two years since the breach, OPM and other government agencies have instituted some common-sense measures to protect government-stored data. But more needs to be done. The U.S. government is still woefully behind where we need to be. For example, some IT systems being used today to manage major government operations and data pre-date the Apollo moon landing in 1969.

It is time to move beyond the IT status quo that federal agencies and departments are saddled with today.

Recently, the U.S. House of Representatives took a major step to correct this problem by unanimously passing the Modernizing Government Technology Act. Sponsored by Rep. Will Hurd (R-Texas) and supported by Democrats and Republicans alike, this legislation would allow the federal government to improve its outdated technology systems and bolster the nation’s cybersecurity defenses. It would authorize funding to improve, retire or replace current federal government technology systems, accelerate the transition to cloud computing, and procure IT products and services to strengthen the federal government’s cybersecurity defenses.

Currently, the federal government spends 80 percent of its $80 billion IT budget on maintaining aging, insecure and expensive legacy systems. This is dangerously unacceptable in an era of increasing cyber threats.

Passage of the MGT Act will accelerate the adoption of state-of-the-art technologies, helping the federal government secure data, save taxpayer dollars and deliver higher quality services to our veterans and other citizens.

This legislation now requires Senate action, and we see daily evidence that reminds us of how hackers are always looking for new ways to exploit any vulnerability they can.

As individuals, most of us have received that dreaded notification about “suspicious activity” on our credit card account. Businesses of all sizes have been targeted and had to ramp up cyber defenses to protect their customers’ information.

While it is unfortunate, cyberattacks have become a part of daily life.

Part of the solution is common sense — updating software and credentials, and personal responsibility. But the most important thing we must do is modernize the federal government’s IT systems with sound, secure and modern technologies.

Cyber criminal syndicates and other bad actors will continue targeting us, but we don’t need to accept getting hacked as the new normal.

This message must be heard throughout the federal government — starting with the U.S. Senate, which should pass the Modernizing Government Technology Act without delay. Doing so will usher in a new era of secure, efficient and cost-effective government services.


Linda Moore is president and CEO of TechNet, a national bipartisan network of technology executives.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult