Office of Personnel Management Director Katherine Archuleta stepped down today. Archuleta offered her resignation to President Barack Obama this morning and he accepted. She informed OPM employees of her decision in an email.
“I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work,” Archuleta’s email said. “Leading this agency has been the highlight of my career. The OPM family is comprised of some of the most dedicated, capable and hardworking individuals in the Federal Government.”
OMB Deputy Director for Management Beth Cobert will become acting director, and an administration official told Federal News Radio that OMB Controller David Mader will become the acting DDM at OMB.
Cobert stepped into the role as OMB’s DDM in October 2013, following a 29-year career as a consultant for McKinsey and Co.
Insight by MFGS, Inc.: In this exclusive Federal News Network survey, cybersecurity experts from the military services and intelligence community offer insights into how their agencies are transforming their approaches to cybersecurity to address the ever-changing threats.
Archuleta’s resignation comes a day after OPM announced the results of the investigation into the breach of its background investigation databases. That investigation found that 21.5 million were affected by the second breach. OPM previously said 4.2 million were impacted in the first breach. And there’s an overlap of 3.6 million whose information was stolen in both hacks, according to officials.
Archuleta, in her email, also thanked the “OPM family” and expressed confidence that the remaining leadership can excel in her absence.
“I’m proud of the work we have done to develop the REDI initiative and our IT Strategic Plan,” she wrote. “Both of these efforts have transformed our ability to serve our customer agencies and ensure that the Federal Government is able to attract, hire, engage and develop a talented and diverse federal workforce. I am honored to have led this organization and to have served alongside the incredible team at OPM. I have complete confidence in their ability to continue fulfill OPM’s important mission of recruiting, retaining and honoring a world-class workforce to serve the American People.”
A multitude of statements rolled out of the U.S. Capitol in reaction to today’s news.
House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-Utah) released a statement this afternoon calling Archuleta’s resignation “the absolute right call.”
“OPM needs a competent, technically savvy leader to manage the biggest cybersecurity crisis in this nation’s history,” Chaffetz said. “The IG has been warning about security lapses at OPM for almost a decade. This should have been addressed much, much sooner but I appreciate the President doing what’s best now. In the future, positions of this magnitude should be awarded on merit and not out of patronage to political operatives.”
U.S. Sen. Mark R. Warner (D-Va.), a member of the Senate Select Committee on Intelligence, also put out a statement that echoed Chaffetz’s sentiment.
“This is the right move for the agency and all those affected by the breach,” Warner said. “The focus now needs to be on fixing the problem and protecting those impacted.”
Sen. Ron Johnson (R-Wis.), chairman of the Senate Homeland Security and Governmental Affairs Committee, welcomed the chance for new leadership at OPM.
“I urge President Obama to find a permanent replacement with appropriate management and information technology experience,” Johnson said, in a release. “The OPM is entrusted with some of Americans’ most sensitive information. Their safety and our nation’s security requires that this pattern of data breaches at the agency end. We need the OPM to succeed. My committee will work with its new director to bring about that success.”
Rep. Will Hurd, chairman of the Information Technology Subcommittee on the House Committee on Oversight and Government Rerform, released a statement saying Archuleta’s resignation came too late for the 21 million whose personal information had been compromised.
“Many of us in Congress have called on Director Archuleta to step down on multiple occasions and I believe that resigning is the right thing for her to do,” Hurd wrote. “The President should appoint a new director who truly understands the digital challenges we face and has the right experience to take the steps necessary to ensure we’re ready for the next cyber-attack.”
Hurd also called the breaches a “wake-up call” for Congress to act on improving the government’s cybersecurity posture.
“The House has passed two information-sharing bills in this Congress. It’s time for the Senate to act and send these bills to President Obama’s desk,” he said, in his statement.
Rep. Barbara Comstock (R-Va.) agreed that it was time to move forward and tackle some of these cybersecurity challenges.
“The federal government must be nimble and get on offense to detect, intercept, and stop these cyberattacks before they compromise sensitive information and threaten personal and national security,” she said, in a statement. “On the Research and Technology subcommittee, we will continue to look at different ways experts and the private sector can have an active role with the federal government in developing new technologies to combat the constantly growing cyber threat.”
Rep. Steve Russell (R-Okla.) said in a statement that the actions taken to date by OPM in failing to secure employees’ personal records is inexcusable, but Archuleta’s resignation is a good, first step. “But it does not fix the problems that exist within OPM,” he said.
Rep. Mike Turner agreed. “This resignation is not enough to reconcile the harm done to those Americans whose personal data has been compromised,” he said, in a statement. “What we need now are answers on how OPM will address this threat and how they will continue to help those who have been put at risk because of these massive data breaches.”
Rep. Elijah E. Cummings, ranking member on the House Committee on Oversight and Government Reform, released a statement thanking Archuleta for her service.
“The challenges OPM faces are daunting and span far beyond the critical task of securing the agency’s information technology systems,” Cummings said, in his statement. “They also include managing the immediate crisis faced by tens of millions of federal employees who have had their personal information compromised, overhauling the process by which our nation processes security clearances, improving oversight and accountability of contractors entrusted with this information, and working with the Government Accountability Office and the Inspector General to ensure that there is strong support for the agency’s path forward. We look forward to working with Ms. Cobert as she takes on her very critical new role.”
J. David Cox, national president of the American Federation of Government Employees, said Archuleta’s resignation was not a solution to the impact of the data breach on millions of federal employees.
“While the data breaches happened on Archuleta’s watch, the lapses that gave hackers access into the systems were the result of decisions made long before Archuleta became director,” Cox said, in a statement. “Firing one individual solves nothing. Congress should recognize that preventing future breaches requires funding. Budget austerity has consequences, and we’re seeing one of them right now.”
William R. Dougan, national president of the National Federation of Federal Employees, said the resignation of the OPM director leaves feds in a “dire state of uncertaintly.”
“With Director Archuleta’s resignation, the volatility of this situation has escalated exponentially and we face a void of leadership,” he said, in a release. “All the while, millions of federal employees that have had their personal information compromised continue to go without the suite of protections they need and deserve from OPM. The administration needs to get control of this situation and they need to provide stable leadership that those affected can turn to for answers in the wake of this unprecedented attack.”
He added that NFFE applauded the appointment of Cobert as the acting director.
“We have worked with Beth for a number of years, and we believe this is a solid choice in the interim during this time of chaos at OPM,” he said. “Beth has the necessary skillset to provide leadership at OPM while the President weighs long-term options.”
Jessica Klement, legislative director of the National Association of Retired Federal Employees, said she wasn’t surprised by today’s news.
“There have been many members of Congress calling for this for a while now,” she said. “Our biggest concern, from NARFE’s standpoint, if something like this happened, that there would be immediate leadership put in place. You can’t have a rudderless ship in stormy seas.
“We had hoped that if a situation like this were to happen, that there would be someone in place immediately ready to go to finish the work needed to protect these millions of people. And it seems like the president has done that.”
Richard G. Thissen, National Active and Retired Federal Employees Association president, said in a statement that OPM needs a proven leader to ensure that a similar cyber breach doesn’t occur again and that employees’ records are adequately protected.
“The Administration’s first priority must be to protect federal employees, retirees and their loved ones impacted by the breaches,” he said, in his statement. “We hope Ms. Cobert heeds our request for lifetime protection. We also call upon her to improve communications between OPM and federal employees and retirees and the groups that represent them.”
Greg Stanford, of the Federal Managers Association, which represents federal managers and supervisors, said, in the wake of Archuleta stepping down, that “the issue isn’t going away” and that he’ll continue to advocate for federal workers.
“Her resignation doesn’t undo the damage that’s been done,” he told Federal News Radio. “There are more than 22 million people whose data has been compromised. … I understand that she’s the director and it happened on her watch. But this is much bigger than one big person. We look forward to working with OPM on an ongoing basis to make our members whole, to protect the people who have been affected.”