Efficiency of federal employee background checks. The Oversight Reform Committee questioned office and management of budget officials to protect federal employees personal information. This hearing is about 2. 5 hours. Committee on oversight government reform will come to order and without objection, the chair is authorized to declare a recess at any time. Appreciate you all being here. We have very important hearing. We have a number of members that im sure will be here, but it will be late. There is the National Prayer breakfast and getting across town at this point of the day is a difficult task. Nevertheless, glad to have you here and look forward to this important hearing. Two years ago, the office of Personnel Management suffered one of the most damaging data breaches in the history of the federal government. This went on for some time and we still, there are still Additional Details that need to be learned. But the counterintelligence value of the data that was stolen will last for an untold amount of time, a generation or so. It troubles me to hear reports that maybe some of the things that led to this havent necessarily been changed at the office of Personnel Management. We have a number of questions that i think we need to explore. For example, our legacy system still in use for backup investigations. Opm and employing good cybersecurity practices such as dual factor authentication and network. What is opm off of this Legacy Technology . When will opm stop using unsecure and vulnerable legacy technologies such as cobal and using maybe modernized solutions . How is opm protecting the inside of the network and not just the building the cyberwalls higher . Will opm adopt a zero trust model as part of their Cybersecurity Strategy . You cant steal what you cant access and a zero trust model makes life much harder for the hackers. These are some of the questions that well continue to ask and explore. We said it in the committees data Breach Report and ill say it again. Chief Information Officers matter. They really do matter. Thats why we have two of them on the panel today. Federal agencies, particularly cios, must recognize their positions are on the front line of defense against these cyberattacks. And as a government, were on notice. Leadership at federal agencies must be vigilant about the everpresent National Security threats targeting their i. T. Systems and especially in opms case with the most vulnerable information held by the federal government. The National BackgroundInvestigation Bureau, also known as nbib, nbib, at the office of personal management. When last testified in february of 2016, the nbib had just be beenbeen announced. Questions about how to operate given split responsibilities with the overseeing the i. T. Security of the nbib. Today, wed like answers to the questions with assurances were moving in the right direction and also, as to when the new organization will be fully operational with a secure i. T. Environment. Was the creation of the nbib simply a rebranding effort or does it represent real change . On our last hearings, we talked about the many security clearance processes failed to check social Media Information of the applicants. The day before our followup hearing in may of 2016, the director of National Intelligence issued a new policy with collection of available social Media Information in certain cases. Wed like to understand how this policy is being implemented and if it is effective. Fine, the clearance process seals to sea seems to be getting worse while the reform process continues. Based on an opm management memo of october 2016, theres a backlog, at least then, there was a backlog of 569,000 cases. Thats quite a list. It does beg the question as to why we have to have so many background checks but where are we at in terms of the backlog . And while despite all the reform activities, the clearance process taking longer, in fiscal year 2015, took an average of 25 days to process the clearance and 125 days for top secret clearance. Fiscal year 2016, average of 166 days to process and 246 days for top secret clearance. Thats quite a jump in the timeline that it takes in order to get there. The security clearance data and processes were transferred from the department of defense to opm and now talk of this process back to the department of defense. And we also have the newly created nbib where opm and dod have a shared responsibility and stop moving the organizational boxes around. We continue, as we continue our side of the transition of responsibilities from opm to the nbib, we need to ask about the efficiency and making sure were protecting and securing the United States of america. So there are tremendous amount of number of people that are working on i. T. Issues. We will have additional hearings and discuss that. I personally do believe, and this is, at some point, i would like to draw this out from you, attracting and retaining i. T. Professionals has got to be a challenge for the government. Its a challenge in the private sector. Its a challenge across the board. I was fortunate enough to have a newly minted soninlaw whos in the i. T. Field and the opportunities for him for employment were unbelievable. Ive never seen anything like it. Which is good, as his fatherinlaw. Thats a good thing. On a serious note, i do think we have to address on the whole of government, not just this particular field but the whole of government, how do we retract and retain i. T. Professionals . Because we do need so many of them and theres so much vulnerability for the country as a whole. So this is an important hearing and i appreciate you being here and i would like to ask the Ranking Member, mr. Cummings. Thank you for calling this hearing. And as i listen to you talk about the i. T. People, chairman, its very important that we all let federal employees know how important they are. That we do everything in our power to provide them with the types of salaries and work security that they need. Thats one of the things that would help to attract them and keep them. Todays hearing is on the process our nation uses to conduct background checks for federal employees who are seeking very important security clearances so they can have access to our most guarded secrets. This hearing could not come at a more critical time. Yesterday, i sent a letter requesting a pentagon investigation of the president s National Security advisor, Lieutenant General michael flynn, for his potentially serious violation of the United States constitution. I was joined by the Ranking Members of the committees on armed services, judiciary, homeland security, Foreign Affairs and intelligence. General flynn has admitted that he received payment to appear at a gala in december of 2015 hosted by russia today. That countrys state sponsored propaganda outlet. General flynn dined with russian president vladimir putin. As explains, the department of defense warns its retired officers that they may not accept any direct or indirect payment from Foreign Governments without congressional approval because they continue to hold auf offices of trust under the emoluments clause. And detailed russias attack on the United States to undermine our election. This report concluded with high confidence that the goal was to quote, undermine public faith in the United States democratic process, end of quote. District described as the kremlins International Propaganda outlet, end of quote. It explained, and i quote, that the kremlin staffs end quote, and closely supervises coverage and recruiting people who can convey Russian Strategic messaging because of their ideological beliefs, end of quote. It is extremely concerning that general flynn chose to accept payment for appearing at an event hosted by the propaganda arm of the russian government and at the same time that the country was engaged in an attack against this nation in an effort to undermine our election. Something is wrong with that picture. But its even more concerning that general flynn who President Trump has now chosen to be his National Security advisor may have violated the constitution in the process. We do not know how much general flynn was paid for this event and for his dinner with president putin, whether it was 5,000, 50,000 or more. We dont know. We do not know whether he received payments from russian or other foreign sources or separate occasions or sought approval from the pentagon or congress to accept these payments. We dont know. And related to todays hearing, know what effect this potentially serious of the constitution will have on the security clearance. Security clearance holders and those applying for security clearances are required to report the contacts with foreign officials. We do not know what, if anything, general flynn reported about his contacts with officials from russia or other countries. We do not know if he reported this one payment or any other payment he may have received. These are the questions that need to be answered. Also have questions about the individuals who may seek to join the administration. And obtain access to classified information while they are currently under investigation. For example, there have been reports that President Trumps former campaign chairman, paul manafort, has been advising the white house recently while at the same time, hes reportedly under fbi investigation for his dealings with russian interests. We want to know how security clearances are handled, if existing clearance holders or new applicants are under criminal investigation. Does the fbi allow these individuals to continue to have access to classified information . Or is there a process to place a hold on someones clearance for application until the investigation resolves the questions . Finally, President Trump claims that democrats only became interested in russian hacking for political reasons and that, for example, we had no interest in cyberattacks against opm. Quote, they didnt make a big deal of that, end of quote. The president is 1 million percent wrong. I and other democrats work aggressively on this committees investigation of the attacks on opm. We held multiple hearings, including one that i requested. We conducted extensive interviews and briefings with key witnesses. We reviewed more than 10,000 pages of documents and we issued two reports from the majority and minority. I call for expanding our investigation to other agencies including the state department, the Postal Service in which were both attacked. I call for investigating the cyberattacks on Financial Institutions like j. P. Morgan chase. Our intelligence industries, i apologize, i call for the investigating cyber attack on the biggest forprofit hospital chain systems that had the largest hacking breach ever reported and Companies Including home depot, target and kmart. The president s claim we are focusing on russian hacking for political reasons is ludicrous. Our intelligence agencies that warned us that if we do not act now, our adversaries including russia are determined to strike again. We need to get answers to these questions immediately and i thank all of our witnesses for being with us today and again, mr. Chairman, i thank you for this hearing and i yield back. Hold the record open for five legislative days for tany membes to submit a written statement. The witnesses, were pleased to welcome kathy, office of Personnel Management. Miss mcgettigan, david devries. Mr. Cord chase, chief Information Security officer at the United States office of Personnel Management and mr. Charles faylin, director of the National BackgroundInvestigations Bureau or nbib. Their expertise will be important to the subject matter so everybody will be sworn in. Were also honored to have mr. Terry halverson as the department of defense. Hes retiring at the end of the month and we could think of no better gift than having to testify before congress. Its such a joy and i know youre looking forward and happy birthday, merry krochristmas, hy retirement for testifying before congress but thank you, sir, for your service to this country and at the department of defense and we really do appreciate your expertise and look forward to hearing your testimony but we wish you well and again, thank you for your service and your willingness to be here today. Probably could have squirmed out of this one if he really wanted to and he stepped up to the plate and took this assignment. So thank you, sir, for being here. All witnesses are to be sworn before they testify, so if you would raise your right hand. Do you solemnly swear or affirm that the testimony youre about to give will be the truth, whole truth, and nothing but the truth, so help you god . You may be seated. Witnesses all answer in the affirmative. Keep your comments to 5 minutes and like said, your whole record or testimony and any supplements part of the record. Good morning, mr. Chairman, Ranking Member and distinguished members of the committee. Thank you for the opportunity for myself and colleagues to testify on the office of Personnel Management. I am joined by mr. Charles faylin, the director of the National BackgroundInvestigation Bureau, opms chief Information Officer and opms chief Information Security officer. While i am presently the acting director of opm i do have over 25 years of service at the agency. Opm recognizes how critical the topics of todays hearings are to the federal government and National Security and i look forward to having a productive conversation about the nbib transition, the security process and Information Technology security. As you know, the nbib is primary and charlie with a distinguished level in multiple roles in the federal government and private industry. His experience including at the cia and director of security and with the fbi as assistant direct for , leading its security division. Designed with an enhanced focus on National Security and continuous process improvement. Its new organizational structure is aimed at leveraging record automation, transforming business processes and enhancing Customer Engagement and transparency. In late 2014, market capacity for contract Investigation Services was drastically reduced by the loss of opms largest field and this backlog was exacerbated security incidents at opm announced in 2015. Looking forward, it is an nbib priority to address the investigative backlog while maintaining a commitment to quality. To accomplish this, nbib is focusing efforts this three primary areas. First, we work to increase capacity by hiring new federal investigators and increasing the number of investigative field work contracts. Second, nbib is focusing on policy and process changes to ensure efficient operations. Third, nbib has actively worked with customer agencies to prioritize the cases that are most critical to our National Security. Information technology also places a central role in nbibs ability to enhance the Background Investigation process. While still in develop, nbibs new system and nbis will be operated and maintained by d. O. D. On behalf of nbib. On op ms behalf, new officer, david devries. He was the Principle Deputy cio and strong relationship with his former agency. As we look to strengthen the infrastructure of nbib, working on fortifying our entire technology ecosystem. As the federal government modernizes how it does business, opm raising new tools to deliver optimum Customer Service and enhanced security. Opm enhanced its cybersecurity efforts from multiple angles and added tools and updates with implemented staff and agencywide training, hired critical personnel and finally, continued to clollaborate with interagenc partners. Our cybersecurity tools and security updates include 100 multifactor user authentication to access opms network. This is done via the use of piv cards and major i. T. System compliance initiatives. Further more, oreck pm recogniz its not just about technology but also about people. Added seasoned cybersecurity experts to its talented team. A number of senior i. T. Managers and leaders and centralized its Cybersecurity Program and resources under the chief security Information Officer. In this capacity, cord is taking steps to secure access to Sensitive Information and strengthened its threat awareness by enrolling in multiple information and intelligence sharing programs. In conclusion, the necessary key partnership