Priorities

By: Joe Davidson

For Sen. Mark Warner it wasn’t the crime as much as the counter-punch that finished Katherine Archuleta. 

After five weeks of increasing heat over revelations about the massive breakdown in the Office of Personnel Management’s (OPM) cyber security program, Archuleta quit Friday as agency director.

Confidence in her was shaken beyond repair.

No matter how often she and other administration officials noted her efforts combating the serious cyber problems that began before she took office, it was not enough to dig her out of the steadily deepening data-breach hole. Whatever she accomplished during her 613 days in office — and there were successes noted by the White House – was overshadowed by the scope of the breach announced on Thursday. Sensitive information from at least 15 years of background investigations of 21.5 million employees, contractors and job applicants seeking security clearances, and their families, had been snatched. That was in addition to another theft, which seemed huge when it was first revealed on June 4 — personal data on 4.2 million employees,  including Social Security numbers. There was some overlap in the information compromised in each of the breaches.

That smaller breach alone was enough for about 20 member of Congress, almost all Republicans, to call for her removal.  After the larger breach was revealed, calls to dump her quickly increased and included House Speaker John Boehner (R-Ohio). Yet, the two thefts alone, weren’t enough for Warner to urge that Archuleta be replaced.

Drew Angerer / Getty Images

But after  Thursday’s announcement Warner thought she had to go , more because of Archuleta’s “slow and uneven” counterpunch, as he described it, rather than the breaches themselves.

During Archuleta’s congressional hearings and in a private meeting with senators, “there didn’t seem to me to be a sense of urgency,” Warner said by phone. He lost confidence in her ability to fix the problems, even if they were not entirely of her own making.

While Warner was not alone in losing confidence in Archuleta, his call for her to step down was particularly significant. He is a Democrat taking on a Democratic administration appointee. He is a moderate, not given to rash statements, a former governor who is “very wary” about pushing people out of jobs and he represents Virginia – a state with hundreds of thousands of constituents now worried if they will personally suffer from OPM’s lapses.

As bad as the breaches are, Warner was quick to note that similar problems strike many places, in and out of government. But he was upset with the outside contractor OPM hired to deal with employees hit by the smaller breach. His constituents and other federal employees complained about poor service from the quickly-hired company — long telephone wait times, faulty online availability and uncertain security arrangements.

“That to me was very, very troubling,” he said.

He felt Archuleta “mishandled” the decision to take offline e-QIP, a web based system for processing security clearance forms because it was vulnerable to attack, leaving that work to be done by hand. And he is not happy that his questions to OPM were either not answered or responded to with form letters.

“It just got to a breaking point with me…” he said. “My constituents and federal employees, they’ve lost confidence in the idea that OPM is handling this with the sense of urgency, the sense of concern and the sense of responsibility that I think was appropriate.”

Another blow to Archuleta’s reputation was the “Flash Audit Alert” OPM’s Office of Inspector General issued in the middle of the scandal.

The June 17 report was sharply critical of OPM’s leadership on an information technology overhaul project. “In our opinion, the project management approach for this major infrastructure overhaul is entirely inadequate, and introduces a very high risk of project failure,” wrote Inspector General Patrick E. McFarland.

This project was part of what OPM had touted as its “aggressive effort to upgrade the agency’s cybersecurity posture,” since Archuleta took office. “I immediately became aware of security vulnerabilities in the agency’s aging legacy systems and I made the modernization and security of our network and its systems one of my top priorities,” she told Congress. That effort was responsible for detecting the cyber thefts, she said. But it couldn’t stop them, nor could they make up for lapses that occurred during her watch.

While some individual feds called for her dismissal, federal employee organizations generally have treated her gently, even as they were critical of her agency. The International Federation of Professional and Technical Engineers was one calling for her ouster, expressing “no confidence in her abilities to either determine all that went wrong or to steer the government, its agencies, and its departments through this crisis.”

National Federation of Federal Employees President William R. Dougan thanked Archuleta and said her “resignation puts federal employees in a dire state of uncertainty…the volatility of this situation has escalated exponentially and we face a void of leadership.”

Said Richard G. Thissen, National Active and Retired Federal Employees Association president: “Ms. Archuleta did her best to right the ship and deal with the fallout from the massive data thefts that occurred under her watch, the blame for which must, in fairness, be shared widely.”

True. But the response after thefts falls on Archuleta.

It wasn’t good enough to save her job.