Adam Mazmanian reports that the House Oversight and Government Reform Committee is asking some very specific questions of OPM and US-CERT:
Chaffetz wants US-CERT, a unit of the Department of Homeland Security, to report on when it was first contacted by OPM to report the breach, and any reporting or analysis on the nature of the attack, including whether hackers deployed any malicious code that was known to DHS. In an Aug. 19 letter to US-CERT Director Ann Barron-Di-Camillo, Chaffetz also wants information on any site visits made by US-CERT personnel to OPM data centers, and any reports or recommendations from US-CERT to OPM.
Separately, Chaffetz is also seeking information on security document and manuals taken from OPM systems as far back as March 2014. In a June 24 hearing of the committee, OPM CIO Donna Seymour testified that the loss of the material represented a security breach, and that attackers could use the information to “learn about the platform, the infrastructure of our system.”
In a letter to acting OPM Director Beth Cobert, Chaffetz asks for details on what was taken, when the thefts occurred, who discovered the breaches, and how the response was handled.
Read more on FCW.