Sen. Jon Tester (D-Mont.) on Monday sent a letter to the Inspector General of the Office of Personnel Management (OPM) asking him to conduct another investigation of its data system that is used in investigating applicants for federal jobs following revelations a month ago that hackers had gained access to millions of records that agency has of current and former government employees.
“On June 29, OPM promised to re-evaluate its Electronic Questionnaires for Investigative Processing (e-QIP) and has taken it offline for a period of four to six weeks,” Tester wrote Patrick McFarland, the OPM IG. “I am concerned, however, that the larger suite of products under which e-QIP is housed, known as ‘EPIC,’ remains vulnerable despite significant investment into the system.”
Tester wants McFarland to make recommendations to OPM on securing its data systems.
Tester said that based on an earlier IG report, OPM has never done a comprehensive security assessment of EPIC to make sure the system’s security controls meet requirements. He also noted that a flash audit done by the IG in mid-June shows that OPM needs to put management best practices in place and “identify the full scope and cost of IT security upgrade projects.”
“Given that the total estimated costs of updating the EPIC suite from fiscal years 2010-2015 was more than $164 million, it is troublesome that IT systems management best practices appear not to have been in place,” Tester said. “It is critical that your office remain diligent in its oversight of the EPIC suite, particularly in light of the $23 million Fiscal Year Acceleration Option request from OPM.”