OPM’s efforts to fix IT security are criticized by auditor

Efforts to fix cybersecurity problems at the U.S. Office of Personnel Management (OPM) may be doomed because the agency is moving too quickly and ignoring some best practices, an auditor said Thursday.

Even before two recently disclosed breaches at OPM, agency director Katherine Archuleta pushed to improve cybersecurity at the agency, which still runs several mainframe systems.

But a “massive” agency-wide effort to update decades-old systems is not following proper IT project management procedures, including a cost-benefit analysis, and the agency does not have a firm estimate on the cost of the project, said Patrick McFarland, OPM’s inspector general.

To read this article in full or to leave a comment, please click here