How Obama’s Poor Judgment Led to the Chinese Hack of OPM
Paul Conway /
The maxim that “personnel is policy” transcends partisan affiliations and political labels.
Every president, including President Barack Obama, has the authority to staff federal agencies with loyal political appointees.
Given the deep pool of experienced talent from which presidents can draw, philosophical alignment and management competence are not mutually exclusive.
Presidents place America at risk if they choose to ignore, or worse, fail to even weigh the competency of a potential appointee to both uphold and successfully manage the core responsibilities of the office or agency for which that appointee is considered.
The sophisticated cyber attacks on the Office of Personnel Management (OPM), attributed to China by senior intelligence officials, are underscored by this fact.
The political appointment of Katherine Archuleta to OPM director was a devastating example of the poor personnel judgment exercised by President Obama.
It highlighted his willingness to elevate ideological purity over competency when selecting appointees whose job is to protect America.
While Americans prepare for the fallout from the most significant cyber espionage attack ever on their government, Obama remains silent on both his responsibility for the appointment of Archuleta and the actions China took to exploit incompetent appointee leadership.
In the case of OPM, the risks posed by an unqualified agency head were known years ago to Obama—as well as to the incoming senior leadership team at the Department of Homeland Security.
As a part of the 2008/2009 transition process between President George W. Bush and President Barack Obama, senior outgoing Bush appointees and incoming Obama appointees engaged in a highly structured and thorough briefing regimen.
Months before Inauguration Day 2009, special teams of future Obama administration appointees were already cleared and embedded within key federal agencies, observing many of the programs and processes integral to American national security and homeland security.
Regarding OPM, Obama and his team were briefed at several levels on major OPM authorities, legislative and regulatory, including the federal personnel suitability and security clearance process.
The Obama team knew that OPM, in conjunction with multiple other government and security agencies, is the agency that makes the critical call on the operating status of the federal government in the Washington, D.C., region during either a weather or terror-related event.
They learned of the substantial policy role OPM assumed following the terror attacks of September 11, 2001 and throughout the Global War on Terror.
OPM was the agency that provided key policy and personnel expertise necessary to immediately expand the Air Marshall program, and to rapidly support the Transportation Security Agency as directed by Congress.
In addition, OPM rapidly recruited and cleared employees to assist the Federal Emergency Management Association (FEMA) and other security agencies in their efforts to reconstitute emergency communication networks among cabinet officials and various command centers.
OPM assembled the networks of national health, security and intelligence experts required to develop the policies, protocols and flexibilities necessary to position the federal workforce to respond to terror threats or other incidents involving biological, chemical or other elements.
Congress was aware of OPM as central to both guaranteeing the integrity of the personnel security process and the merit hiring system. Congress wrote OPM into both the authorization legislation for the Department of Homeland Security as well as the authorization legislation for the Department of Defense National Security Personnel System.
Senior career OPM officials involved in these legislative efforts later served as the chief human capital officers for the newly created Office of the National Intelligence Director (ODNI) as well as the Department of Homeland Security.
The cyber attacks on OPM have done strategic and long-term damage to our national security and the effectiveness of both military and federal civilian workers.
Consider these highlights, reported on July 9 by Ellen Nakashima, the national security reporter for The Washington Post:
- Security clearance information associated with 21.5 million Americans, including former and current federal employees, federal contractors and their families and friends.
- The 21.5 million figure includes 19.7 million Americans who actually applied for a federal security clearance (mostly in the year 2000 and afterwards), as well as 1.8 million non-applicants, the number that includes spouses, families, friends and colleagues.
- Personnel records containing an estimated 1 million fingerprints of current and former federal employees.
In that same story there’s anonymous spin from an Obama administration official, designed to divert the attention from Obama for his responsibility for appointing Katherine Archuleta as OPM director.
“There are certainly some people I would like to see given the boot for not paying attention to cybersecurity, but Katherine Archuleta is not one of them,” said one administration official, requesting anonymity to discuss personnel issues. “Maybe they didn’t move as fast as they should have but they were at least moving in the right direction and were prioritizing it in an agency that didn’t think of itself as having a security mission.”
Given everything Obama and the White House already knew about OPM, the truth is the opposite.
Archuleta ignored repeated written warnings from OPM Inspector General Patrick McFarland regarding the vulnerability to cyber attack of key personnel IT systems.
OPM knows full well, based on its history, the significance and gravity of its mission.
Since the Cold War and post-9/11, OPM has managed the systems that determine who is suitable to work for America and which employees and contractors can be trusted to work within some of most classified and restricted-access programs.
Clearly, the security mission and protection of millions of valuable and exploitable personal records are not a new roles for OPM.
Chinese intelligence obviously knew this too.
The old Soviet KGB would have loved to have stolen the same OPM information China targeted.
Consider the implications for America now if China opts to share OPM data with KGB successors in Russia and the intelligence services of our other adversaries.
The real issue raised by the cyber attacks on OPM is that neither Obama nor his White House team prioritized the personnel suitability and security clearance mission performed by OPM.
So, not surprisingly, neither did former OPM Director Katherine Archuleta.
Crisis brings a laser focus to the abject and total failure of a presidential appointment.
And, when a crisis happens, no targeted off-the-record comment by a senior administration official or dutiful spin from the White House podium can excuse or mask the president’s ultimate responsibility for the underlying personnel judgment.
As Americans look at Obama’s choices at OPM and so many other agencies, there should be little wonder why their confidence in the federal government continues to erode.
Personnel is policy.