WASHINGTON – Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) today released the following statement in response to the Massachusetts and New York Attorneys’ General and several environmental groups’ refusal to comply with subpoenas issued and announced on July 13. Smith’s subpoenas demanded documents related to coordinated efforts to deprive companies, nonprofit organizations, scientists and scholars of their First Amendment rights.
Chairman Lamar Smith (R-Texas): “The Committee is disappointed that the New York and Massachusetts Attorneys General and the environmental activist organizations behind the AGs’ efforts have refused to comply with lawfully issued subpoenas. Their noncompliance only raises additional questions. As discussions with the individual subpoena recipients move forward, the Committee will consider using all tools at its disposal to further its investigation.” Read More
WASHINGTON – House Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) today sent letters to Shaun Donovan, director, Office of Management and Budget (OMB), and Beth Cobert, acting director, U.S. Office of Personnel Management (OPM), requesting documents and information relative to foreign nationals’ potential access to OPM data prior to the agency’s public disclosure last year of one of the federal government’s largest cyber breaches.
The request is made in the context of a report released by the U.S. Government Accountability Office (GAO) last month that reviewed the security controls of federal agencies’ high-impact systems. GAO’s report notes “the 18 agencies having high-impact systems identified cyber attacks from ‘nations’ as the most serious and most frequently-occurring threat to the security of their systems.” GAO selected four agencies with high impact systems for further review in its report, including the U.S. Office of Personnel Management.
“The identification of foreign nations as one of the most serious cyber threats to agencies underscores concerns that were raised after last year’s OPM breach over the potential access to OPM’s sensitive data by foreign nationals. According to news reports at the time, it appears that some of OPM’s contractors may have given ‘foreign governments direct access to data long before the recent reported breaches.’ In one instance, an ‘administrator for the project “was in Argentina and his co-worker was physically located in the [People’s Republic of China]. Both had direct access to every row of data in every database: they were root,”’ the letters state.
“Additionally, a different team working on the database was led by two employees with passports from the People’s Republic of China. In other words, an agency that identifies foreign nations as the source of the most serious and frequently occurring threat, either failed to realize that foreign nationals had access to its database, or knew it and failed to correct the situation,” the letters continue.
Today’s letters request information and responses to questions from both OPM, the agency with the data breach and continued cybersecurity concerns, and OMB, the agency with statutory oversight of agencies’ compliance with federal cybersecurity requirements.
The letter to OMB can be found HERE.
The letter to OPM can be found HERE. Read More
WASHINGTON – The Committee on Science, Space, and Technology today held a hearing titled Evaluating FDIC’s Response to Major Data Breaches: Is the FDIC Safeguarding Consumers’ Banking Information? Mr. Martin Gruenberg, chairman, Federal Deposit Insurance Corporation (FDIC), and Mr. Fred Gibson, acting inspector general, FDIC testified at today’s hearing.
During his line of questioning, Rep. Gary Palmer (R-Ala.) presented part of a transcript from the committee’s transcribed interview with an FDIC employee. The transcript confirmed that FDIC staff knew a malicious outside party penetrated the FDIC network in 2010 and 2011. In a politically driven maneuver by FDIC employees, the transcript also confirmed that FDIC employees purposely avoided taking the correct course of action to remedy the situation because, “We can’t do anything to jeopardize the [then-unconfirmed] chairman getting [a Senate approved position].”
Chairman Gruenberg was confirmed by the Senate in November 2012 for a five year term. He testified today that he was unaware of his staff’s intent to cover up cyber breaches in an effort to secure his position.
Chairman Gruenberg also confirmed he was unsure of the existence of an FDIC employee handbook. In response, Rep. Palmer suggested a new policy to include in such a handbook: FDIC employees cannot take anything with them when they terminate employment.
Click here to watch Rep. Palmer’s questioning.
Rep. Palmer: I find it interesting that some at the FDIC thought your appointment was more important than taking immediate action to protect almost 31,000 banks and 161,000 individuals…It’s as though these banks and their depositers and customers were acceptable losses - collateral damage - to ensure that there would be no obstacles to your confirmation. That concerns me. That is indicative of some political calculations within the FDIC that, in my opinion, are totally inappropriate.
Oversight Subcommittee Chairman Barry Loudermilk (R-Ga.) followed up, voicing his concern that Chairman Gruenberg’s inability to answer questions as to whether the FDIC has an employee handbook, as well as Chairman Gruenberg’s apparent lack of preparation across the board, may indicate that Chairman Gruenberg does not take seriously the breaches in question.
Click here to watch Chairman Loudermilk’s comments.
Rep. Darin LaHood (R-Ill.) raised concerns about the FDIC’s legal department instructing employees not to discuss matters relating to cybersecurity breaches over email in an effort to limit exposure to congressional oversight and FOIA requests. In a transcribed interview, an FDIC employee stated employees were instructed not to “discuss deliberations over the applicability or implications of OMB 16 03 in email.” Despite having known about the legal department’s actions for weeks, Chairman Gruenberg stated he has not yet taken any action to remedy the situation. This is yet another example of the FDIC’s attempt to evade congressional oversight and its lack of transparency and accountability.
Click here to watch Rep. LaHood’s questioning.
For more information about today’s hearing, including witness testimony and the archived webcast, please visit the Committee’s website. Read More
WASHINGTON – Science, Space, and Technology Committee Chairman Lamar Smith (R-Texas) today issued subpoenas to New York Attorney General Eric Schneiderman, Massachusetts Attorney General Maura Healey, and eight environmental organizations to obtain documents related to coordinated efforts to deprive companies, nonprofit organizations, scientists and scholars of their First Amendment rights.
Chairman Lamar Smith (R-Texas): “The attorneys general have appointed themselves to decide what is valid and what is invalid regarding climate change. The attorneys general are pursuing a political agenda at the expense of scientists’ right to free speech.
“The Committee has a responsibility to protect First Amendment rights of companies, academic institutions, scientists, and nonprofit organizations. That is why the Committee is obligated to ask for information from the attorneys general and others.
“Unfortunately, the attorneys general have refused to give the committee the information to which it is entitled. What are they hiding? And why?”
Energy Subcommittee Chairman Randy Weber (R-Texas): “Since when did it become a crime to express or hold an opinion? The difference of opinions is what makes our country so strong and unique. It’s this freedom without censorship or restraint that helped build our country. However, this posse of attorneys general believe that those whose opinion, or scientific research, conflicts with the alleged consensus view on climate change should be the subject of investigation and prosecution by government officials - talk about a chilling effect on free speech.”
Space Subcommittee Chairman Brian Babin (R-Texas): “Since March, these attorneys general have attempted to use questionable legal tactics to force the production of documents and communications from a broad group of scientists, companies, and non-profit organizations. These actions are an attempt to chill the scientific research of those who do not support the attorneys’ general and environmental groups’ political positions.
“These actions amount to a political attack rather than a serious inquiry based on the law. Today’s action by the Science Committee and Chairman Smith sustains the commitment to protect the First Amendment rights of the individuals and groups targeted by the attorneys general and environmental activists.”
Rep. Darin LaHood (R-Ill.): “Instead of pursuing real threats to America, these attorneys general are going down a path of partisan politics and attacking people who disagree with their conclusions about climate change. The administration has attempted to avoid all debate on climate change by circumventing Congress and signing international agreements without the consent of the Senate, and it now appears that Democratic attorneys general are following the president’s lead.
“If the debate on climate change is settled, the environmental activists and state attorneys general should have no problem convincing the American public with their own evidence and arguments. Why go to such great lengths to squash differing opinions and anyone who questions their conclusions? These individuals, scientists, and organizations have the right to conduct research, form their own opinions, and voice those opinions.”
Rep. Warren Davidson (R-Ohio): “Instead of upholding the constitution, protecting citizens, and putting real criminal behind bars, these attorneys general are using taxpayer dollars to manufacture charges to send a political message. This demonstrates a clear deviation from the legal duties of an attorney general and the possible abuse of discretionary judgement. It is not the job of the attorneys general to decide what science should be conducted, and their actions indicate their intent is to silence certain voices.”
Chairman Smith followed up the subpoenas with a press conference on Capitol Hill this afternoon.
On July 6, Chairman Smith sent letters to the individuals and organizations subpoenaed today reiterating his May 18 and June 20 requests for documents and communications, setting a deadline for those documents as July 13 (today) at 12:00 p.m., and threatening the use of compulsory process pending their compliance with the requests. The attorneys general and environmental groups have refused to comply with the committee’s investigation at every step. Read More
WASHINGTON – U.S. House Science, Space, and Technology Committee today released an interim staff report with preliminary findings from the committee’s investigation of major data breaches at the Federal Deposit Insurance Corporation (FDIC).
Chairman Lamar Smith (R-Texas): “The committee’s interim report sheds light on the FDIC’s lax cybersecurity efforts. The FDIC’s intent to evade congressional oversight is a serious offense. Major improvements need to be made to the FDIC’s cybersecurity mechanisms.
“The committee’s investigation is ongoing. We will continue to work towards increasing transparency at the agency and hold the FDIC accountable. Americans should be able to trust the agency with their sensitive banking information. The committee looks forward to hearing explanations from the FDIC Chairman tomorrow and what changes he plans to make.”
The committee found that Chief Information Officer (CIO) Larry Gross has engaged in mismanagement, misled Congress, and retaliated against whistleblowers. He has fostered a hostile work environment. It is also clear that the FDIC deliberately evaded congressional oversight. In addition, the committee found the FDIC has historically experienced deficiencies related to its cybersecurity posture, and those deficiencies continue to the present.
The report comes during a lengthy investigation that included holding one hearing, conducting seven transcribed interviews of FDIC employees, and reviewing approximately 15,000 documents produced by the agency, the FDIC Inspector General (IG), and whistleblowers.
Tomorrow the committee will hold a full committee hearing to examine FDIC’s cybersecurity posture, prior congressional testimony by FDIC officials, and the agency’s response to the committee’s investigation. FDIC Chairman Martin Gruenberg and Acting Inspector General Fred Gibson will testify.
The full report can be found here.
On April 8, Chairman Smith sent a letter to FDIC Chairman Martin Gruenberg requesting documents, information, and a briefing from the agency after noticing anomalies in FDIC’s annual FISMA report.
On April 20, Chairman Smith wrote the FIDC requesting information related to other unreported breaches.
On May 10, allegations of the FDIC withholding documents led to Chairman Smith to write a letter to the IG requesting all documents not produced.
On May 12, the Oversight Subcommittee held a hearing on this matter.
On May 19, Chairmen Smith and Loudermilk sent a letter to the FDIC outlining numerous inconsistencies in CIO Larry Gross’s testimony.
On May 24, Chairmen Smith and Loudermilk sent a letter to FDIC requesting transcribed interviews of nine FDIC employees following the FDIC’s discreditable performance at the May 12 hearing, along with their obstruction and concealment of facts and documents. Read More
WASHINGTON – U.S Rep. Lamar Smith (R-Texas), chairman of the U.S. House Science, Space, and Technology Committee and U.S. Sen. Ron Johnson (R-Wis.), chairman of the U.S. Senate Homeland Security and Governmental Affairs Committee, today sent letters to three companies that provided software and services to former Secretary of State Hillary Clinton that played a role in maintaining her private email server. This latest bicameral effort to request information from the four companies builds on earlier investigations initiated separately by Chairman Smith and Chairman Johnson.
“On July 5, 2016, Federal Bureau of Investigation (FBI) Director James Comey announced the conclusion of the FBI’s investigation into Secretary Clinton. While the FBI did not recommend charges against Secretary Clinton, it did identify numerous security concerns regarding Secretary Clinton’s use of a private server and email account. Specifically, Director Comey said that ‘it is possible that hostile actors gained access to Secretary Clinton’s personal email account.’ This finding was based on the fact that ‘hostile actors gained access to the private commercial e-mail accounts of people with whom Secretary Clinton was in regular contact from her personal account.’ In addition, Director Comey raised the concern about the possibility that Secretary Clinton’s server was hacked because of the fact that her personal e-mail domain was known by a large number of people and “she also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries,” Smith and Johnson said in the letter.
“[Your company] declined to provide complete responses to the Committees’ inquiries, citing that it did not have its client’s consent to produce documents or information. Therefore, we are writing to jointly reiterate the previous requests for information and materials that [the company] has yet to provide. The information that Committees seek from [your company] will offer better insight into the security and data backup capabilities of Secretary Clinton’s private server and what potential vulnerabilities to federal records and sensitive information need to be mitigated,” Smith and Johnson added.
Full copies of the letters can be found below:
Letter to Mr. Austin McChord, CEO, Datto, Inc.
Letter to Mr. Victor Nappe, CEO, SECNAP Network Security Corp.
Letter to Mr. Treve Suazo, CEO, Platte River Networks Read More