Investigation of Cybersecurity

Investigation of Cybersecurity

Ranking Member Cummings has been investigating the increasing number of cyberattacks for more than two years and has called for the Oversight Committee to hold hearings and obtain additional information about cyberattacks against retail companies, financial institutions, healthcare corporations, government contractors, and federal agencies

In the 113th Congress, Cummings launched an investigation into allegations that U.S. Investigations Services (USIS), the federal contractor that conducted the background investigation for the Navy Yard shooter, perpetrated a multi-year, billion-dollar fraud against the U.S. taxpayers by "dumping" incomplete background investigation reports to OPM without conducting quality reviews required under its contract.

The investigation resulted in a report titled, "Contracting Out Security Clearance Investigations: The Role of USIS and Allegations of Systematic Fraud," that revealed new allegations of massive fraud committed by the company's top executives that may have endangered national security.

Five Things You Should Know

1. The increasing number of cyberattacks is unprecedented and poses a clear and present danger to our national security and highlights the urgent need for greater collaboration between government and the private sector to improve data security. These attacks have affected hundreds of millions of American consumers.	4. In 2014, cyberterrorists stole nearly 500 million records from various financial institutions as a result of cyberattacks, according to federal law enforcement officials. These cyberattacks include private companies, like Home Depot and Target; financial institutions, like JPMorgan Chase; federal agencies, like the U.S. Office of Personal Management; and federal contractors, like USIS, the nation's largest private provider of federal background investigations.
2. Ranking Member Cummings believes that Congress must expand oversight of the increasing number of cyberattacks in the public and private sectors to better protect American consumers.	5. Experts recommend that both public and private sector entities operate with the assumption that attackers are already inside their information systems and that these entities take steps to mitigate the damage that inevitable future attacks may cause. For example, FireEye, one of the nation's leading cyber defense firms, estimates the average amount of time a hacker remains undetected is more than 200 days.
3. Since November 2014, Ranking Member Cummings has sent over 25 requests to private companies, federal agencies and contractors, requesting information and briefings about data breaches at each of those institutions. In response to the Ranking Member's requests, more than half of the companies and agencies contacted agreed to cooperate by either providing written information or documents about significant data breaches they had sustained or by providing briefings to the Ranking Members' staff.