Head of hacked U.S. agency says problems 'decades in the making'

WASHINGTON (Reuters) - The head of a U.S. agency that fell victim to cyber attacks defended its performance on Tuesday against withering criticism from lawmakers furious about a breach that compromised the personnel files of millions of federal workers.

Katherine Archuleta, director of the Office of Personnel Management, said problems exposed by the cyber attacks discovered in April and linked by U.S. officials to China were "decades in the making."

Although she said her agency thwarts hackers 10 million times per month, members of the House Committee on Oversight and Government Affairs insisted that the successful hacks showed data security could not have been a priority for the OPM.

Some suggested that top officials resign.

"You failed. You failed utterly and totally," said Republican Representative Jason Chaffetz, the committee's chairman.

U.S. officials have said they suspect China, but the administration has not yet publicly accused Beijing.

China denies any involvement in hacking U.S. databases.

Tuesday's congressional hearing was the first since U.S. officials announced early this month that hackers had broken into OPM computers and the data of 4 million current and former federal employees had been compromised.

Since then, they revealed another security breach that put at risk the personal information and intimate details of many millions more Americans - and their relatives and friends - who had applied for security clearances.

NEW DEFENSES BREACHED

Archuleta said the two breaches were discovered and contained because of new security measures taken in the last year. The attacks occurred before the measures were fully implemented.

"I want to emphasize that cyber security issues that the Government is facing is a problem that has been decades in the making, due to a lack of investment in federal IT systems and a lack of efforts in both the public and private sectors to secure our internet infrastructure," she said.

Archuleta, who was appointed to head the agency two years ago, said 4.2 million employees were affected by the first OPM hack. Even more had been affected in the other attack, she said, but would not provide an estimate.

She also declined, despite repeated questions, to say how many years' records had been compromised.

The committee's top Democrat, Elijah Cummings, said he was concerned about how many people were affected, what the government was doing to help them and what foreign governments could do with their information.

But he said details of the investigation should not be made public: "A lot of the information about the attack is classified and the last thing we want to do is give our enemies information."

Archuleta, OPM Chief Information Officer Donna Seymour, Homeland Security Secretary Jeh Johnson and other administration officials held a classified briefing on the cyber attacks for lawmakers later on Tuesday.

Suggestions of Chinese involvement could further strain ties between Washington and Beijing, which are holding an annual "Strategic and Economic Dialogue" in Washington next week involving senior government officials.

Lawmakers expressed frustration at the refusal of Archuleta and other administration officials at the hearing to answer many questions, frequently justifying their silence by saying they could not discuss classified information.

"I am gonna know less coming out of this hearing than I knew coming in," said Democratic Representative Stephen Lynch. "You're doing a great job stonewalling us, but hackers, not so much."

(Editing by David Storey, Lisa Shumaker and Grant McCool)