Lawmakers are concerned the Social Security Administration isn’t doing enough to protect personally identifiable information of hundreds of millions of Americans — both alive and dead.
SSA networks “bear the hallmarks of poor information security similar to those seen at OPM’s networks back in 2014,” House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, Rep. R-Utah, said during a hearing Thursday, referring to the massive breach of the Office of Personnel Management’s background check records.
Lawmakers grilled SSA officials about poor management of cybersecurity issues. Officials countered that the organization desperately needs more funding to address vulnerabilities. The agency is also trying to increase the number of virtual transactions it processes, shifting many of the in-person applications to online ones.
“Because of budget constraints, we’re constantly balancing between our service delivery to the public and our program integrity efforts, which include cybersecurity,” Carolyn Colvin, acting SSA administrator, said during the hearing. Over the past three years, SSA has increased its cyber spending from $74 million to $96 million, and “that comes away from … our customer service activities.”
SSA’s problems aren’t limited to funding, Rep. Will Hurd, R-Tex., argued. He referenced a recent report detailing how Homeland Security Department staff, invited by SSA to test its networks, were able to exfiltrate large amounts of PII. SSA officials did not inform the inspector general’s Office about this incident, a decision Chaffetz called “suspicious.”
“Use the money that you actually have in the right way,” Hurd said. “You have the audacity to say that Social Security meets…