Cybersecurity concerns over USAJobs site a ‘red herring,’ critics say

Josh Peterson Tech Editor
Font Size:

Cybersecurity concerns pushed the Office of Personnel Management to transition the USAJobs website from a private administrator to in-house management, OPM announced in a statement Thursday.

The results were disastrous.

Skeptics call the latest announcement a “fallacy” and a “red herring,” saying that OPM is running out of excuses as problems persist.

OPM Chief Information Officer Matt Perry proclaimed, in a statement in the “Top Ten FAQ” section of the USAJobs website, “The transition to USAJobs 3.0 has made applicant resumes more secure.”

“In fact, the issue of cybersecurity was a key reason why federal agencies collaborated to assess what improvements needed to be made to USAJobs,” said Perry.

“That assessment lead our federal agencies to conclude that moving USAJobs to a 3.0 platform was necessary. In times of increasing cyber threats, it is important that the personal data of applicants to the federal workforce be handled in the most secure manner,” said Perry.

Ardent USAJobs 3.0 critic Linda Brooks Rix, CEO of Avue Technologies, explained to TheDC on Friday that “this is kind of their newest reason as to why they tried to build this in-house.”

One source familiar with the issue told TheDC that OPM’s latest announcement was a “red herring.”

Since OPM’s October 11 rollout of USAJobs 3.0, the federal job-seeker site has been plagued by problems that locked USAJobs in what OPM Director John Berry called “a death spiral” in a press conference on November 3.

One problem resulting from the upgrade was a requirement that users update their passwords when the new site was rolled out. Berry told reporters during the press conference that requiring people to change their passwords was “obviously, one of the biggest headaches we faced, and it goes to the heart and soul of the security issue.”

“You can’t — if you bring in old passwords, you’re going to always face challenges with the security,” he said.

While password security was one of the “biggest headaches” OPM faced, private sector firms say that their policies should be more comprehensive if the agency is actually concerned about security.

Whereas Avue Technologies’ data center is protected by bullet and riot-proof glass, mantraps and triple redundancy on biometric verification, Rix said that OPM is not.

“They run out of a standard office building, they have no disaster recovery site or a continuity of operations plan,” said Rix. “OPM is also self-certifying their security system.”

In February, Berry sent out a memorandum, entitled “Competency Model for Cybersecurity,” developed from a 2009 study in which subject matter experts “provided key insights, and employees and supervisors across the Government completed surveys to paint a comprehensive picture of cybersecurity work.” The first and second highest-rated skills, rated on a scale of one to 34, included “honesty” and “computer skills.” “Security” and “network defense” were rated at 15 and 18.

Washington Post columnist Joe Davidson expressed concern Wednesday that recent problems at could be “signs of deeper woes at OPM.”

70,000 applications disappeared from the OPM-managed site, USA Staffing, in August.

Recently adding to OPM’s washout resume is Users began posting complaints Friday morning to USAJobs’ Facebook page about the program.

Federal job-seekers continue to express frustrations about problems loading the website, failure to save uploaded resumes and hard-to-understand site layout. Perry assured users in his statement that customer unhappiness was simply due to temporary confusion.

“While the site is uncomplicated, any transition is confusing,” said Perry.

When TheDC called USAJobs for comment, it was met with an answering machine that said to check the Frequently Asked Question’s section of the website.

The House Oversight Committee is scheduled to hold a hearing Tuesday called, “Back to the Basics: Is OPM Meeting Its Mission?”

Follow Josh on Twitter