Jeb Bush blamed President Barack Obama on Monday for failing to heed warnings that could have prevented hackers from accessing personal information about millions of federal employees.
In a piece posted on Medium.com, a blog-publishing platform, Bush writes that the Democratic administration “failed to take basic steps to protect the sensitive personal information of millions of its employees” after the release of a report last year that suggested the federal Office of Personnel Management was vulnerable to attack.
The agency’s inspector general’s office described a years-long inability to meet federal cybersecurity standards and lack of expertise in the agency’s information technology unit. In November, an inspector general’s audit recommended the agency shut down some networks because they were so vulnerable.
Bush specifically faulted Obama for failing to work with the Senate, which failed to pass a measure containing House-backed anti-hacking legislation as recently as this month.
The Cybersecurity Information Sharing Act has healthy support in both parties, although Democrats opposed the measure being attached to a broader defense bill, which Obama has threatened to veto.
The legislation would encourage private companies to voluntarily share information about cyberattacks with the federal government, so public officials could learn in an effort to prevent government data breaches.
“President Obama should step up, show some leadership, and work with Congress to pass this legislation, a key step towards creating a more robust public-private partnership,” Bush wrote.
Hackers were able to access the records of about as many as 14 million current and former federal employees and others in the breech. Last week, the Office of Personnel Management’s inspector general said he had “serious concerns” about the agency’s response, a proposed $91 million computer overhaul of its networks.
Bush regularly argues during public campaign events that government should look to the private sector for ingenuity. He also noted in the piece his visit two weeks ago to Europe, where he visited an international cybersecurity research center in Estonia, a former Soviet republic.
Large segments of Estonia’s online government services were knocked out in 2007 in a cyberattack traced to Russia.