systems that were certainly enterprisewise and served large populations of people like opm. >> sizewise similar to -- >> yes, sir. sizewise similar uh-huh. >> and how quickly were they able to complete these projects? >>. >> some of them took -- some of them were much faster than others. you know, depended on when i came into them. some of them were delivered within a year and some of them took years -- multiple years to deliver. the way we're change the way we deliver i.t. solutions now we're trying to be much more agile. we're trying to find what we call a minimal viable product. we're trying to find segments of capability we can deliver in shorter term, so we're trying to deliver, you know, capability within six months -- six-month segments and then build on that to get to a whole system. >> how quickly do you think

you'll be able to complete this current project? do you have a goal or an expectation? >> when we started the project, sir, we -- we kind of divided it into two pieces so we could understand it. the first we called our tactical phase, which was shoring up the network we have today. and we've put a great number of security tools into our current network. that's what allowed us to find this adversarial activity this year. the second piece of this was building the shell. and we estimated that it would take us approximately a year to be able to deliver that. that project is on schedule. and it is on budget. and we will be delivering the shell environment this fall. the next phase is migration. we recognized from the very beginning that we did not have a full enough scope certainly not from my tenure on board back to june of 2014 did i have enough scope or understanding of

exactly the opm -- the full opm environment to be able to assess what it was going to take to do that migration. and so that's why we only contracted for the first two pieces. we said as we work through this project to understand it we'll be able to better estimate and understand what needs to move into that shell. but we knew from the beginning that there were some systems that were very old, that are about 30 years old that we were going to have to migrate into that shell. so, we focused on those first. >> okay. one other question. last tenure before this committee, you refer to the fact that you -- you deal closely with the i.g. and last time we had a major i.g. project you apparently did not notify him of the project. do you have a reasonable for that or explanation for that? >> i don't -- i'm not aware of a requirement.

i could certainly be corrected but i'm not aware of a requirement to notify the i.g. of every project we take on. certainly we included in our budget request for 2016, we talked through this project and documented it in that arena. we also discussed on a couple of occasions with the i.g. this project because they have an interconnection with our systems. and we actually host some of their systems. so they have to come along with us in this project if we're going to continue to provide those services. >> okay. an undertaking of this size, maybe it's not something you normally tell the i.g. about but you would not have felt the necessity to notify them what's going on here? >> sir it's just based on my experience that if i am -- no sir, i would not normally advise

the i.g. of a project that we're doing. that doesn't mean that i'm holding the information from them. but i also do know that we discussed with the i.g. on a number of occasions the fact that we were taking on this project and that they needed to modernize their systems and upgrade their systems to be able to meet the security requirements for this project. >> thank the gentleman. we now recognize the gentle woman, ms. gresham. >> i just got back to this meeting after one of the five national labs, which is in my district albuquerque new mexico. of course, the theme of many of those meetings are the constant threats every second of every minute of every day, they are clear that someone, something is

entertaining a cyber security attack and it's a constant threat and they're clear that that's the environment they work in. they're also clear that they need our support and recognition to be proactive and to do something about these problems both internally and externally. and i appreciate their constant surveillance and awareness of this critical problem. i, too before i ask my question, am extremely disappointed in the reaction from this panel at this hearing that we know that these are issues we have to deal with. that we are, in fact accountable and, in fact, you are liable. and what i hear is that none of those really are occurring. that if you don't provide us the answers at this hearing and the answers that rear requesting in the documents, you cannot help us assure we're protecting or adequately identifying the scope, which means that then you

become part of the problem again. and i find it incredibly offensive that that's what is occurring in this hearing. what we all ought to be doing is ensuring we're protecting not only the thousands of federal employees in my district and the hundreds of thousands of employees around the country and the millions of employees who are affected we are all scrambling to figure out who's the most accountable and who's the most responsible and who's the most liable. and i'm expecting much better cooperation. there's a lot of work to do in accountability identifying the scope, doing something about the legacy systems, making sure we're prepared for the next potential breach. as we do that, i do want to focus on how we're treating these employees. and so, director archuleta, i hold in my hand one of the letters that many of my employees and my constituents are getting.

and i'm concerned about some of the aspects of the letter and i want you to talk me through about some of the concepts identified in the letter and how you came to these conclusions and what we might do to broaden those. for example, in the letter you say that your information to an employee could have been compromised, that potentially affected -- i don't know when you're going to find out about that -- will receive a subscription to csid protection and identity theft for 18 months. now, what happens if you have an issue after the 18 months, is that individual going to be covered? >> the individual on the identity theft, yes. >> so even though the letter says you got an 18-month, what are we going to know in writing -- because these are lifetime issues. unfortunately, they don't go away. once that's been compromised, that's the problem. you're compromised. i don't think that these consequences are just 18 months.

and i was interested in how you came with that framework. it seems to me people should know they're going to be protected by you and supported irrespective irrespective. >> i understand your concerns. i understand the responsibility we have to our employees about their pii. i take that responsibility very, very seriously. i want to say there are in the letter -- the first sentence you wrote, the difference between exposure and exfiltration, it could be their data was exposed and not exfill traited but we feel strongly we need to offer the same to those employees whose data might have been exposed. >> i got it. i just want to know you're going to be responsible and supportive of these employees -- >> absolutely. >> not just in the short term, but the long haul. so they can expect another letter or something that says we're here. because the other thing i would like to you consider because i appreciate that response is

that if you look at the letter again, and i've read it carefully, we're pushing folks -- i get also i agree, to the right kinds of experience i hope, contractors to provide that support and identity restoration. i would like more clarity about what that will involve. in addition, you've got to call all these outside numbers. have you to call all these credit agencies. you have to enroll yourself. i would strongly encourage you that there ought to be a phone number that i can call to opm. >> by law, they have to enroll in the -- >> no no i understand that part. in terms of managing and supporting employees i expect the organization that's the source of the breach would be available to me and not just outside numbers. and i don't know if you've done any mystery shopping of the toll-free numbers or calling these credit folks but there's an interesting long waiting period. i would really strongly suggest we step up hr and that there's a

quick and immediate response in your own department. >> thank you. i appreciate your comments. i agree with you totally that we need to hold our contractor responsible for their response. we're also instituting new ways that they can -- that they can respond to the employees. i think i mentioned before you got here is that we're using the ssa model where we in fact, are being able to call them back. that no one has to wait online. >> we recognize the gentle woman from virginia, ms. come stock for five minutes. >> thank you mr. chairman. thank you for letting me sit in on this hearing. and i think as i've already talked with opm, we do plan on doing some hearings in the science and technology subcommittee, which i chair also. like some of my colleagues have already mentioned, they've had that experience i received those same letters, as have more importantly tens of thousands of my constituents here in north

virginia like mr. conley. also had the unfortunate experience of also getting a letter from the irs saying my tax information had been compromised, but that's probably another hearing, mr. chairman. what i'm concerned about is i'm not hearing leadership here. i know when i visit the visa data center in my district and i see all the things they have in place and the leadership they're exerting and the leadership that comes from the top there i see a very strong culture in their cyber security and how they're attacking it. my question ms. archuleta, when you came here 18 months ago you understood that we had a very real threat from china and other bad actors that this was constant, like the congresswoman was talking. it's constant, something every day and something you're always going to face. do you understand that? okay. and so in doing that because i think really what we know here from what mr. connolly has said,

they're at war with us and we aren't up to speed. we aren't responding in kind in terms of the problem. now, what i'm hearing is the blaming the actor here. you're saying, we know they're bad actors. we know that. that's part of the job. what i would like to know in the 18 months how many meetings have you had personally where it's been exclusively about cyber security and you've had those meetings and who have they been with? >> i've had those meetings with individuals throughout government. i have had those almost on a daily basis with my own staff and the cio. i would say that since the 18 months that i arrived i recognize the same problem that you did and we have taken tremendous steps. as you say, that there are these actors and they are aggressive and they are well funded and they are persistent. and the first thing i did was to implement an i.t. strategic plan with the focus on i.t. security. >> okay. i appreciate that because we've

gone through those details. but have you visited private sector, a data center and seen what the private sector does? >> i have had discussions with the -- >> notice. have you visited? have you visited -- >> i have visited yes, other companies. the issue of cyber security was not the one that we discussed. but is the plan that i outlined this morning, is that we're holding a summit in the very near future to bring those private individuals who are facing the exact same threat we are so we can learn from them. >> but in the past -- >> we need to access experts. >> in the past 18 months you had not done that? >> i had not met personally on cyber security issues. >> with the private sector? >> with the private sector. my colleagues across government have, like tony scott and others, the federal cio and i've been the benefit of those conversations at the -- and his experiences as well as other people throughout government. we recognize that cyber security

is an enterprise issue for all of us in government. it's not just one person who has to take responsibility. all of us across government -- >> i appreciate that but i think the point that has been made by people who are leaders in this field is the person at the very top has to take that role. i would note when target, when they had this breach when they had this problem, it wasn't just the cio who lost their job, it was the ceo who lost their job. that's how that was responded to in the private sector. so, i want to continue with some of the points that have been made by mr. mcfarland. have you sat down with mr. mcfarland to discuss his recommendations, you personally? >> i sit with mr. mcfarland. he's brought some of those to my attention. i've also -- with the flash audit i have not had opportunity because of the time period it was released but it's my full intention not only to talk with him about the flash audit but also to engage him as we move forward, as we always have.

>> now, when i sent you the letter that you had sent back, really one of the questions i had in there was, how many people in my district have been impacted by this? i think it's a fairly simple question because you sent out the 4.2 million letters right? and letters usually have a zip code. so when you ask -- so you should be able to tell us how many people we have in our districts that have been impacted by this so we -- i've certainly been hearing from many, and they have a lot of questions. i would also like to mention i would like to submit for the record questions from the american -- the federation of government employees. i've had a lot of incoming questions that have come that obviously we don't have time here. but just a simple question that did not get answered was how many constituents do i have impacted by this? >> we -- i'd be able to get you that information from our data. we'd be glad to share it with you. >> thank you, mr. chairman. i yield back. >> thank the gentle woman. we recognize the gentleman from

california mr. des-d for five minutes. >> thank you. i apologize for having to leave. very troubling. i have a character flaw for this committee. i tend to give the benefit of the doubt, so ms. arch let that i would like to give you the benefit of the doubt but the flash report is concerning to me. mr. mcfarland says, the project management approach for this major infrastructure overhaul is entirely inadequate and introduces a very high risk of project failure. would you say that your level of confidence in of opm is heightened or do you stand by that comment? >> i stand by that -- i stand by that comment. >> and you also asked for responses from opm. it says you asked for it june 2nd of 2015 and asked for

comments by june 5th and later extended that to june 10th. by june 17th we had still not received comments or indication that comments would be forthcoming. did you ever get comments back before the hearing? >> i think we may have gotten comments back that day. >> okay. i got something this morning, u.s. office of personal management strengthen cyber security and protect critical i.t. systems. doesn't have a specific date june 2015. ms. archuletta, is this the response or -- >> no i'm familiar with it. the action plan you received today is an action plan that i've developed along with my staff in response to the very serious issues and stletsthreats we're facing right now. it outlines what we've done and what we will be doing. the response to the i.g. on the flash audit he has received as

i said before mr. mcfarland and i have not had the opportunity because of the time period that -- where we've been engaged with other things. it's our intent, as in the plan to ensure he's engaged with us alongside us and that we value his opinion and the work of his staff. >> so mr. mcfarland, heretofor you haven't gotten that impression. at least that's my impression. that ms. archuletta said she values your input but you haven't gotten that from what i ascertain from your comments and written commentary. >> well, what is on paper is exactly what i -- >> so, do you have any heightened confidence that what ms. archuleta said about your relationship will improve? it doesn't seem there is any evidence to that. >> well, i think in general we

have a good relationship. truly, i think we have a good relationship. regarding this matter i think we're worlds apart. >> that's fairly significant. as you said to mr. lynch $93 million, you said, isn't even close to the amount needed n your opinion, and the ability to succeed, there's a high risk these efforts will ultimately be unsuccessful unsuccessful. given how horrible the consequences of what's already happened doesn't really give me a lot of confidence that going forward anything is going to improve. as a matter of fact, it sounds like it's going to get worse. >> i think going forward at the right -- at the right pace and concentration might be very successful. what i think is planned by opm, i think, is dangerous. >> would you like to respond to that, ms. archuleta? i can only imagine how difficult

it is coming in here but i must tell you just sitting here and being willing to give you the benefit of the doubt, you appear to come across as petulent, defensive and evasive. >> i don't mean to do that at all. i take very, very seriously what has happened. >> you say that over and over again. with all due respect i believe you but it doesn't appear to be the truth. >> well, i do -- what i have tried to do today is convey to the members how seriously i take this and that we are garnering all the resources including the opinion of the i.g. we disagree on some issues but we do have other areas of agreement. we also have areas that would benefit from discussion between me and the i.g. i think that's an important step. i.g.s work very closely with their administrations to make sure we're doing the best job we can. i take this information very seriously.

i do not want to convey that i'm angry or petulent about it. i am respectful for the position he holds and the input he gives but i feel passionately about what has happened. i feel very passionate about the employees. i am a champion and have worked very hard throughout my entire career. and if i sound passionate about it, i -- i have to say that i am. >> i just personal observation. sometimes you can feel passionate about things but not be capable of doing what you desire to do and i think we need to have a serious conversation. i know the chairman has these concerns about -- to be perfectly honest -- whether the current administration is competent enough to protect this information from people who would hack us. thank you. >> gentleman yield? >> yeah. >> gentleman yield. i think the gentleman gets to the point that i was trying to get to a little bit earlier.

and the question becomes, we've got mr. mcfarland saying that -- i think he used the word dangerous. is that what you inside. >> that's correct. >> we're heading down a dangerous path. >> i believe so. >> and when you say dangerous, i mean you -- you're saying we're headed for some very serious trouble. is that a fair definition of dangerous? >> absolutely. >> so, ms. archuleta, our problem is this we sit here and we've got an i.g. who we believe in and trust. the i.g. is saying that you need to take his advice in what you're doing is not going to get us there. as a matter of fact, may harm us. am i right mr. mcfarland? >> that's correct. >> so you put us in kind of a

difficult situation. we've now been given notice as members of congress that we're headed down this path by somebody who we rely on. you tñddisagree with them but then you expect us to be supportive of you. no, no, no, no, listen to me. that's a problem. now you put us in kind of a bad position. that means that if this happens again, problems get worse, then people say, well, wait a minute chaffetz, cummings you were sitting there. you heard what the i.g. said. i mean, why did you let this go on? that's the position we find ourselves in. so, i don't care whether you like each other or not. that doesn't matter to me. a lot of people get along. the question is, it sounds like you are refusing -- no, no,

answer me now. i'm going to give you a chance. to do what he's asked you to do. because you disagree. but on the other hanld he's saying, we're going down a dangerous path. i mean, come on now. do you have a comment? >> yes. i just want to be sure. >> the flash audit identified issues. a flash audit is meant to alert the administration about concerns. it merits an opportunity for the i.g. and his staff and the -- and my staff to sit down and find out where his concerns are. if he says it is a dangerous path i want to know specifically why he's -- >> haven't you told her that before? is this new? >> as far as the word dangerous i probably didn't use -- >> yeah but i mean, you told her

the urgency of the moment. >> absolutely. >> and the problems that we're having. and where you see it heading. >> yes, in a letter. >> well, come now. >> he sent the letter. attached to the flash audit and we have not had the opportunity to sit down with him. and i take very seriously his concerns, mr. cummings. >> will the gentleman yield? >> and the opportunity, if he uses the word dangerous, i need to understand clearly from him and his staff why he attaches that word. and the flash audit needs the scrutiny of both him and i together to protect the employees and to protect our data and to protect our system. >> with all due respect, and i know you're fairly new to this position, but the audits have been coming from the inspector general's office since 1997. they come in year in and year out. they have happened and happened and happened and happened.

i mean i started the other hearing by reading through all the comments that have come along. so, this is a flash audit. you haven't had time to talk about it. you haven't had time to go through it. and yet you can award a multimillion dollar contract in less than 48 hours. that's what we don't understand. we're going to go through that in a minute. we're almost done with this hearing. this isn't just one audit. this isn't just one observation. the good people in the inspector general's office have been warning about this since the '90s. and it was never taken care of. >> thank you for pointing that out. and i appreciate it. and acknowledge that. i've been here 18 months and i took seriously the audits that came before me and that is way i have done and taken the steps -- >> we don't believe you. i think you're part of the problem. i think if we want different results, we're going to have to have different people. and if you want to refresh the deck and we want to put mr. osmond orr someone like that in charge, we have to do it.

we have a crisis. that hurricane has come and blown this building down. i don't want to hear about putting boards up on windows and it's going to take years to get there. that's why i think it's time for you to go. ms. seymour i'm sorry but i think you're in over your head. and i think the seriousness of this requires new leadership and a new set fresh of eyes to do this. i wish you the best in life. i'm not out to get you. but you know what, this is as big as it gets. and there are going to have to be a new team brought in. that's where i'm at on this. yield back to the gentleman. >> gentleman back. >> i recognize myself. we have to talk about some things. mr. hess, have you come up with a decision about the timing of when you will provide this information i asked for previously? >> you want it by next week. >> fair enough. next week f we can get that information, we would certainly appreciate it. and we will follow up. i will follow up. i got mr. cummings' back on this

one, and i will support him in this. he's asking reasonable questions and i appreciate the cooperation. thank you. i now -- i'm going to yield to the gentleman from alabama who's brought up a great issue and a great point. i want to go through this contract timeline here. again, we're guessing close to wrapping up. on thursday, may 28th of this year, just not too long ago at 11:33 a.m. opm posted a 29-page request for quotes to provide notification, credit access credit monitoring identity theft insurance and recovery service and project management services. on may 28th at 2015 at 1:46 p.m. opm posted amendment one, pricing sheet. may 129th at 1:32 p.m. opm changed the deadline from may 20th to may 30th. on may 29th at 2:45 p.m., opm posted another change. modified info to be submitted and deleted some clauses. and on tuesday, june 2nd a contract was awarded to the winveil group. i don't know the winvale group.

could be nice people. i don't know. but they immediately turned around and subcontracted this. to a group i don't know a whole lot about. i would like to have mr. palmer ask you some questions about this. >> thank you mr. chairman. this question is to you, mrs. seymour. do you know any of the management of cinside. >> not that i'm aware of. >> do you have any knowledge about the management of csaid? >> not that i'm aware of. i got key personnel resumes in the proposal. >> did anyone discuss with you any knowledge about the ceo, scott kruitchank. >> no sir. >> hosam bengasam. >> no, only four directors. the last one is owen lee. i asked you about him earlier. >> no, sir, i have no

recollection of him. >> you know, you've let a contract in a very sensitive area. i mean this literally impacts millions of people. it impacts their -- potentially impacts their financial well-being, their careers, yet it appears you didn't do the most basic research into the company that you've contracted this with. if you had, i think you might have discovered that mr. lee is under investigation by the democrat of justice and securities exchange council -- commission, i mean. they're looking into his management of a group called carnesi, which in nine months he lost 99.97% of the money invested in that hedge fund. mr. mcfarland let me ask you this, if you had known this would this have raised a red flag with inspector general's

office? >> absolutely. >> >> i've listened to mr. cummings i've listened to the chairman. and the more i listen to these guys and and members of this entire committee ask these questions, the more concerned the more frightened i've become about how opm has handled this. and thoenen to find this to find the most basic analysis is not being done just adds to that. one other question i want to ask you. mr. osmond who testified last week, made this comment -- i want to ask you are you aware of any outside contractors who are for nationals? have you contracted any work with them? ms. seymour? >> i'm sorry, i didn't realize that was my question. i apologize. am i aware of any -- >> have you contracted any of

this work to four nationals? >> not that i'm aware of, sir. >> how about you, ms. archuleta? >> no. >> let me -- may i read this or do you to want read it? >> go ahead. >> this is in "the wall street journal," mr. osmond. he said some contractors that have helped opm managing internal data have had security issues of their own. including potentially given foreign governments direct access to data long before the recent reported breaches. a consultant who did some work with a company contracted by opm to manage personnel records for a number of agencies told ars that he found the unix system administrator for the project was in argentina and his coworker was physically located in people's republic of china. they had access to every row of data and database. another team that worked with these data dayses had two team members with people's china

passports. i know that personally because i worked with them and revoked their privileges. you're not aware of that? >> sir i'm aware of two of our -- two federal employees who have ties to foreign countries. they are u.s. citizens and they work on our programs. >> how does -- here's whats on mutt said, from his perspective opm compromised this information more than three years ago. his current take on the breach is so what's knew? i yield the balance of my time. >> gentleman, where is -- i would like to ask unanimous consent this article yin by jowl yeah la roch, head fund manager who said sorry for losing 99.7% of his client's money is now being investigated by the s.e.c. and department of justice.

ms. seymour were you aware that the contract that you let for windvale was going to be sublet? or going to be a subcontractor? without objection, by the way, i'll enter this article into the record. did you know there was going to be a subcontract? >> windvale's proposal included the fact that it had work -- that it was subcontracting or partnering with csid on. >> when you did your due diligence and looked into some resumes of the people that would be involved and engaged in this, did that include the employees and the board at this subcontractor? >> it did -- it did not include the board. we used past performance and their other systems of the contracting officer uses to research a firm to make sure they're qualified to do work with the federal government. >> at either windvale or the subcontractor, if there's more than one subcontractor, do you personally know anybody who's in any way, shape or form involved? any of those companies?

>> not to my knowledge sir. >> there's nobody from the former department of defense or from the office of personnel management? you know none of those people? >> i don't -- i do not believe i know anyone in -- that's working for those firms. >> ms. archuleta do you know anyone that works for either of those two firms? >> not to my knowledge. >> here we have someone who lost millions of dollars under investigation by the department of justice. we got to figure out how in the world these people get the contract. because we're saying, federal employees, millions of you effected, go give them the information. that's the kind of person we're dealing with. i'm not saying he's guilty. he's under investigation. why should we take the chance? why didn't you get to the gsa list? there's a list of approved vendors out there. why not use one of them? >> we did consult with gsa and the gsa schedule on this.

there were some requirements we wanted to include in our contract that were not available on the gsa schedule and it -- >> like what? >> d-duplication of services is one of them. we knew -- what we were trying to do at opm was set up a contract vehicle that we could use in the future for any additional breaches, whether it's one or twossies or anything else. we wanted to set up a vehicle that would not cause us to pay or to offer the same services to affected individuals at same time. that is built something the gsa schedule afforded us the opportunity to do, even after we talked with the schedule holder at gsa. >> i'm just telling you this reeks. for any contract to go out that fast i understand the gravity of the situation you'll deviate from that and immediately go out to a subcontract, i would encourage you to as swiftly as possible get back to senator

warner mr. palmer as well as this committee. i do need to ask about credentials. ms. archuleta, is there anybody in the opm system, whether an employee or contractor, who is a foreign national? >> sir, i want to be sure of that answer. i'd have to come back to you to be sure that i -- >> ms. seymour, is there anybody who's a foreign national who is involved as either a contractor or directly as an employee at opm? >> i will get back to you on that, sir. >> the fact that you guys -- that you two don't know that's -- that's what scares me. that's what really scares me is that you don't know. >> i know about my staff, sir. >> how many people on your staff? >> about 280. >> how many people have credentials to become a network administrator or have access to the network? how many? >> i believe it's about 50. >> so those 50 people.

how often do you routinely audit that? >> we review them very frequently. >> like what? >> probably monthly. we have processes for when they come -- when people come on board and when they leave that we remove their access privileges. >> do you review the traffic that's going through there? because that's part of what happened is somebody gained network administrator access and -- >> so, that's how we were able to track through and find out our background investigation -- >> after they had been there for more than a year right? >> yes, sir. >> so how often do you track that and monitor that? >> we had put the tools on our network just over the last six months or so to be able to see this type of activity in our network. again, sir, when i came on board, i recognized that these systems were in need of some modernization. we put in place a plan and began to execute that immediately, to put the security tools in place so we had visibility in our network. that's what led us to understand

this latent activity that went back to even prior to my arrival at opm. >> i have a series of other questions. but let's recognize the gentleman from georgia, mr. carter. >> thank you, mr. chairman. thank you all for being here. mrs. seymour, i would like to start with you. it's my understanding that opm's legacy system that you're currently using cobalt a system that was developed originally in 1959. is that correct? >>. >> i don't know when it was invented, sir, but yes we are using cobalt in some of our systems at opm. >> ard koing to my research and staff's research it was originally developed in 1959. and that's the system we're using. >> yes, sir. ms. archuleta, opm since 2008 has spent $577 million on i.t., is that correct?

>> i don't know exactly that number but i'll accept it. >> you think it's pretty close? >> i would have to trust your judgment. i don't know the number on that but i could get back to you. yes, if you want -- >> would you say sthaet in the ballpark, $577 million? i mean give or take a couple hundred million. what are we talking about? >> i can tell you what we've spent on it, but, yes, i'll -- >> $577 million since 2008, yet we're still using a legacy system that was developed in 1959? >> i agree with you totally sir. we are using a legacy system that was designed in 1959 and that is what we're working to change. >> it's my understanding that approximately 80% of our i.t. budget is being spent on legacy systems. is that correct? >> right now the legacy -- we're working off of our legacy system, that's why we're making the investments into a new system.

>> i'm sorry. i'm just flabbergasted by this. ist just mind-boggling that we could spend -- first of all, that we could spend $577 million. secondly, that we're spending 80% of what we have budgeted on legacy systems. i mean, it's just amazing to me that we're doing that. nevertheless, ms. seymour, let me ask you, the i.g.'s flash audit estimated cost for two phases, only two phases of your infrastructure improvement project is going to be $93 million. is that correct? >> yes, sir. we put together the plan with a very robust inner-agency team and had that reviewed by a number of experts. >> $93 million? >> yes, sir. >> i'm sorry. i don't mean to -- to be dramatic, but $93 million? >> that covers both securing our legacy architecture, the one we

have today, putting as many -- >> the one that was originally developed in 1959? >> our net -- not all of it was developed that long ago. >> if any of it was developed -- >> so, our network was designed you know, about a decade ago. so, we are trying to shore that up, provide as much security around that network as we can, that's part of what the money is going to. the other part of the money is going towards building a more modern and securable network we will transition to. >> okay. it's my understanding that despite the decades we've been spending all this money, these millions of dollars that we are still using paper forms in some cases, is that true? >> a number of our business offices still use paper forms. >> we've spent $577 million on -- on i.t. since 2008 and we're still using paper forms? of course, hey, paper forms may

be better in this case. at least we've still got control of those. >> i can't speak to what's happened before me, sir. i can tell you that when i came in and saw the state of our i.t. systems, i worked with director archuleta to put in place a plan, an aggressive plan, for migrating to more modern more secure network and systems. >> does it include paper forms? does it include paper forms? will we still have paper forms after you make these adjustments? >> we want to remove as much paper as we can from our environment, sir. that's one of our goals. >> well i can't help but wonder if that's not a move in the wrong direction. i mean, at least we can have some control over these paper forms. we obviously don't have control over the computers and the information that we have on the internet. >> i would offer sir there are security concerns with paper just as well. we have you know, violations or issues with paper as well as you leave paper around. the other issue we have with paper, sir -- >> so, we leave paper around?

>> sir, when you leave it in your office or when you're working with it. i would also offer that when we have paper, we don't have backup systems. that's a concern as well. as we move forward with -- >> mrs. seymour, i agree with every point you're making here. my point is we spent $577 million since 2008 and we're still using paper. >> sir, i've also said i can't tell you what's going on before me. what i can tell you is the plan we are putting in place we're trying to put -- we're planning to put in place an enterprise case management system. we're working twartsdz that that will eliminate a lot of our paper. we'll modernize our systems and provide better protections around our -- around data and our systems. >> i think -- >> what we do that includes that $577 million that we've already spent? >> i'm sorry, snir. >> this is going to be more problem we throw at this problem, right? >> sir, i cannot account for what happens happened before me. >> thank the gentleman. we have a vote on the floor. we'll recognize mr. cummings for one more question. >> i'll be very brief.

thank you very much. i want to go back to this contract contract. winvale got this contract is that right, mrs. seymour? >> that's correct. >> what was the process? it doesn't smell right. something doesn't smell right about this process. winvale gets it and then they turn around and csid -- >> no sir. the proposal that we got was from winvale partnered with csid. we knew up front that they were -- they had support from c csid. it was part of their proposal package to the government. >> you didn't know about mr. lee? >> no, sir, i did not. >> you didn't know his apology for losing 97.7% -- 99.7% of $60en million went viral -- >> no, sir, i did not. >> -- in march? >> no, sir, i did not. >> so the question becomes -- do you think you should have done

some better due diligence? >> so we did due diligence on the company. there are several ways the contracting officer validates that the company is able to do business with the government. >> mr. mcfarland, this concerns you, i say it? >> yes, of course. >> and why is that, sir? >> just the reasons you espoused. it was very fast. as a matter of fact, a few days ago we were talking about that in the office and we are going to be looking into it. >> i'd appreciate that. i just have one statement real quick, mr. chairman. i want to conclude you by thanking again to invite the contractors here today. we've obtained some significant information but there are also many, many unanswered questions. we ask use of information, they have refused to giv cfe than a year. mr. gichlt anetta, promised to help us get those answers but i'm concerned he may not be

there in a couple weeks so we may need to follow up with parent company. we also asked keypoint for documents we originally requested months ago and you pressed him to provide those documents. i think you understand how frustratingd it has been for me over the past year. i thank you for your help for agreeing to invite them for helping us get the information we need. we will prepare questions for the record for today. i hope we will be able to get all of these answers. i really hope it won't require a subpoena. with that, i thank you and i yield back. >> thank the gentleman. we're now at the halfway point. i'm just teasing. we're wrapping up here. you've all been sitting here a long time. a couple more questions. we do have a vote on the floor. director4 back to some of your previous comments. this has to do with what you said in july of 2014 regarding the opm data breach that became

public in march of that year. at the time you said they did not have a breach in security. ms. seymour, i think was -- ms. seymour was very candid in saying she did think it was a breach in security. so, which -- is she wrong? >> as i explained earlier, sir, in the question that was asked to me, the conversation was around pii, and i answered it in that context. >> but you don't believe that there was any access to see that information? >> i don't believe that there was -- that data was breached and that there was no data ex exfiltrated. >> do you believe they had access to it? >> that's why we believe there was, in fact, a breach. i'm not the forensics. i don't know what they did with it. what i was assured of sir, and how i responded in that -- in that interview was that i -- there was no pii extricated from

the system. >> so, you did know that the opm network -- the network platform -- that the blueprint essential lit keys to the kingdom kingdom, was exfill traited, correct? >> the question was around the pii and i answered it. >> i'm asking you now. i'm asking you now. do you believe -- did you know -- somehow you had to know, i hope -- >> mrs. seymour informed me that other data had been taken from -- but it was not -- it was in different context to that question. >> but that was a -- essentially a blueprint of how the schlystem worked, correct? >> she informed me some manuals had also been exposed and potentially exfildrated, yes i knew that. again, the question was around pii. >> again you did know there was a security breach, correct? >> correct. >> and you did know that there were things other than the pii that were potentially

exfiltrated? >> i did. >> you did know that. what do you think's a bigger success for hackers you know, stealing the files for tens of thousands of employees or the files for 32 files for up to 32 million employees? >> i believe that all of that is very important, sir. i can't distinguish between both of them. each equally as important. >> when did the hackers first gain access to opm's network? the ones we just learned about. maybe ms. seymour is better positioned to answer that. either one of you if you know what the timeline is on that. >> i have the timeline. >> yes. >> so the actors first gained -- adversary access was first noted within the network from november of 2013. >> the one that we just learned about? >> i'm sorry. that was from the 2014 intrusion you were referencing based on the manuals.

>> and sorry, that happened at what timeframe? >> they had -- we were able to confirm based on the on-site assessment that they had confirmed access in november of 2013. >> okay. ms. seeymourseymour, i think you were going to say something. >> i was just going to clarify for this most recent incident dates back to june of 2014 the access the adversary had dates back to june 2014, i believe. >> is it possible that when they took this blueprint i call it the keys to the kingdom that that would have potentially aided the hackers in coming back into the system and stealing these millions of records? >> these are available manuals typically for commercial i.t. equipment. so yes, it would an adversary in understanding our platform. they did not get, you know specific configuration diagrams

of our entire environment but these are commercially available. a lot of these are commercially available documents about platforms, computing platforms. >> miss barron dicamillo did that provide any proprietary information? >> iddid not include. it was manuals associated with certain types of platforms but again missing or that information is available, i think ibm is one of the sites. >> did the hackers have access to be able to see the information regarding personal employees? >> so in 2014 is that the incident you're referring to? >> yes. >> based on the on-site assessment we weren't able to confirm that they were able to access any of the pii information.

so not only so your question about seeing it there's a certain portion of the networks they were specifically focused on and they were not able to infiltrate into those portions of the network. >> ms. seymour -- let me ask ms. archiletta. responsible for safeguarding the pii in 2014, who do you hold responsible for its loss today? >> i hold all of us responsible. that's our job at the opm. we work very hard to do this. and we work with our partners across government. i know you're perhaps tired of hearing this from me but we're facing a very aggressive attacker. we protect against 10 million attempts each month. so we're working very hard to do that. we're working extremely hard to prevent the types of things that we're seeing here today.

>> i want to make sure you're going to get us some documents right? we've been requesting documents for a long time. i want to make sure what documents you're going to provide us. are those the ones we've been asking for? i can't hear you. >> i'm sorry. we're going to be addressing that letter and each of the requests that you've made to the extent that we're able to. >> okay. all right. thank you. >> it's been a long morning and into the afternoon. i thank you all. you all represent a number of people that have big -- a lot of staff so people who work hard they're patriarch, they care about this country. to that extent please let them know how much we appreciate them and all that you're doing. but we'll have somebody help you know where the restroom is. it's been a while. again, thank you for your participation today. we stand adjourned.

>> if you missed any of this hearing on the federal personnel records data breach, you can watch it in our video library. just go to cspan.org. more live coverage coming up today here on c-span 3. louisiana governor bobby jindal will be officially announcing his candidacy for the 2016

presidential race at an event in kenner louisiana that's just outside new orleans. governor jindal is currently serving second term in office prior to that a u.s. congressman for louisiana's first district. we'll have his campaign announcement live at to 5:00 p.m. eastern here on cspan 3. here's more on what to expect from today's announcement. >> elizabeth crisp who is a reporter for the advocate capital news bureau reported to jindal talk about governor bobby campa jindal's 2016 campaign announcement today. so elizabeth crisp, where will the announcement take place? and does it have significance for his campaign?it take >> the announcement's actually aign? going to take place today in govern kenner, which is just outside new orleans.s in c and that's where governor jindal when he was in congress. so that's i his area, jefferson e for parish ishi a republican stronghold, so there's a little significance there for him. ring >> how has the governor been severa

preparing for his launch? >> we've seen for several monthsth car he's been in iowa frequently, al he's been in south carolina, new hampshire. it's, you know, all signs have been pointing toward this. we've heard him a lot say he is you know hoping and praying and thinking and all of those kind month of rhetoric behind it.everal t but for the past several months he's made frequent trips to those very important presidential primary states. his we've sort of seen a lot of his staff transition to you know, first it was his pacs and host: nonprofits. and now his exploratory committee. >> what about money? how is he positioned? >> you know, that's going to be a big part of today. all the people that i've talked to have said you know the test after today is going to be can he get the money. he's not a jeb bush or you clint

know, hillary clinton, somebody like that who is starting off with a lot of money.o don' and so that's really going to be key to after today it's going to be trying to build that fund raising base. >> and supporters, large donors, does he have the backing of any profil high e profile republican donors?his poin >> not really at this point. >> and so legislatively, i mean, he's still the governor of trying louisiana. how is he positioned himself with trying to push an agenda that would appeal to a conservative base across the country? >> you know what we've seen a lot of has been a focus on trying to highlight the economy een at louisiana. he's been in office post katrina. and so a lot of louisiana has been rebuilding back from that. and so i think that he's put a big emphasis on that, the growth in the oil industry here, things like that.

this session we saw him have a big emphasis, a big push on the very conservative principles. he's been very outspoken against common core.r a reli he this year was trying to push for a religious freedom type . legislation. when that didn't pass he signed an executive order. it was mostly symbolic, but really playing into that very right wing conservative base. >> how would governor bobby jindal perform against -- and ton an hypothetical, match up against let's say hillary clinton in the state of louisiana? >> well it's kind of funny because there was a recent poll that just came out. i think it was within the last couple of weeks. hil it actually showed hillary clinton doing better than bobby jindal and louisiana. and the governor his approval ratings are not very high in louisiana. when you ask him about it he

says that that's because he's had to make tough decisions. he's cut the size of government. you know, back in the state budget. things like that interest him because heve thinks that is part e of his making government smaller, more efficient and all it i of that.s and a lot of that especially in louisiana that's not very popular because for a long time louisiana has had a very heavy state government focus. >> elizabeth crisp, we'll be watching today when governor jindal announces his bid for the white house. appreciate your time this morning. thank you. >> yeah, thank you so much for having me. >> following today's campaign announcement by bobby jindal we'll be opening up our phone lines to get your thoughts on what the louisiana governor has to say. it all gets under way today at 5:00 eastern time here on cspan 3. from earlier at the white house president obama announces changes to american hostage

policy. the associated press says the president cleared the way for families of u.s. hostages to pay ransom to terror groups without fear of prosecution. >> good afternoon. since 9/11 more than 80 americans have been taken hostage by murderous groups engaged in terrorism or piracy. for these innocent men and women tourists journalists humanitarians, it's a horror. and cruelty beyond description. for their families and for their friends it's an unrelenting nightmare that the rest of us cannot even begin to imagine. as a government we should always do everything in our power to bring these americans home safe and to support their families. dedicated public servants across

our government work tirelessly to do so. our military personnel risk their lives in dangerous missions such as the operation i authorized last year that attempted to rescue americans held in syria and yemen. and there have been successes such as the rescue of captain richard phillips held by somali pirates, and jessica buchanan rescued from somalia. of these more than 80 americans taken hostage since 9/11, more than half have ultimately come home. some after many years. tragically too many others have not. and at this very moment americans continue to be held by terrorist groups or detained unjustly by foreign governments. for them the nightmare goes on. and so does our work day and night to reunite them with their loved ones. as i've said before, the terror threat is evolving. the world's been appalled by isil's barbaric murder of

innocent hostages including americans. moreover, the families of hostages have told us and they've told me directly about their frequent frustrations in dealing with their own government. how different departments and agencies aren't always coordinated, how there's been confusion and conflicting information about what the government is prepared to do to help, how they've often felt lost in the bureaucracy and how in some cases families feel -- for exploring certain options for bringing their loved ones home. that's totally unacceptable. as i've gotten to know some of these families and heard some of these stories, it has been my solemn commitment to make sure that they feel fully supported in their efforts to get their families home and that there is a syncing up of what i know to

be sincere relentless efforts within government and the families who obviously have one priority and one priority only, and that's getting their loved ones back. these families have already suffered enough and they should never feel ignored or victimized by their own government. diane foley whose son jim was killed last year said as americans we can do better. i totally agree. we must do better. and that's why i ordered a comprehensive review of our hostage policy. i want to thank everybody who contributed to this review inside and outside of government. some of whom are here today. i especially want to thank the former hostages and families who contributed. i've come to know some of these families often under the most heartbreaking of circumstances. when her son peter also known

as abdul ak mon was being held in syria his mother wrote me a letter. and in it she described how on clear nights she and her husband would look up at the stars and the moon and wonder if perhaps their son might be able to see them too. a reminder of the bond they might still share. i've called these families to offer our condolences after they've received gut wrenching news no parents ever want to hear. i visited with them. i've hugged them. i've grieved with them. i just spent time with some of the families as well as some former hostages here at the white house. and needless to say it was very emotional meeting. some are still grieving. i thank them for sharing their experiences and their ideas with our review team. in fact, many of the changes we're announcing today are a direct result of their recommendations. i acknowledged to them in

private what i want to say publicly. that it is true that there have been times where our government regardless of good intentions has let them down. i promised them that we can do better. here's how. today i'm formally issuing a new presidential policy directive to improve how we work to bring home american hostages and how we support their families. i've signed a new executive order to ensure our government is organized to do so. and we're releasing the final report of our review which describes the two dozen specific steps that we're taking. broadly speaking they fall into three areas. first, i'm updating our hostage policy. i'm making it clear that our top priority is the safe and rapid recovery of american hostages. and to do so we will use all elements of our national power. i am reaffirming that the united states government will not make

concessions such as paying ransom to terrorist groups holding american hostages. and i know this can be a subject of significant public debate. it's a difficult and emotional issue, especially for the families. as i said to the families who are gathered here today and as i've said to families in the past, i look at this not just as a president but also as a husband and a father. and if my family were at risk obviously i would move heaven and earth to get those loved ones back. as president i also have to consider our larger national security. i firmly believe that the united states government paying ransom to terrorists risks endangering more americans and funding the very terrorism that we're trying to stop. so i firmly believe our policy ultimately puts fewer americans at risk. at the same time, we are clarifying that our policy does

not prevent communication with hostage takers by our government, the families of hostages or third parties who help these families. and when appropriate our government may assist these families and private efforts in those communications. in part to ensure the safety of the family members and to make sure that they're not defrauded. so my message to these families were simple. we're not going to abandon you. we will standby you. second, we're making changes to ensure that our government is better organized around this mission. every department that is involved in our national security apparatus cares deeply about these hostages prioritizes them and works really hard. but they're not always as well coordinated as they need to be. under the national security council here at the white house

we're setting up a new hostage response group comprised of senior officials across our government who will be responsible for ensuring that our hostage policies are consistent and coordinated and implemented rapidly and effectively. and they will be accountable at the highest levels. they'll be accountable to me. soon i'll be designating as well a senior diplomat who will be focused solely on leading our diplomatic efforts with other countries to bring our people home. at the operational level we're creating for the first time one central hub where experts from across government will work together side by side as one coordinated team to find american hostages and bring them home safely. in fact, this fusion cell located at the fbi is already up and running. and we're designating a new official in the intelligence community to be responsible for

coordinating the collection, analysis and rapid dissemination of intelligence related to american hostages so we can act on that intelligence quickly. third, and running through all these efforts we are fundamentally changing how our government works with families of hostages. many of the familiesr, told us that they at times felt like an afterthought or a distraction. that too often the law enforcement or military and intelligence officials they were interacting with were begrudging and in giving them information. and that ends today. i'm making it clear that these families are to be treated like what they are, our trusted partners and active partners in the recovery of their loved ones. we are all on the same team. and nobody cares more about bringing home these americans than their own families. and we have to treat them as

partners. so specifically our new fusion cell will include a person dead dedicated to coordinating the support families get from the government. this coordinator will ensure we communicate with families better, with one clear voice and that families get information that is timely and accurate. working with the intelligence community we will be sharing more intelligence with families. and this coordinator will be the family's voice within government. making sure when decisions are made about their loved ones their concerns are front and center. everyone who deals with these families on a regular basis will be given additional training to ensure families are treated with the dignity and compassion that they deserve. in particular i want to point out that no family of an american hostage has ever been prosecuted for paying a ransom for the return of their loved ones. the last thing that we should ever do is to add to family's pain with threats like that.

so the bottom line is this, when it comes to how our government works to recover americans held hostage and how we work with their families, we are changing how we do business. after everything they've endured these families are right to be skeptical and that's why it's so important as i told them today that we will be sending out mechanisms to ensure accountability and implementation. i've directed my national security team to report back to me including getting feedback from the families to make sure these reforms are being put in place and that they are working in the course of our review several families told us they wanted to spare other families the frustrations they endured. some have even created new organizations to support families like theirs or to honor their loved ones such as the memorial foundation for stevenu%ç sotloff who wrote everyone has two lives. the second one begins when you

realize you only have one. as a government and as a nation we can learn from the example of the strength of their lives. the kind of strength we've seen in all these held hostages including kayla mueller. kayla devoted her life to serving those in need around the world, to refugees in syria who had lost everything. she was a source of comfort and hope. before her tragic death she was held by isil in syria for a year and a half. and during her captivity kayla managed to smuggle a letter to her family. she said none of us could have known it would be this long, but i know i'm also fighting for my side and the ways that i'm able. and i have a lot of fight left in me. i'm not breaking down. and i will not give in no matter how long it takes. today, my message to anyone who harms americans is that we do not forget. our reach is long.

justice will be done. my message to every american being held unjustly around the world who is fighting from the inside to survive another day, my message to their families who long to hold them once more is that the united states of america will never stop working to reunite you with your family. we will not give up no matter how long it takes. thank you very much everybody. >> mr. president -- >> yesterday senate lawmakers criticized the national highway trafficwápáion and takata over defective airbags that are responsible for at least eight deaths. last month takata expanded its recall in the u.s. to more than 30 million vehicles which effected automakers including honda, toyota, ford, chrysler

and gm. held in front of the senate commerce committee this is two and a half hours. good morning. welcome everyone. this hearing will come to order. we've called this hearing for a very somber reason. some defective airbags are hurting rather than helping people. we still haven't figured out exactly why. and we need to figure out how to prevent these issues from occurring in the future. this is a pivotal time in vehicle safety. it's welcome news that cars are generally safer than they ever have been, advances in vehicle technologies and safety innovations as well as robot safety initiatives have reduced the number of deaths on the road. still, tragically more than 30,000 people die every year due to motor vehicle accidents. airbags are one of the most important vehicle safety innovations and that's why it's so alarming that tens of

millions of cars have potentially defective airbags. today we'll be asking witnesses for an update on recall and remedy efforts for takata airbag inflaters which has been allegedly linked to eight deaths and over 100 injuries. the large number of vehicles recalled covers 11 auto manufactures, the lack of recognized root cause to date and the age of vehicles effected have made remedying this problem exceedingly difficult. these do not excuse the responsibilities of auto manufacturers, suppliers and the national -- i should say traffic safety administration from their shared obligation to ensure vehicles are safe. the first priority should be fixing the recalled vehicles as soon as possible. nsta also has taken a role in overseeing this process. takata and other suppliers have ramped up production of replacement parts to increase supply to contact effected vehicle owners to work with dealerships on swift repairs.

nevertheless, questions exist about whether the currently available replacements are truly safe. takata is phasing out certain types of inflaters and testing is ongoing to determine the root cause or causes of the inflater defects. this testing will help to assess the scope of the recall since safety of replacement parts. these alarming details underscore the importance of clear and accurate information for consumers. ntsa's dedicated takata recall is an important step growing. the large number of vehicles involved is

dapvq.@ñx$4 @ñe call into ques 'í whether the#nñb(qrñb agency canmgs identifyuihu%qm 5:tlñ=0#fcxbá0é89ñ -- concerning given the scale of the takatacg+ ))#ydefects.s 4 concurrent with inspector general83cñ recommendations and committed to5y[xp9xñr(t&háhp &hc% implement them. troubling recalls e0y >>4aòrtw;çljy despite%9

administrate ís leadership, ntsa also looking for ways to+++

distinguished ranking member please make your opening statement before we proceed to the panel. thank you, mr. chairman. and if i may -- the takata airbag crisis and how to fix our broken recall process done by our minority committee staff if

i may have that entered -- >> without objection. >> -- into the record. and thank you for your cooperation on this. and you'll recall mr. chairman, last year we actually started the hearings on these airbag defects. and the news was not good. at that point last november we had five deaths and dozens of injuries that were tied to the defective takata airbags. we had testimony from an air force lieutenant lieutenant stephanie irdman. she suffered severe facial injuries and almost lost one of her eyes when her airbag exploded after a relatively minor accident in the florida

panhandle near eggland air force base. but since then the recalls have ramped up appropriately, but unfortunately the tragedies have continued. january this year houston, a man killed by a takata airbag that exploded in his vehicle after a minor accident. and then april a 22-year-old involved in an accident in lafayette, louisiana. the wreck was serious. but as you can see look at this airbag airbag. do we have the pictures of the lady?

that's the one from florida, isn't it? okay. hold that back. hold that one back. you can see now this is a normal airbag deployed. this is the front of what would be facing the driver and the steering wheel. and of course it deploys. and if it deploys normally, it's supposed to look like that. okay? this is what happened in this case that i just referenced in louisiana louisiana. that's blood. but look at the tear in the airbag. you can see that it obviously has been punctured. and instead of it being like

that that, the shrapnel in the inflater which is this device, which is in the steering wheel underneath the steering wheel. and this explodes sending hot gas out and inflating the airbag. well, when it's defective, it explodes with such force that it actually breaks open the metal. and the metal goes out. and then of course instead of the airbag saving lives, it's killing people. let me show you. that is a piece of metal that actually came out on this lady.

and this lady is in miami last july. look how big that is. now, that hit her. and thank goodness it hit her there in a relatively superficial wound that is a permanent scar. but what if it had hit her there? or what if it had hit her there? that's the piece that hit her. this is deadly serious business. just last friday we learned of the eighth death, southern

california. conclusivively tied to a defective airbag. and some of these families got recall notices after their loved ones were killed. and in addition to the eighth deaths this committee has learned of allegations of well over a hundred serious injuries. now, i got into this thing because there was a woman killed in orlando this is a year ago. that's how i got into it. when the police got to the car they thought it was a homicide. they thought somebody had slashed her throat. and only afterwards did they find out that in fact this is what it was. and then i got into it because of a firefighter that lives in the orlando area he won't be a firefighter again because he lost his eye now.

and so i could go on and on about these incidents just in florida alone. but the bottom line is we need to get these cars fixed. and we've been talking about this since last year. dr. rosekind has been a breath of fresh air. and you've taken numerous actions actions to speed up the takata recall process, but nhtsa still faces deep challenges. for one thing, as no doubt you will point out it's underfunded. it lacks the necessary funding to make sure automakers and the

sticks as well as the carrots it lacks to get the automakers to be forthcoming about the recalls. and by the way this isn't the only thing. we're not just picking on takata. look how many deaths occurred from the gm defective steering ignition switches. gm hid a defect for over a decade. and at least 114 people died. this is awful. and for that nhtsa could only fine gm a measly $35 million. and that's less than one-hundredth of a percent of what gm makes in a quarter. and nhtsa also appears to have

serious internal and managerial issues. these challenges were detailed in this department of transportation office inspector general report released yesterday that revealed serious problems defects investigation especially related to the handling of the gm crisis last year. and so i can tell you this senator's going to fight for additional funding for nhtsa. but there also has to be accountability. and the i.g. report found severe deficiencies in nhtsa's ability to effectively collect and analyze safety data as well as conduct investigations. the agency lacks proper protocols and procedures. and staff apparently are inadequately trained to do their job. we need accountability. and i look forward, doctor to

hearing how you intend to respond to this report that's now been put in the record and how you continue to modernize the agency. and finally i look forward to hearing from the representatives takata. yesterday the staff issued a report detailing its initial findings in a month's long investigation of takata. and for years it's obvious that takata did not put safety first. it appears that takata knew or should have known as early as 2001. that's 14 years ago. that there were serious safety and quality lapses in its airbag production process. and you'd think that they would have stepped up their safety efforts at these plants after discovering those issues.

no. and by the way, there are eight people dead. instead, internal e-mails suggest they actually suspended global safety audits from '09 to '11 for cost cutting reasons. and now the same company responsible for this disaster is the one making nearly all of the replacement airbags for most of the recalled vehicles. that doesn't sit well with a lot of americans. and i think takata has some serious explaining to do. so for everyone involved nhtsa, to automakers, to the suppliers we need to improve as fast as possible. and we need to get the recall completed, but also make sure that the safety issues are spotted sooner so that dangerous

vehicles are identified and fixed faster. in order to do what we're supposed to do which is help keep consumers safe. mr. chairman if i sound that i'm invested in this issue and i saw the pictures of that woman in orlando with her neck neck lacerated, i am invested. when i talked to that firefighter with his little boy with him that will never be a firefighter again because he doesn't have an eye, i'm invested. so thank you for calling this hearing. >> thank you, senator nelson. i now proceed to our panel start with administrate rosekind. please proceed. thanks. >> chairman, ranking member of the committee, thank you for providing an update includeing

defective takata airbags. the recall of defective takata airbags may represent the largest national safety recall in history and certainly one of the most complicated. all of nhtsa's actions are achieved of one goal a safe airbag in every american vehicle. on may 19th secretary fox at nhtsa took a step and announced takata at the agency's insistence had filed four defect reports launching national recalls of an estimated 33.8 million defective airbag inflaters. 11 auto manufacturers have -- so vehicles owners can go to safercar.gov. consumers may also request a free loaner or rental vehicle from the dealer while they wait for replacement airbag.

after reviewing automaker filings, our current estimate is that there are about 34 million defective airbags and 32 million defective vehicles. nhtsa issued a dissent among other things gives nhtsa an inability to ensure the accuracy. late last week nhtsa sent information requests to all the effected automakers to takata and other automakers seeking coordination in our remedy program. allow these companies to share confidential business information with nhtsa and one another so confidentiality concerns do not interfere with our safety efforts. in a separate action nhtsa's in the process of violation of safety acts requirements to

measure adequately and within a reasonable time. a second hearing is scheduled to discuss more than 11 million vehicle recalls. nhtsa we're determined to use every tool we have to protect the public. one critical tool is self-evaluation. with full support nhtsa's staff and examination. on june 5th nhtsa released two reports that are essential in our efforts to improve our own effectiveness. the first report, nhtsa's path forward provides results of a yearlong due diligence review of an investigation process. found weaknesses in identifying defects. we are addressing those with improvements already underway and within existing resources. the second rorlt is workforce assessment that details how the president's fy16 budget reflects

nhtsa's needs. and given 265 million vehicles we monitor compared to the safety investigation work forces and other modes of transportation. it provides one possible path toward matching nhtsa's work force to those challenges. at secretary fox's request the department of transportation's inspector general performed an audit of the gm ignition switch defect. nhtsa thanks inspector general scovel for his staff and diligence. their report is a helpful contribution to our efforts and we have concurred with all 17 of the report's recommendations. to give you a sense of our commitment to improving and identifying safety defects to date we have implemented or initiated 44 separate changes to improve our effectiveness. that includes efforts to address ten of the 17 recommendations from the i.g.'s audit that were under way before the audit's release. two factors outside the scope of the i.g. audit are essential to nhtsa achieveing its mission.

if i could sum up our process improvements in a single phrase it would be question assumptions. question the information we get from information and question our own assumptions. the second factor also outside the scope of the inspector general's audit is available resources. the same 51 people managing the takata recall include eight that analyze 80000 consumer complaints, eight others oversee more than 1200 recall campaigns now under way and 16 others continue to investigate scores of other potential defects. when adjusted for inflation is 23% lower than ten years ago. the president's fy16 budget request would provide the technology needed to keep america safe. the grow america act provide stable increased funding and important safety to help nhtsa's mission. it's clear representing known safety risks. the members of this committee and your colleagues in congress

can help address those risks and keep the traveling public safe. thank you for this opportunity to testify and i look forward to your questions. >> thank you administrate rosekind. mr. scovel. >> chairman thune ranking member nelson members of the committee. thank you for inviting me to discuss's nhtsa's safety vehicle oversight. strong oversight is critical for taking timely actions such as gm's faulty ignition switch. as of this month this defect has been linked to more than 110 fatalities and 220 injuries. airbag nondeployments prompted nhtsa's office of defects investigation to look at certain gm vehicles as early as 2007. but odi ultimately determined an investigation was not warranted. we now know that the faulty ignition switch can unexpectedly disable the power steering power brakes and airbags. today, i will discuss the weaknesses we identify relating to odi's procedures for collecting and analyzing vehicle

safety data. and for determining which issues warrant further investigation. i will also show how the weaknesses we identified effected odi's handling of the ignition switch defect. we identified three areas of weakness in nhtsa's vehicle safety procedures that undermine its efforts to identify and investigate vehicle safety concerns. first, odi lacks the procedures needed to collect complete and accurate vehicle safety data. the use of odi's early warning aggregate data is limited due to the inconsistent sis how manufacturers categorize safety incidents. odi specifies 24 categories for reporting potential defects related to an average of over 15,000 vehicle components. leaving manufacturers to use broad discretion when reporting these data. consumer complaints, odi's primary source for identifying

safety concerns similarly lack information to correctly identify the vehicle's systems involved. due in large part to the lack of guidance to consumers. further, odi does not adequately verify manufacturers data or take timely action to enforce manufacturers compliance with reporting requirements. second, odi does not follow standard statistical practices in analyzing early warning reporting data. consequently it cannot identify statistically trends or outliers that may indicate a safety issue should be pursued. in addition, despite the volume of consumer complaints which averaged roughly 330 a day in 2014, odi relies on one initial screener in the first phase of its two-tiered screening process. this process leaves the office vulnerable to a single point of failure.

and it runs the risk that complaints with potential safety significance may not be selected for further review. inadequate training and supervision of screeners further increase this risk. third, odi emphasizes investigating issues that are most likely to result in recalls. which has blurred the line between preinvestigative and investigative duties. investigative duties such as research and engineering analysis work are being performed during the pre-investigative phase. often by screeners who are not trained to carry out these responsibilities. in addition stakeholders within odi have not reached consensus on the amount and type of information needed to open investigations. and odi does not always document the justifications for its decisions not to investigate potential safety issues. this lack of transparency and accountability in odi's investigation decisions further

undermine nhtsa's efforts to identify recalls and other effective actions. these three procedural weaknesses impeded odi's handling of the gm ignition switch defect. from 2003 through 2013 gm submitted over 15000 nondealer field reports and about 2,000 death and injury reports on vehicles that would ultimately be subject to the ignition switch recall. however, inconsistently miscategorized reports may have masked potential safety defect trends. for example, gm did not assign a component code to a death and injury report. not airbags not electrical, not ignition. even though a state trooper's report indicated that the ignition switch was involved in the accident and a possible cause of airbag nondeployment. in addition at least 12 gm nondealer field reports categorized by gm under airbags and that may have been related to the ignition switch defect

were not reviewed before the recall because nhtsa's analytical tools could not read the format used by gm. a fact odi staff did not note until after the recall. odi staff also missed opportunities to connect the gm ignition switch to airbag nondeployments. for example, odi employees overlooked documentation on a fatal accident involving a 2005 cobalt that linked the ignition switch defect to the vehicle's airbag nondeployment including a state trooper's accident investigation report in a nhtsa special crash investigation report. calls similarlyover looked for example in 2007 nhtsa's associated administrator noted that investigation proposal "looks like one we want to jump on and learn as much as we can quickly." while a screener was assigned to monitor the issue, the defects assessment division chief did not reassign responsibility

after the screener left nhtsa in 2008. in 2010 an odi screener suggested revisiting the 2007 investigation proposal on airbag nondeployments because of new consumer complaints. however, the airbag investigator identified a downward of complaint of vehicles so the screener decided the issue did not present enough of a risk to warrant another investigation. according to odi staff there were no discussions of the ignition switch defect that in fact caused airbag nondeployment prior to gm's february 2014 recall. in hindsight odi officials told us that they did not understand the safety consequences of the ignition switch defect. and had a flawed understanding of airbag technology. nhtsa has committed to taking aggressive action to implement implementing the 17 recommendations we made to strength and vehicle safety oversight. according to the administrateoradministrator,

agency's processes have been implemented and more are under way. oig's audits and investigations support safety vehicle oversight mandate, our agents played a critical role in the multiagency criminal probe of toyota. and continued to actively pursue allegations of criminal conduct related to vehicle safety. our auditors are currently assessing nhtsa's actions to implement recommendations we made in 2011 and plan to report our findings later this year. mr. chairman with your permission i would like briefly to address those who've been injured and the families of those who've been lost in crashes involving gm's defective ignition switches. when testifying before this committee last year, i promised you that my staff and i would work relentlessly to determine what nhtsa knew of the defect, when it knew it and what actions it took to address it. my testimony and audit fulfill

that promise. i offer you again my deepest sympathy. this concludes my prepared statement. i'd be happy to answer any questions that you mr. chairman, and other committee members may have. >> thank you, mr. scovel. administrator rosekind i know you only took the helm at the end of last year and i know you've been working to improve handling of vehicle defects. and i would say you have your work cut out for you. the inspector general's report reaches some serious conclusions regarding nhtsa's ability to detect vehicle defects highlighting things like failure to review information provided by both industry and consumers botched data analysis, inadequate training and supervision as major problems for the agency. all of these have to concern you. and while we have to ensure that automakers properly report safety violations, it doesn't help if nhtsa staff are not even reviewing the information, or if when they do they aren't

deploying proper statistical analyses to effect defects. nhtsa isn't following basic and these can't be solved just by throwing additional resources at the problem so my question is how do you propose to address these issues? >> thank you for acknowledging the challenges that exist and are ahead. we've concurred with all 17 of the remgcommendations. they validate and are consistent with our two reports as well. i would like to provide to the committee a list of 44 actions we already have under way, ten of the 17 are addressed in those. and they get exactly to detailed action on each of these elements. from communication to case management to statistical tests to make sure that every one of those -- and i'm just highlighting there were 17 in their report. our total actions are already up at 44. we will continue to look for every place possible we can make changes. i'll just add i think we will look for all the internal changes we can but what's also

critical about the report though it's outside the report to talk about the resources, so many people have heard me discuss 80,000 complaints. we are literally looking at an individual screener having to have five reports analyzed every hour. each of those reports actually takes an hour. so when the i.g. report says it's inadequate, i agree. and we have to change those. >> you identified three general areas of concern in your audit. well, the pre-investigation practices of nhtsa's office of defects investigations in your opinion what does nhtsa need most, more information, more expertise, better practices for reviewing and analyzing data they already receive? >> thank you mr. chairman. right now i would say the onus is on nhtsa to press forward with the process changes we have outlined in our audit report and in my testimony today. very pleased to understand that the administrator has concurred

in all 17 of our recommendations. and in fact in his response to our audit report last week indicated a very aggressive schedule signaling his intent to press forward as quickly as possible. i understand the administrator's request for resources. that ultimately represents a policy decision between the administration and the congress. i'm fully cognizant of that and respect my role. however, i would have to say that allocating more resources to an effort or to an agency whose processes are not in line in the first place does not seem like a good idea. we woild urge the administrator to press forward with his aggressive timeline as well as his own process improvements that he's identified in order to best position himself for success no matter what the policy decision may be regarding additional resources. >> mr. rosekind, you've recently

taken some unprecedented steps with regard to nhtsa's handling of the defective takata inflaters including a preservation order and consent order in analyzing efforts to coordinated remedy program. how does the agency plan to em pleament this program? >> and thank you for acknowledging the implement that program. that changed on may 19th. we went from denying a defect to acknowledging a defeatct and acknowledging the remedy and the prioritization. and we've been in touch with all 11 manufacturers. and seven potential supply folks and have sent them a letter that outlines the information we need to determine how this needs to proceed. so the first meeting is scheduled for july 1st for each of those individual groups that

will be both individual and group meetings through july with our hope august will take the information and put it to the and planning for a public hearing in september to lay out the program which is very come blik -- complicated. >> and mr. scovel could you discuss the difficulties that nhtsa has encountering in receiving consumer complaints and how would clear guidelined benefit the public? >> in receiving complaints mr. chairman we would highlight a couple of things for the committee's attention. first in the way that nhtsa collects the data. the data quality has to be a ultimate concern for nhtsa to identify vehicle safety defects because if that data is not of the highest quality that defects will be missed and resources may be squandered so the accuracy and the completeness and the timeliness of the data is seb shall -- essential and the data

comes from a number of sources. early warning data from manufacturer needs to be improved and which we've shown and nhtsa has acknowledged and the categorizing problems or defects means that the data quality is diluted or diffuse and the best analysts at nhtsa or anywhere in the world cannot reach a conclusion on data that is unsupportable. and we would also note and i commend the administrator for his attention to that and his remarks that they intend to follow up with manufacturers for often. in our interviews with every employee in the office of defects and each of the contractors would work in that effort we learned from the highest sources in that office that they generally employ what

they call an honor system to determine whether manufacturers are meeting requirements for the early warning data. for a regulator to take that approach is not keeping the best interest or the safety interests of the consumer in mind. consumer complaints which has been the primary source for nhtsa to identify safety warnings are diffuse and have been watered down in effect because of a lack of guide gans from the agency from consumers seeking to report accidents and defects to the agency. but will find themselves at a also when confronting on the website 18 different category codes in a vehicle that has 15,000 components and they themselves are not automotive experts.

and the most well meaning and those whose families have been impacted by safety defects will read the data and read the guidance and attempt to follow it as best they are able. the agency performance will improve as a result. >> that mr. scovel. senator nelson. >> you know there is a pattern here among the regulatory agencies that are supposed to be looking sought for the consumer. we saw this about ten years ago when the consumer product safety commission when we had all of that chinese drywall problem. the defective chinese toys and so forth. and they had a card table was their research department. so too we are now hearing stuff about the agency that you are trying to straighten out, mr. rosekind. tell me, you all came up with

33.8 million vehicles to be recalls on this takata matter. how did you come up with that number? >> so our estimate is that there are about 34 million inflaters that are defective. and they are in about 32 million vehicles so that is acknowledgment that some vehicles have both driver and passenger airbags that need to be replaced and it also includes that some cars with intd rim remedies that need to come back again and that is why 32 million inflaters. >> and do you have the vehicle makers. >> yes. >> and you heard about the office of defect investigations. what do you think you need to do to ensure that odi does not miss

the next gm ignition defect for the next takata airbag crisis? >> this is why we have fully concurred with all 17 recommendations. they all need to be addressed and that is why i'm going to submit to you our list of 44 total actions going on that get to the total processes that are on going. and we can't stop looking. and i'm going to give you 44 areas and i can give you plenty of examples but i'll give you the list but it needs to make sure on a continual basis we can improve the processes and do it faster and better. >> okay. i want do suggest to you one area. in this odi, as the inspector general has just talked about, get about 80,000 complaints each year, yet there is one person

who conducts the first review of these complaints and this particular person has other duties. so spending 50% of that person's time doing other things. so if you do the math, that person who spends four hours a day on this would have to review and process on and follow on and flag over 80 complaints an hour that is less than one complaint a minute so how in the world can you get it done? >> you can't. and that is what i agree with the i.g.'s report. it specifically called out the scanning of the reports of being inadequate and it is. and you just reports out that is a resource issue. you have too many complaints and not enough people. that original person is a triage point to try to get it somewhere

else but it is just overwhelming. >> all right. i'm going to yield the rest of my time because i want our members to go on and get a chance to get in this. >> thank you senator nelson. senator mccaskill is up next. >> thank you mr. chairman and senator nelson for your incredible focus on this issue as the chairman and the ranking know, we obviously did a lot of hearings around the gm recall and a lot of hearings around nhtsa. i want to first begin with rent ral car safety. honda confirmed on friday that the eighth death linked to a faulty airbag was linked on saturday into california was a rent cal car from someone in san diego that never made the repairs after the recall. and along with senator schumer and others have legislation pending that would prohibit a rental car from -- car from being rented at a rental car

agency until open safety recalls are, in fact remedies. we have the support of the rental car industry and the consumer and safety companies and general motors but many auto manufacturers are blocking this legislation right now through the alliance of automobile manufacturers, that has opposed this legislation and saying they should only be grounded if there is a do not drive recall. let me ask you dr. rosekind, have any of the 11 manufacturers issued a do not drive recall related to the faulty airbags? >> not that i'm aware of. and annually, that number is very small. >> and what about nhtsa do you support the efforts we have on going to try to ground rental cars that have not been repaired. >> absolutely. >> i would like to put into the record the american car rental association and consumer for auto safety rehabilitation -- their written statement for the

record if i might. >> without objection. >> i now want to go to this audit and my colleagues are patient with me because i'm a audit weirdo i used to be an auditor and i read this stuff and mr. scovel knows i'm somebody who consumers these things. this audit report is one of the worst i've ever seen in terms of a government agency. and the reason it is so bad, i agree, mr. scovel, this isn't about resources, this is about blatant incompetent mismanagement, mr. rosekind. let's go through one of many short comings. and this is one that just jumps out of me. when to open an investigation. now if nhtsa can't clear about when an investigation is to be opened, we might as well shut it down. the inspector general found there are three factors to be