After The OPM Hack Security Clearances Will Now Be Done By The Pentagon

In the continuing aftermath of the massive hack of sensitive records stored by the Office of Personnel Management, the Obama administration announced today it’s shifting the responsibility for conducting background investigations of sensitive personnel to the Defense Department

In the future, files containing personal information on security clearance seekers—the same type of information netted last summer by purported Chinese hackers—will be stored and secured on Pentagon systems, officials say.

OPM is turning over its responsibilities for conducting background investigations to a newly created National Background Investigations Bureau. OPM currently conducts about 95 percent of all checks government-wide, including 600,000 full-scale security clearance investigations each year.

The head of the new office will be appointed by the president and still report to the head of OPM. However, the office’s IT systems will be “designed, built, secured and operated” by the Pentagon, according to a fact sheet released by the administration.

“This approach will leverage DOD’s significant national security, IT and cybersecurity expertise, incorporating security into the fundamental design of the systems, strengthening the security of the data environment, and providing robust privacy protections,” the fact sheet said.

The administration’s forthcoming fiscal 2017 budget request will seek an additional $95 million for IT development, according to the fact sheet.

The new office will have a dedicated senior privacy official “to advance privacy-by-design as the new entity is stood up and new IT systems are developed,” the fact sheet stated.

OPM came under fire last summer after it was revealed the agency’s antiquated IT systems did not allow sensitive data to be encrypted and that lax sign-on controls may have allowed cyber-intruders to penetrate further into the agency’s systems.

The efforts to update the security of the background check process come after a 30-day “cybersecurity sprint” launched by U.S. Chief Information Officer Tony Scott last summer. Agencies were ordered to immediately plug critical cyber vulnerabilities, identify high-value systems and implement more secure sign-on measures.

Since the hack, OPM had been working on a multiyear plan to modernize its IT infrastructure, although those efforts were criticized by the agency’s inspector general for poor planning and unreliable cost and schedule estimates.

There’s no word yet on how quickly the new office will be opened. The administration plans to establish a transition team to work on a migration plan.

The changes were announced in a White House blog post signed by a bevy of top administration officials including Scott, Director of National Intelligence James Clapper, acting OPM Director Beth Cobert, acting Undersecretary of Defense for Intelligence Marcel Lettre and White House Cybersecurity Coordinator Michael Daniel.

Last summer, hackers stole personal records of more than 21.5 million current, former and prospective federal employees and contractors stored on OPM’s systems. After the hack, officials convened a 90-day review of the security clearance process.

Even earlier, US lawmakers has raised concerns about the quality of OPM’s background investigations, citing potential missed red flags in the checks of National Security Agency contractor Edward Snowden and Navy Yard gunman Aaron Alexis.

In 2014, the Justice Department sued USIS, OPM’s largest private background check contractor, for allegedly failing to conduct proper quality reviews of cases. The company settled the case with the government last August, agreeing to forego at least $30 million in payments by the government.

DefenseOne

« 90% of Data Breaches Are Avoidable
US Critical Infrastructure Is At Cyber Risk »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Coursera

Coursera

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online. Subject areas include Computer Security & Networks.

Baffin Bay Networks

Baffin Bay Networks

Baffin Bay Networks operates globally distributed Threat Protection Centers™, offering DDoS protection, Web Application Protection and Threat Inspection.

CyberSec Hub

CyberSec Hub

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.