After The OPM Hack Security Clearances Will Now Be Done By The Pentagon

Uploaded on 2016-02-06 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-Defence, FREE TO VIEW

In the continuing aftermath of the massive hack of sensitive records stored by the Office of Personnel Management, the Obama administration announced today it’s shifting the responsibility for conducting background investigations of sensitive personnel to the Defense Department

In the future, files containing personal information on security clearance seekers—the same type of information netted last summer by purported Chinese hackers—will be stored and secured on Pentagon systems, officials say.

OPM is turning over its responsibilities for conducting background investigations to a newly created National Background Investigations Bureau. OPM currently conducts about 95 percent of all checks government-wide, including 600,000 full-scale security clearance investigations each year.

The head of the new office will be appointed by the president and still report to the head of OPM. However, the office’s IT systems will be “designed, built, secured and operated” by the Pentagon, according to a fact sheet released by the administration.

“This approach will leverage DOD’s significant national security, IT and cybersecurity expertise, incorporating security into the fundamental design of the systems, strengthening the security of the data environment, and providing robust privacy protections,” the fact sheet said.

The administration’s forthcoming fiscal 2017 budget request will seek an additional $95 million for IT development, according to the fact sheet.

The new office will have a dedicated senior privacy official “to advance privacy-by-design as the new entity is stood up and new IT systems are developed,” the fact sheet stated.

OPM came under fire last summer after it was revealed the agency’s antiquated IT systems did not allow sensitive data to be encrypted and that lax sign-on controls may have allowed cyber-intruders to penetrate further into the agency’s systems.

The efforts to update the security of the background check process come after a 30-day “cybersecurity sprint” launched by U.S. Chief Information Officer Tony Scott last summer. Agencies were ordered to immediately plug critical cyber vulnerabilities, identify high-value systems and implement more secure sign-on measures.

Since the hack, OPM had been working on a multiyear plan to modernize its IT infrastructure, although those efforts were criticized by the agency’s inspector general for poor planning and unreliable cost and schedule estimates.

There’s no word yet on how quickly the new office will be opened. The administration plans to establish a transition team to work on a migration plan.

The changes were announced in a White House blog post signed by a bevy of top administration officials including Scott, Director of National Intelligence James Clapper, acting OPM Director Beth Cobert, acting Undersecretary of Defense for Intelligence Marcel Lettre and White House Cybersecurity Coordinator Michael Daniel.

Last summer, hackers stole personal records of more than 21.5 million current, former and prospective federal employees and contractors stored on OPM’s systems. After the hack, officials convened a 90-day review of the security clearance process.

Even earlier, US lawmakers has raised concerns about the quality of OPM’s background investigations, citing potential missed red flags in the checks of National Security Agency contractor Edward Snowden and Navy Yard gunman Aaron Alexis.

In 2014, the Justice Department sued USIS, OPM’s largest private background check contractor, for allegedly failing to conduct proper quality reviews of cases. The company settled the case with the government last August, agreeing to forego at least $30 million in payments by the government.

DefenseOne

« 90% of Data Breaches Are Avoidable
US Critical Infrastructure Is At Cyber Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

Optra Security

Optra Security

Optra Security specializes in information security with a focus on Application Security.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

CyberNINES

CyberNINES

CyberNINES is a business specializing in helping US Department of Defense contractors become compliant and attest to federal cybersecurity regulation requirements.