Pentagon will secure OPM background checks after hacks

Getty Images

The Defense Department will now secure the millions of background check forms that were exposed this summer during the hacks at the Office of Personnel Management (OPM).

The change was revealed Friday as part of a broad overhaul of the security clearance process.

ADVERTISEMENT
The Obama administration on Friday said it would establish a new government-wide office, the National Background Investigations Bureau (NBIB), to handle background investigations for almost the entire federal government. But the DOD will design, build, secure and operate the NBIB’s entire information technology system, the administration said.

“This approach will leverage DOD’s significant national security, IT and cybersecurity expertise, incorporating security into the fundamental design of the systems, strengthening the security of the data environment, and providing robust privacy protections,” said an OPM release.

The president will earmark an additional $95 million in his 2017 budget request to pay for the upgraded IT system, according to the agency.

“These actions will create a more secure and effective federal background investigations infrastructure,” the OPM said.

The move, which comes at the end of a 90-day review, is an effort to mitigate widespread concerns about the government’s security clearance process.

The topic received massive attention in the wake of this summer’s hacks at the OPM, which has long managed the background checks for security clearance reviews.

The forms used during these investigations — such as the Standard Form 86 (SF-86) — are considered to be some of the most intimate reports the government holds on federal employees. The SF-86 is 127 pages and contains details on people’s most closely held secrets, such as affairs, drug and alcohol abuse or bankruptcies.

During the OPM intrusions, suspected Chinese hackers made off with these sensitive details on nearly 20 million people seeking security clearances.

It’s believed that security weaknesses in the agency’s networks allowed the digital invaders to crack the sensitive databases.

Years of watchdog reports accused the OPM computer systems of being mismanaged, outdated and lacking basic cybersecurity protections, such as encryption and two-factor authentication.

Following the hacks, the OPM decided to shut down its online submission system to correct a defect, potentially exacerbating an already-existing backlog of pending clearance requests. The OPM receives roughly 20,000 to 30,000 background checks each week, processing over 600,000 security clearances each year.

Some have also accused the agency of poorly managing the security of its outside contractors that assist with background checks.

Officials acknowledged the digital intruders were able to infiltrate the OPM networks using pilfered login credentials from an employee at KeyPoint Government Solutions, the government’s main background check contractor.

These details led to a call on Capitol Hill for the OPM to be stripped of its responsibility to secure security clearance information. Reps. Ted Lieu (D-Calif.) and Steve Russell (R-Okla.) campaigned for months to have the Pentagon step in and use its well-regarded cyber expertise to secure the valuable data.

“We’re pleased the administration has come to the view that we’ve had,” Lieu told The Hill on Friday.

“I believe that this is a good move for the future,” added Lieu, who submitted an SF-86 during his time in the Air Force as a military prosecutor and adviser. “Having a defense agency protect intelligence secrets is appropriate and what should have been happening all along.”

Other Capitol Hill leaders echoed Lieu's sentiments. 

"OPM was never designed, nor intended to be, an intelligence or national security agency," said House Intelligence Committee ranking member Rep. Adam SchiffAdam SchiffHouse passes policy bill for intelligence agencies Sunday shows preview: Sanders opens up about battle with Clinton Overnight Defense: Terrorism suspected in EgyptAir crash; McCain details funding plans MORE (D-Calif.) in a statement. "By entrusting the cybersecurity of this new bureau to the Pentagon, we will be better able to ensure that the personal information of those who work to secure all of us is protected."

Still, Lieu knocked the administration for its decision to unveil the new plan on a Friday with much of Washington, D.C., shut down over a looming blizzard.

“I believe it’s an admission that they never should have had a human resources agency protect the crown jewels of American intelligence,” he said.