After OPM Hack, Security-Clearance Requests Will Run Through the Pentagon

The commander of U.S. Army Europe, Lt. Gen. Ben Hodges, speaks during his news conference at the Pentagon, Dec. 9, 2015.

Pablo Martinez Monsivais/AP

AA Font size + Print

The commander of U.S. Army Europe, Lt. Gen. Ben Hodges, speaks during his news conference at the Pentagon, Dec. 9, 2015.

The White House directive comes as the OPM shifts its background investigations to a newly-created National Background Investigations Bureau.

In the continuing aftermath of the massive hack of sensitive records stored by the Office of Personnel Management, the Obama administration announced today it’s shifting the responsibility for conducting background investigations of sensitive personnel to the Defense Department

In the future, files containing personal information on security clearance seekers—the same type of information netted last summer by purported Chinese hackers—will be stored and secured on Pentagon systems, officials say.

OPM is turning over its responsibilities for conducting background investigations to a newly created National Background Investigations Bureau. OPM currently conducts about 95 percent of all checks governmentwide, including 600,000 full-scale security clearance investigations each year.

The head of the new office will be appointed by the president and still report to the head of OPM. However, the office’s IT systems will be “designed, built, secured and operated” by the Pentagon, according to a fact sheet released by the administration.

“This approach will leverage DOD’s significant national security, IT and cybersecurity expertise, incorporating security into the fundamental design of the systems, strengthening the security of the data environment, and providing robust privacy protections,” the fact sheet said. 

The administration’s forthcoming fiscal 2017 budget request will seek an additional $95 million for IT development, according to the fact sheet.

The new office will have a dedicated senior privacy official “to advance privacy-by-design as the new entity is stood up and new IT systems are developed,” the fact sheet stated.

OPM came under fire last summer after it was revealed the agency’s antiquated IT systems did not allow sensitive data to be encrypted and that lax sign-on controls may have allowed cyberintruders to penetrate further into the agency’s systems.

The efforts to update the security of the background check process come after a 30-day “cybersecurity sprint” launched by U.S. Chief Information Officer Tony Scott last summer. Agencies were ordered to immediately plug critical cyber vulnerabilities, identify high-value systems and implement more secure sign-on measures.

Since the hack, OPM had been working on a multiyear plan to modernize its IT infrastructure, although those efforts were criticized by the agency’s inspector general for poor planning and unreliable cost and schedule estimates.

There’s no word yet on how quickly the new office will be opened. The administration plans to establish a transition team to work on a migration plan.

The changes were announced in a White House blog post signed by a bevy of top administration officials including Scott, Director of National Intelligence James Clapper, acting OPM Director Beth Cobert, acting Undersecretary of Defense for Intelligence Marcel Lettre and White House Cybersecurity Coordinator Michael Daniel.

Last summer, hackers stole personal records of more than 21.5 million current, former and prospective federal employees and contractors stored on OPM’s systems. After the hack, officials convened a 90-day review of the security clearance process.

Even earlier, lawmakers has raised concerns about the quality of OPM’s background investigations, citing potential missed red flags in the checks of National Security Agency contractor Edward Snowden and Navy Yard gunman Aaron Alexis.

In 2014, the Justice Department sued USIS, OPM’s largest private background check contractor, for allegedly failing to conduct proper quality reviews of cases. The company settled the case with the government last August, agreeing to forego at least $30 million in payments by the government.

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.