Pentagon, OPM Shut Down Background Check Systems

Three special agents from the U.S. Office of Personnel Management-Federal Investigative Services work on Fort Leonard Wood to conduct background investigations for granting security clearances.

Melissa Buckley/Fort Leonard Wood Public Affairs Office

AA Font size + Print

Three special agents from the U.S. Office of Personnel Management-Federal Investigative Services work on Fort Leonard Wood to conduct background investigations for granting security clearances.

Two critical systems linking information from the DOD to OPM are being shuttered while vulnerabilities are fixed.

A Defense Department Web system that tracks employee background investigations will be offline for an unspecified amount of time, while officials fix security holes in a civilian agency database connected to the tool, according to department officials.

A vulnerability in an Office of Personnel Management tool that links to the Pentagon’s “Joint Personnel Adjudication System” was discovered during a probe into one of the worst known hacks to hit the U.S. government.

On Monday, officials announced that OPM’s e-QIP system, the online tool used for submitting background check forms, would be taken offline for four to six weeks, during security improvements. 

As of 3:30 p.m., the military’s site stated, “Due to current maintenance with e-QIP, the corresponding JPAS interfaces are not currently functioning. As a result, users will not be able to submit investigations using JPAS.”

OPM officials say there is no evidence hackers used the vulnerability to compromise information.

Users will not be able to file investigations through the Pentagon’s JPAS system until e-QIP is back online, Defense spokesman Nate Christensen told Nextgov late Monday evening.

‎Currently there is no capability to submit new investigations,” or what he referred to as SF-86 forms for obtaining security clearances to access classified information, “until the e-QIP malfunction is resolved.”

It is unclear how Defense personnel data and e-QIP data are commingled. But Christensen said, “There are currently no known issues with the JPAS data due to the e-QIP vulnerabilities and its subsequent shutdown by OPM.”

The JPAS system’s other functions are available.

The actions OPM has taken are not the direct result of malicious activity on this network,” officials said in a statement. “OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.”

OPM officials later on Monday acknowledged the outage will affect the ability to obtain security clearances, already a sometimes year-long endeavor for federal employees and contractors.

In the meantime, “there are existing policies that permit agencies the flexibility to on-board individuals,” OPM spokesman Sam Schumach said in a statement. ” OPM also will explore other options for submitting forms while e-QIP is down, he said.

OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as practicable,” Schumach added.

OPM technology personnel and experts from across the government advised Archuleta that the “vulnerability posed a significant risk that warranted immediate action,” he said, declining to discuss specifics.

Meanwhile, federal officials currently are still gauging the extent of multiple intrusions at OPM that netted 4.2 million federal personnel recordsand perhaps as many as 18 million files on employees with access to U.S. secrets, including military members. After the breaches were disclosed earlier this month, the White House ordered all agencies to take a series of steps to find security holes in their systems and plug them, among other things.

OPM also is applying additional “modern security controls” to its systems, some of which are 30-year-old mainframes, as part of a grander security overhaul, OPM Director Katherine Archuleta announced last week.

“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT strategic plan,” Archuleta, who lawmakers are pressing the White House to remove from office, said in a statement Monday. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.