OPM’s breakup with USIS could be a seminal moment
- By Sean Lyngaas
- Oct 08, 2014
The Office of Personnel Management’s decision to terminate contracts with background-check-provider U.S. Investigative Services last month could be a watershed moment in government-contractor relations, according to Robert Nichols, a lawyer specializing in government contracts.
Despite having other reputational issues prior to recently suffering a high-profile data breach, which reportedly affected at least 25,000 government employees, "ironically, [it] was a state-sponsored cyberattack on USIS's network that led OPM to say . . . 'We don’t consider you to be a responsible government contractor,'" Nichols, a partner at Covington & Burling LLP, said Oct. 7 at a conference hosted by the National Defense Industrial Association.
The aftermath of those lost contracts could see USIS become a sacrificial lamb to the cause of data security as federal agencies place higher demands on contractors securing their work with government data, he said.
Falls Church-based USIS was no stranger to controversy before it revealed on Aug. 6 it had been the victim of a likely state-sponsored data breach. The Justice Department had joined a civil lawsuit in January alleging the firm left at least 665,000 background checks incomplete over a 4 1/2-year period. The firm also did the background checks for former National Security Agency contractor Edward Snowden and Navy Yard shooter Aaron Alexis, though a company lawyer is quick to point out the government found no wrongdoing in those background checks.
Given that government contractors often handle sensitive, classified data, their margin for error may be smaller than big retail firms that handle civilian customer data, according to Nichols.
"When Target was breached, the interesting thing is everybody still got up and went to Target the next day to shop," he said, referring to when the personal information of between 70 million and 110 million customers was stolen from the retail giant last year. "When a government contractor gets breached, or if they simply don’t have enough systems in place to meet these standards for 'adequate security,' the government cuts them off and that contractor’s out of business, and it may lose its business for years."
The recent cyberattack dealt a significant blow to USIS's business; the firm announced Oct. 7 that it had laid off 2,500 workers as a result of lost contracts with OPM.
On the sidelines of Nichols' presentation at NDIA, John Toomer, director of intelligence, information and cyber systems at Boeing, agreed that the USIS breach and the firm’s loss of government business could shake up security among contractors. Some of the smaller suppliers that Boeing works with were looking at ways of tightening up their cybersecurity since the USIS breach, he said.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.