Workforce

OPM yanks background check system offline

Modified screencap from OPM's alert system.

Weeks after first disclosing massive breaches, OPM has shuttered a vital background check system in the face of newly discovered vulnerabilities. (Image: edited screen capture / OPM)

Nearly a month after news broke of a massive breach at the Office of Personnel Management -- and three weeks after first denying, then admitting, that security clearance information was stolen -- OPM has shut down its electronic background check system.

The agency said the move is a proactive step, not a reaction to another hack.

In a June 29 alert posted on OPM's website, the agency says, "The [Electronic Questionnaires for Investigations Processing] e-QIP system will be down for an extended period of time for security enhancements."

There was no word on how background checks would be handled with the system out of service. In an emailed statement, OPM spokesman Sam Schumach said e-QIP would be down for four to six weeks.

e-QIP is the OPM system through which some 90 percent of all federal background checks pass. The compromised SF-86 background check forms used in the system have been called the "Holy Grail" of counter-intelligence information, because of the sheer amount of intensely personal details they disclose about individuals' vices, sex lives and more.

The move stalls a security clearance system that has been in place since 2003.

"During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system," Schumach said. "The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network."

Schumach promised OPM would work on "alternative" solutions for affected agencies while e-QIPs is down, though he did not specify what those solutions might look like.

"The security of OPM's networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls," said OPM Director Katherine Archuleta. "This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted."

OPM released a cybersecurity report last week outlining 23 steps it was taking to improve its defenses, but e-QIP overhaul was not specifically mentioned among those steps.

John Schindler, a former NSA analyst and intelligence/security blogger, had a one-sentence reaction to the news that e-QIP had been taken down: "[W]hat took them so damn long?!?"

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.