Workforce

OPM yanks background check system offline

Modified screencap from OPM's alert system.

Weeks after first disclosing massive breaches, OPM has shuttered a vital background check system in the face of newly discovered vulnerabilities. (Image: edited screen capture / OPM)

Nearly a month after news broke of a massive breach at the Office of Personnel Management -- and three weeks after first denying, then admitting, that security clearance information was stolen -- OPM has shut down its electronic background check system.

The agency said the move is a proactive step, not a reaction to another hack.

In a June 29 alert posted on OPM's website, the agency says, "The [Electronic Questionnaires for Investigations Processing] e-QIP system will be down for an extended period of time for security enhancements."

There was no word on how background checks would be handled with the system out of service. In an emailed statement, OPM spokesman Sam Schumach said e-QIP would be down for four to six weeks.

e-QIP is the OPM system through which some 90 percent of all federal background checks pass. The compromised SF-86 background check forms used in the system have been called the "Holy Grail" of counter-intelligence information, because of the sheer amount of intensely personal details they disclose about individuals' vices, sex lives and more.

The move stalls a security clearance system that has been in place since 2003.

"During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system," Schumach said. "The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network."

Schumach promised OPM would work on "alternative" solutions for affected agencies while e-QIPs is down, though he did not specify what those solutions might look like.

"The security of OPM's networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls," said OPM Director Katherine Archuleta. "This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted."

OPM released a cybersecurity report last week outlining 23 steps it was taking to improve its defenses, but e-QIP overhaul was not specifically mentioned among those steps.

John Schindler, a former NSA analyst and intelligence/security blogger, had a one-sentence reaction to the news that e-QIP had been taken down: "[W]hat took them so damn long?!?"

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.