Obama enlists Pentagon to overhaul security clearance system

January 22, 2016 byJosh Lederman And Kathleen Hennessey

The Obama administration asked the Pentagon on Friday to help overhaul the federal security clearance system, aiming to turn the page on a devastating data breach that exposed a major vulnerability for U.S. national security.

A new government office, called the National Background Investigations Bureau, will take over the job of running background checks on all federal employees, contractors and others. But the Defense Department will design, build and operate the computer system that houses and processes people's personal information, Director of National Intelligence James Clapper and other officials said.

The White House's handover of the sensitive cybersecurity role to the military was a significant demerit against the Office of Personnel Management, the agency at the center of last year's scandal over one of the worst government data breaches known to the public. Tellingly, the White House said that while the new bureau would be part of OPM, the president would be appointing its director.

The overhaul comes in response to a data breach last year that U.S. officials have warned could help give China a major advantage in recruiting informants inside the U.S. government or identify American spies abroad. U.S. officials believe a Chinese espionage operation infiltrated OPM's records accessing information on 21.5 million current and former employment or job applicants. Fingerprint images belonging to some 5.6 million people were stolen.

Officials offered few details about how the new system would differ from one penetrated by hackers, but said the administration wanted to leverage the Pentagon's expertise in national security and protecting U.S. secrets. OPM spokesman Samuel Schumach said that since the hack, the agency has started real-time computer monitoring, installed protections against unknown devices and adopted two-factor authentication, which adds a level of security beyond a single password.

"We are committed to protecting the security of not only our systems and data, but also the personally identifiable information of the people we entrust with protecting our national security," Clapper, White House cyber security coordinator Michael Daniel and other officials said in a blog post.

The computer networks that hackers breached last year had been left vulnerable for years without basic cybersecurity protections, its internal watchdog told Congress. Social Security numbers and other information were unencrypted. In the new system, the Pentagon will encrypt data where appropriate and consider which information should be kept separate from the rest of the network, said a U.S. official, who wasn't authorized to comment by name and requested anonymity.

The administration didn't say when they expected the new system to be operational. President Barack Obama planned to ask Congress in his budget next month for $95 million to build the computer system, but officials said development would start using the personnel office's existing funds.

California Rep. Adam Schiff, the top Democrat on the House's intelligence panel, said he welcomed the move to centralize security clearance investigations. He said the government's personnel office was never meant to be a national security agency, and that the Pentagon's takeover would help "ensure that the personal information of those who work to secure all of us is protected."

But House Oversight and Government Reform Committee Chairman Jason Chaffetz, R-Utah, said it was the personnel office's responsibility to be able to protect people's personal information. He argued that the Obama administration was merely creating a new entity without dealing with the underlying issue.

"Today's announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process," Chaffetz said.

Last year's hack sparked widespread concerns about privacy and sharp Republican criticism. It led the resignation of agency's chief, a former Obama campaign official, in July 2015. Obama and U.S. diplomats have since raised the issue with Chinese government officials, although it was not clear whether the hack was directly tied to the government.

Intelligence officials have said the full extent of damage will play out over years, and may never be visible to the public.

Adm. Mike Rogers, the National Security Agency director and head of U.S. Cyber Command, warned earlier in the week that the increasing value of data meant there would likely be more such breaches. He said voluminous stores of personal data are becoming a commodity—partly because there now are ways to analyze and use the information.

"What you saw at OPM, you're going to see a whole lot more of," Rogers said.

Explore further: Chinese hackers got US security files: report

Related Stories

Chinese hackers got US security files: report

June 13, 2015

A data breach of millions of US government employees allowed Chinese hackers to access sensitive information including security clearances of the workers and contractors, the Washington Post said.

US spy chief says China 'leading suspect' in hack

June 25, 2015

The head of US intelligence said Thursday that China is "the leading suspect" in a massive data breach of Washington's government personnel files, but that an investigation is ongoing.

Feds shut down background check database over flaw

June 29, 2015

The federal personnel agency whose records were plundered by hackers linked to China announced on Monday the temporary shutdown of a massive database used to update and store background investigation records after newly discovering ...

Union sues feds over hack, says agency had ample warning

June 30, 2015

The largest federal employee union filed a class action lawsuit Monday against the federal personnel office, its leaders and one of its contractors, arguing that negligence contributed to what government officials are calling ...

Top US official quits after massive government hack

July 10, 2015

The director of the US Office of Personnel Management resigned Friday after a devastating hack of government databases that saw the personal information of millions of federal workers and contractors stolen.

Recommended for you

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.