WASHINGTON (Reuters) - The U.S. government will set up a new agency to do background checks on employees and contractors, the White House said on Friday, after a massive breach of U.S. government files exposed the personal data of millions of people last year.
As a part of a sweeping overhaul, the Obama administration said it will establish a National Background Investigations Bureau. It will replace the Office of Personnel Management’s (OPM) Federal Investigative Services (FIS), which currently conducts each year more than 2 million background investigations for scores of federal agencies.
The move, a stiff rebuke for FIS and OPM, comes after last year’s disclosure that a hack of OPM computers exposed the names, addresses, Social Security numbers and other sensitive information of roughly 22 million current and former federal employees and contractors, as well as applicants for federal jobs and individuals listed on background check forms.
Unlike FIS, the new agency’s information systems will be handled by the Defense Department, making it even more central to Washington’s effort to bolster its cyber defenses against constant intrusion attempts by hackers and foreign nationals.
The White House gave no timeline for implementing the changes, but said some would begin this year. It will seek $95 million more in its upcoming fiscal 2017 budget for information technology development, according to a White House fact sheet.
A transition team will develop a plan to migrate existing functions from FIS while continuing to provide investigative services, the U.S. Director of National Intelligence James Clapper wrote in a blog on the OPM website.
‘NOT THERE YET’
Officials have privately blamed the OPM data breach on China, though security researchers and officials have said there is no evidence Beijing has maliciously used the data trove.
The hack prompted several congressional committees to investigate whether OPM was negligent in its cyber security practices. OPM Director Katherine Archuleta resigned last July as the government intensified a broad push to improve cyber defenses and modernize systems.
“Clearly we’re not there yet,” Admiral Mike Rogers, head of the National Security Agency, said at a cyber security event in Washington this week when asked about U.S. preparedness against hacks. The damage done by cyber attacks, he added, “is going to get worse before it gets better.”
OPM has had a large backlog of security clearance files. This has prompted it to rely on outside contractors for assistance. One of these is Keypoint Government Solutions, which took over the bulk of federal background checks after a competitor, USIS, was hacked. Keypoint, which is owned by Veritas Capital, later suffered a breach of its own networks.
No comment was immediately available from Keypoint or CACI International Inc (CACI.N), another contractor involved in background checks. USIS filed for bankruptcy protection last year.
Brian Kaveney, who heads the security clearance practice at the Armstrong Teasdale law firm, said the new agency was expected to take over the 8,800 investigators who now work for FIS, including 2,300 government workers and 6,500 contractors.
The Defense Department and OPM did not respond when asked if the government will still rely on support from contractors.
Representative Jason Chaffetz, the Republican chairman of a House of Representatives panel that has been looking into the issue, said Friday’s announcement fell short.
”Protecting this information should be a core competency of OPM,“ Chaffetz said in a statement. ”Today’s announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process.”
Additional reporting by Mark Hosenball and Andrea Shalal; editing by Kevin Drawbaugh, Susan Heavey and Alan Crosby