Federal Government Halts Background Checks in Response to Hack
A few years ago, the United States Office of Personnel Management was hacked. The cyber attack targeted OPM's Electronic Questionnaires for Investigations Processing (or e-QIP) system, which is what the government uses to run background checks on new federal employees, contractors, and other personnel. Thanks to the hack, sensitive personal information of at least 18 million people fell into the hands of hackers. Now, OPM is shutting down the e-QIP system for the foreseeable future to investigate a system vulnerability that may or may not have contributed to the problem.
According to an article fromABC News, OPM expects that the e-QIP system will be shuttered for four to six weeks. The suspension of the system will reportedly affect more than 90% of the background checks conducted by the United States Federal Government. More than 100 government branches, departments, and agencies, including the FBI, utilize e-QIP for screening new employees and personnel. Needless to say, shutting down the system is going to have a noticeable impact on a lot of people.
OPM says that government agencies will come up with "alternative approaches" to fulfill their employment screening and background check purposes. However, the department has not indicated what those alternative approaches might entail, or whether different agencies will be using completely different methods for running background checks.
In the meantime, the government will have to deal with the fallout of having millions upon millions of personnel documents leak. Most of the information was stolen from e-QIP forms, which ask prospective government employees and contractors to provide information about "past drug use, financial history, mental health history, and personal relationships." As a result of the "personal relationships" part of the e-QIP forms, the leaked documents don't just affect government personnel, but also their relatives and friends.
Government officials are worried about what this detailed information could be used for if it fell into the wrong hands. Specifically, concerns about the information being leveraged for blackmail or ransom purposes have been raised. However, as House Representative Jason Chaffetz said, "only the imagination limits what a foreign adversary could do with detailed information about a federal employee's education, career, health, family, friends, neighbors, and personal habits."
This is not the first issue that the Federal Government has had with personnel background checks lately. In 2013, the Office of Personnel Management came under fire for giving security clearances to NSA leaker Edward Snowden and Washington Navy Yard shooter Aaron Alexis. Those two men had their backgrounds checked by USIS (or the United States Information Service), a company that was later the subject of a Department of Justice fraud case. The OPM cut ties with USIS in the fall of 2014.
The question here is this: is the Federal Government doing enough to protect its personnel by making sure that background check information is both thorough and secure? Or do the e-QIP hack and the USIS disaster show a system in need of a serious overhaul? On one hand, the government has the disadvantage of being a high-profile target for hackers and cyber-terrorists.
On the other hand, OPM's inspector general reportedly informed the agency last year that its systems for personnel background checks and security clearances did not have sufficient cyber-security measures in place. The inspector general's report recommended that e-QIP and other systems be shut down until they could be properly protected, but the OPM declined to follow that recommendation. Now, the OPM is shutting down e-QIP, but it might be too little, too late for purposes of national security.