Posted on 06/29/2015 6:32:25 PM PDT by markomalley
Nearly a month after news broke of a massive breach at the Office of Personnel Management -- and three weeks after first denying, then admitting, that security clearance information was stolen -- OPM has shut down its electronic background check system.
The agency said the move is a proactive step, not a reaction to another hack.
In a June 29 alert posted on OPM's website, the agency says, "The [Electronic Questionnaires for Investigations Processing] e-QIP system will be down for an extended period of time for security enhancements."
There was no word on how background checks would be handled with the system out of service. In an emailed statement, OPM spokesman Sam Schumach said e-QIP would be down for four to six weeks.
e-QIP is the OPM system through which some 90 percent of all federal background checks pass. The compromised SF-86 background check forms used in the system have been called the "Holy Grail" of counter-intelligence information, because of the sheer amount of intensely personal details they disclose about individuals' vices, sex lives and more.
The move stalls a security clearance system that has been in place since 2003.
"During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system," Schumach said. "The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network."
Schumach promised OPM would work on "alternative" solutions for affected agencies while e-QIPs is down, though he did not specify what those solutions might look like.
"The security of OPM's networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls," said OPM Director Katherine Archuleta. "This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted."
OPM released a cybersecurity report last week outlining 23 steps it was taking to improve its defenses, but e-QIP overhaul was not specifically mentioned among those steps.
John Schindler, a former NSA analyst and intelligence/security blogger, had a one-sentence reaction to the news that e-QIP had been taken down: "[W]hat took them so damn long?!?"
Lots of folks who have used eQIP haven’t heard from OPM or its contractors yet.
My name is splashed all over the OPM database. I haven’t heard anything myself.
I wonder at what point the government will wake up and realize that any computer running Windows should disconnected from the internet?
“The agency said the move is a proactive step, not a reaction to another hack.”
Uh huh.
Now you close the barn door.
Ditto. Not a peep. I know of one defense contractor who is apparently paying for LifeLock protection for any of it’s cleared people who want it - since apparently all of their information is in the wind.
Well Dang!!
How we gonna keep them Muslam Brothahood types from infiltrating the Govamint and such?
Myself and the people I work with have not heard a word either.
Myself and the people I work with have not heard a word either.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.