Posted on 07/06/2015 7:24:43 PM PDT by markomalley
The Office of Personnel Management has decided to take a step back in an attempt to move forward after hackers breached files containing sensitive data on millions of current and former federal employees, but some stakeholders are not fully on board with the plan.
The agency sent an advisory last week to federal offices instructing them to temporarily collect paper copies of employees background investigation forms, rather than processing them electronically. OPM reached that decision after it shut down e-QIP, the Web tool that tracks employee background investigations, due to vulnerabilities that led to a breach of the personal information contained on the forms housed in the system.
Recognizing the impact of the system being down on both users and agencies OPM has, in agreement with the Office of the Director of National Intelligence, implemented a set of interim procedures to address agencies requirements and reduce the likelihood of interruptions in the on-boarding of employees while prudently minimizing any security risks, OPM spokesman Samuel Schumach said in a statement.
The hardcopy questionnaires will allow agencies to initiate secret-and-below level clearances for applicants, including competitive service employment and the issuance of interim identity credentials. Getting those processes started, OPM said, will in turn allow agencies to proceed with existing interim policies.
Stan Soloway, president and CEO of the Professional Services Council, a trade group representing the government contracting community, said the directive doesn't come close to solving the problem. When OPM announced it was suspending e-QIP, Soloway said he was deeply concerned private companies would not be able to fulfill their contractual obligations because clearances would not be renewed or processed.
Soloway noted that OPMs guidance still left a large number of clearance-seekers -- those applying for top-secret approvals and above -- with no recourse. He added the new paperwork was going to be a hassle in and of itself.
In its guidance, OPM said applicants should provide a hardcopy of their forms to the security or human resource office within the appropriate agency. The agency will not, however, forward that copy to OPM. Instead, the applicants will have to re-enter their information into e-QIP once it is back online.
Lawmakers, such as Virginia Sens. Tim Kaine and Mark Warner, both Democrats, had voiced concerns about shutting down e-QIP, noting it would cause significant disruption to processing clearances. The inability to process new applications, the senators said, would prevent many employees from doing their jobs. Warner was still not satisfied after OPMs most recent announcement.
The interim steps recently announced as a work-around do not fully alleviate Sen. Warners concerns about the overall integrity of the e-QIP system, said Kevin Hall, a Warner spokesman, or about how OPM will handle the workload glut triggered both by the system shutdown and by this use of temporary paper records once e-QIP is returned online. Hall added the senator still would like to receive a response to the letter he and Kaine sent to OPM last week.
Sen. Jon Tester, D-Mont., for years a crusader for security clearance reform, said in a letter on Monday to OPM's Inspector General Patrick McFarland that the IG's office should have more say in how OPM deals with the e-QIP shutdown.
"It is also important that the OIG oversee that management best practices are maintained as OPM provides a work-around for application processing as e-QIP remains offline," Tester wrote. The senator called for the auditor to have "unfettered access" to OPM's background investigation system to identify any ongoing vulnerabilities.
That sure makes a whole lot of sense. /sarc
(For those not associated with government as an employee, a military member, or a contractor, this kind of insanity is the perfect demonstration of why government can never work...regardless of who is in Congress or the White Rainbow House.
Typical Government incompetence and inefficiency!
So we’re back to 1970s then.
L
ping
Doesn’t that make your heart just burst with pride knowing that such things are in the capable hands of the IRS, VA,HHS,and all the other moronic alphabet agencies that have taken over our lives?
It would also be nice if Texas would go back to PAPER BALLOTS. I’d sure like to be know that my vote counts.
paper is safer....but you need to scan a copy of that paper to submit it to the agency
The United States managed in the early 1940's to build three separate research and assembly defense plants and keep the entire project a secret to all but a few involved in the process. The workers involved knew nothing. Thus clearance for everyone was not that big an issue but security of those facilities was. By limiting scope of task to all but a very few the overall obtainable knowledge was very limited.
Today everyone it seems has to know everything. Prior policy strictly limited access and more importantly knowledge to secrets. It was "Need to Know" thus a system for maintaining "genuine needed" secrecy was maintained. Now which feral I mean federal agencies actually need Secret and higher security clearance and of those agencies the actual number of persons? The same with contractors. Some of the best kept secrets were right out in the open but only those with need to know knew them :>}
Back in the early 1980's I had a knock at my door. An FBI agent wanted to ask me some questions about a neighbor who was my friend. I knew he had enlisted and I knew he had volunteered for Nuke Propulsion Program. My point? The information was not recorded. I answered the agents questions, cut too the chase and said I know he enlisted and No I would not question his dedication and allegiance to nation and he's certainly trustworthy for the task. Does the FBI even do that anymore to vet someone for clearance?
I was on a carrier and we had Nuke warheads. Everyone knew that. But access to them was limited to a very select few. If you tried to enter that security area and a M-16 round would be forthcoming. You were told once Halt. A couple of years ago three persons entered the secure area of one of the facilities used in The Manhattan Project. They easily breached security. What was it Buford T Justice said about an umbrella again? Oh and punishment for those intruders? They're free. Yeap Overturned after conviction.
If the DOD and a very few agencies allowed access to Secret and Above once again went back to what worked and limit access except for true "need to know" situations and use a Two Person Rule when material is exposed or discussed as well as securing the space involved our secrets may be far safer. If information even employee security records are stored in a database {one computer} that computer except for backed up info also done in same room should be a stand alone system inaccessible to everyone but the persons in the one location again with a Two Person Requirement for access. No Laptops, no thumb drives, no recording devices audio, data, or video, allowed inside as carry in or carry out.
Well the foxes have been in and out of the henhouse repeatedly and the henhouse is fully compromised. This further admission of complete epic fail sure makes it all better now doesn’t it?
Translation: we didn’t know what the h*ll we were doing and we can’t fix it either. Use pen and paper until further notice. What a laughing stock this country is. Thanks, Zero and all of your idiot minions.
I'm not anti technology but their has to be some highly enforced discipline and common sense used in what is being done and especially on how national security sensitive data is handled communications wise and info storage wise. Accountability is almost non existent it seems.
Then AG Gonzales opened up another huge can of worms thinking the entire government boondoggle needed more databases kept on every aspect of peoples lives when they could not even properly secure what databases they already had.
Private sector contracting on some things just isn't wise because a needed level of accountability, dependability, & security can not be obtained. The worse that will happen to the civilians is what? Fired? Loss of the companies contract maybe? New company name, same fools, business as usual. All is forgiven.
If GI Joe screws up on a serious security issue he faces a minimal some NJP and if a very serious incident a maximum of a court martial and brig. Heads roll careers end.
If the civilian contractor side screws up it's Gee Sorry and very few mistakes get corrected because many contractors are given politically connected rather than proven capabilities awards to start with.
No I'm not saying put contractors under UCMJ type punishments. I'm saying that the civilian side of places like DOD doesn't have military level accountability security wise and thus that level of accountability needed and once maintained before can no longer be reached especially in such issues as databases and security of critical real estate.
For example when the breach happened at Y-12 a couple years ago all security should have been immediately fired, contract terminated immediately, and the facility security perimeter wise been turned over to the Army or Marines at least until such a time it was assured it would not happen again. In the 1950's they would have been either stopped at the fence or shot trying to get through the fence once told to halt and they didn't. It was civilian guards back then but an entirely different mentality about security on everyones part.
I worked on a security fence for a SAC weapons storage area in upstate NY, back in the late 80s-early 90s. The fence was in response to Greenpeace activists who got on the airfield and actually onto two hot B52s that were on the alert pad. They vandalized the birds and even the (armed) weapons. Needless to say, a lot of (military) people lost their jobs.
Anyway, the “activists” trial was taking place while we were TDY. In a nutshell, they all got off scott-free. Coincidentally, there was a thief who broke into a local school and was shot by the sheriff, arrested and then incarcerated. I always found it a telling juxtaposition: nuclear terrorists-no penalty; petty thief-shot and jailed. Things never really change...
Personally, I would prefer paper, but then again, it’s a little too late to lock the door. My PII, including all SF86 have been compromised numerous times. Luckily, I have credit score monitoring! Stupid bastards actually think that makes a difference?
Yep - makes it "safer" by delaying the moment when it becomes computerized - rough on Security Managers to have to hand-jam everyone's data.
That works and they are starting to get back to that. But enforcement of that rule is lax because a lot of security personnel think it will be a burden. And yes, it is a burden. But it is basically the only say to avoid a Manning or Snowden situation.
There's lots of vetting, plenty of investigations, writeups, etc. Violation notices are handed out. But a lot of times that is for show or driven by internal politics. The more powerful larger contractors get away with a lot of slop. There's a buddy system inside the security system on both the govt and contractor side. That's good on the one hand because people can be referred by someone that is known and they can be trusted. But the buddy system also allows slop.
Back to taking 2+ years for a TS/SBBI.
It isn’t a single man in a room that is the leaker of information. What leaks out of DC is a river of information.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.