OPM disconnects security clearance system after cyber vulnerability found

The Office of Personnel Management has taken the Electronic Questionnaires for Investigations Processing (e-QIP) system off line for security upgrades. The decision impacts tens of thousands of federal employees and contractors seeking new security clearances or getting their current security clearances renewed. However, investigations that are already underway should not be affected, according to an OPM spokesman.

OPM said in a statement that the decision to take e-QIP down didn’t have to do with the massive cyber breach it suffered earlier this year.

“We are not going to comment on the specific details of the vulnerability,” said  Sam Schumach, an OPM spokesman.  “However, Director [Katherine]  Archuleta made this decision after being briefed by her own team and consulting with other experts across the government.  Everyone concurred that vulnerability posed a significant risk that warranted immediate action. ”

The e-QIP system, developed first in 2003, lets employees, contractors or potential workers add their information to the SF-86 form and SF-85P over a secure Internet connection. Over the last year or so, OPM initiated a pilot to let users digitally sign their forms.

OPM says as part of its ongoing review of its systems and networks, the agency identified a vulnerability in e-QIP and decided it needed to upgraded.

“It should be noted that these actions are not the direct result of malicious activity on this network, nor is there evidence that the vulnerability in question has been exploited,” Schumach said. “Rather, OPM is taking this step proactively, as a result of our comprehensive security assessment, to ensure the ongoing security of the network.

The agency says it expects e-QIP to be offline for four-to-six weeks while making the cyber improvements.

“This decision is expected to have an impact on agencies’ ability to initiate investigations for new employees, contractors and individuals due for reinvestigation,” Schumach said. “However, much of the business of hiring and clearing individuals continues. USA Jobs and the initial hiring processes have not been affected. Background investigations in process at OPM’s Federal Investigative Services as of Friday night, June 26, are being conducted and are not affected.”

Investigation requests that had not yet been released to OPM by the requesting agency as of Friday night, June 26 are not affected.

“In addition, there are existing policies that permit agencies the flexibility to on-board individuals using interim procedures, and we will be working with agencies to make sure they are aware of those flexibilities,” Schumach said. “OPM will also work with agencies to explore interim processes for submitting these forms while e-QIP is unavailable.”

OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as practicable.

A former government official familiar with the security clearance process called OPM’s decision to take down e-QIP huge.

“You have job applicants who must get cleared first before taking a job, current employees, contractors and those who are getting their clearances renewed all are potentially impacted,” the former official said.

During a June 2013 hearing before the Senate Homeland Security and Governmental Affairs Committee, OPM said it processed more than 600,000 initial investigations a year.

OPM said it “recognizes and regrets the impact on both users and agencies” and is working with its interagency partners on alternative approaches to address agencies’ requirements.

Agencies reduced the number of employees with security clearances by 12 percent in 2014 as compared to 2013. Still, the Office of the Director of National Intelligence reported recently that more than 4.5 million federal employees and contractors hold security clearances.

Read all of Federal News Radio’s coverage of the OPM Cyber Breach.