A Defense Department Web system that tracks employee background investigations will be offline for an unspecified amount of time, while officials fix security holes in a civilian-agency database connected to the tool, according to department officials.
A vulnerability in an Office of Personnel Management tool that links to the Pentagon’s “Joint Personnel Adjudication System” was discovered during a probe into one of the worst-known hacks to hit the U.S. government.
On Monday, officials announced that OPM’s e-QIP system, the online tool used for submitting background-check forms, would be taken offline for four to six weeks, during security improvements.
As of 3:30 p.m., the military’s site stated: “Due to current maintenance with e-QIP, the corresponding JPAS interfaces are not currently functioning. As a result, users will not be able to submit investigations using JPAS.”
OPM officials say there is no evidence hackers used the vulnerability to compromise information.
Users will not be able to file investigations through the Pentagon’s JPAS system until e-QIP is back online, Defense spokesman Nate Christensen told Nextgov late Monday evening.
“”ŽCurrently, there is no capability to submit new investigations,” or what he referred to as SF-86 forms for obtaining security clearances to access classified information, “until the e-QIP malfunction is resolved.”
It is unclear how Defense personnel data and e-QIP data are commingled. But Christensen said, “There are currently no known issues with the JPAS data due to the e-QIP vulnerabilities and its subsequent shutdown by OPM.”
The JPAS system’s other functions are available.
“The actions OPM has taken are not the direct result of malicious activity on this network,” officials said in a statement. “OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.”
OPM officials later on Monday acknowledged the outage will affect the ability to obtain security clearances, already a sometimes yearlong endeavor for federal employees and contractors.
In the meantime, “there are existing policies that permit agencies the flexibility to on-board individuals,” OPM spokesman Sam Schumach said in a statement. “OPM also will explore other options for submitting forms while e-QIP is down, he said.
“OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as practicable,” Schumach added.
OPM technology personnel and experts from across the government advised Archuleta that the “vulnerability posed a significant risk that warranted immediate action,” he said, declining to discuss specifics.
Meanwhile, federal officials currently are still gauging the extent of multiple intrusions at OPM that netted 4.2 million federal personnel records and perhaps as many as 18 million files on employees with access to U.S. secrets, including military members. After the breaches were disclosed earlier this month, the White House ordered all agencies to take a series of steps to find security holes in their systems and plug them, among other things.
OPM also is applying additional “modern security controls” to its systems, some of which are 30-year-old mainframes, as part of a grander security overhaul, OPM Director Katherine Archuleta announced last week.
“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT strategic plan,” Archuleta, who lawmakers are pressing the White House to remove from office, said in a statement Monday. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”
What We're Following See More »
"The Justice Department on Friday charged a Russian woman for her alleged role in a conspiracy to interfere with the 2018 U.S. election, marking the first criminal case prosecutors have brought against a foreign national for interfering in the upcoming midterms. Elena Khusyaynova, 44, was charged with conspiracy to defraud the United States. Prosecutors said she managed the finances of 'Project Lakhta,' a foreign influence operation they said was designed 'to sow discord in the U.S. political system' by pushing arguments and misinformation online about a host of divisive political issues, including immigration, the Confederate flag, gun control and the National Football League national-anthem protests."
The United States and South Korea have suspended "another major joint military exercise to give the diplomatic process with North Korea 'every opportunity to continue.'" Exercise Vigilant Ace, which last year "involved 12,000 US troops and some 230 military aircraft from the US and South Korea," was due to take place in December. Trump has canceled other operations in the past, which Gen. Robert Abrams said "had resulted in a 'slight degradation' to the readiness of US and Korean troops," but were a "prudent risk" to improve improve relations with Pyongyang.
"Treasury Secretary Steven Mnuchin has decided to take part in an anti-terror finance meeting with Saudi security officials and their Middle Eastern counterparts in Riyadh later this month, opting to attend despite growing global outrage over the suspected murder of a U.S.-based journalist at the hands of Saudi operatives, according to three people familiar with his travel plans. The security gathering next week is separate from a Riyadh financial summit that Mnuchin announced on Thursday he would not attend."
"Steve Penny, the former president and CEO of USA Gymnastics, has been indicted on a felony count of tampering with evidence" in the sexual assault case against disgraced USA gymnastics physician Larry Nassar. Nassar was found guilty in January of sexually abusing dozens of young gymnasts, and was sentenced to 40 to 175 years in prison. Penny, who was arrested on Wednesday in Gatlinburg, Tennessee, "is accused of ordering the removal of documents from the Karolyi Ranch in Texas," where much of Nassar's abuse occurred.
Defense attorneys involved in the Mueller probe say the public "shouldn’t expect a comprehensive and presidency-wrecking account of Kremlin meddling and alleged obstruction of justice by Trump — not to mention an explanation of the myriad subplots that have bedeviled lawmakers, journalists and amateur Mueller sleuths. ... Perhaps most unsatisfying: Mueller’s findings may never even see the light of day."