Senators Seek Answers on USIS Breach

Carper, Coburn Query Leaders of DHS, OMB and OPM
Senators Seek Answers on USIS Breach
Sens. Tom Carper and Tom Coburn

The leaders of the Senate Homeland Security and Governmental Affairs Committee want answers from the Obama administration about the consequences of an August breach of a government contractor's computers that likely exposed the personal information of 25,000 government workers (see Report: Breach Hit25,000 Gov't Workers).

See Also: Gartner Guide for Digital Forensics and Incident Response

The letters from panel Chairman Tom Carper, D-Del., and ranking member Tom Coburn, R-Okla., to Department of Homeland Security Secretary Jeh Johnson, Office of Management and Budget Deputy Director for Management Beth Cobert and Office of Personnel Management Director Katherine Archuleta focus on U.S. Investigation Services, which conducts security-clearance background checks on government workers and contractors. OPM last month announced it would not renew the contract with USIS to conduct certain security clearance services (see What's Behind OPM's Ousting of USIS?).

The senators, in the letter to Johnson, say the USIS breach raises many questions about the safeguards contractors take to protect against cyber-intrusions as well as the oversight provided by the contracting agency.

Leading by Example

"As the department charged with helping to secure federal civilian networks, DHS must lead by example in this area and work with other agencies across the government to help them better protect their sensitive information," the senators' letter says. "If you determine that additional tools and authorities are needed to further improve federal network security, we urge you to information the committee as soon as possible."

Carper and Coburn ask Johnson why DHS performs its own background investigation when OPM conducts more than 90 percent of all background investigations for the government. "Are there cost savings or efficiencies that are available to the department that it would not otherwise receive if it worked through OPM?" they ask.

The senators also say it's their understanding that the USIS data breach exposed the personal information of significantly more DHS employees than workers at other agencies and asked why that's the case.

Slowdown of Security Checks

In their message to Archuleta, the senators raise concerns about OPM and other contractors being overburdened by the additional clearance work they must conduct with the loss of USIS services.

Evan Lesser, who closely monitors the government's security-clearance process as managing director of ClearanceJob.com, says the non-renewal of USIS's contract is likely to result in a slowdown of clearances being issued, a point an OPM spokeswoman made last month.

The senators also raise questions regarding how OPM ensures contractors safeguard their IT systems to prevent another breach. Carper and Coburn seek details on the types of data accessed and databases affected by the USIS breach as well as action OPM is taking to address potential security or counterintelligence concerns tied to the breach.

In writing to OMB's Cobert, the senators note that firing of USIS would present challenges to the government in providing security clearances to workers and contractors. "What role will OMB play in assessing whether OPM has established an appropriate balance between contractor and federal employees for background investigation work?" the senators ask.

Problems Plague USIS

USIS has come under fire, not only for the breach, but for its work that ultimately gave security clearances to National Security Agency leaker Edward Snowden and Aaron Alexis, who fatally shot 12 people and three others at the Naval Sea Systems Command at the Washington Navy Yard in September 2013. USIS, in a statement, contends it followed all OPM-mandated procedures and protocols in its background investigation of Snowden. USIS says OPM confirmed in testimony before Congress that the investigative file compiled by the company on Alexis "was complete and in compliance with all investigative standards."

A whistleblower accused the company of speeding through a mountain of investigations as the wars in Iraq and Afghanistan fueled a heightened demand for cleared workers, according to the Washington Post. The Justice Department joined the whistleblower civil suit, accusing the company of submitting 665,000 background checks that were incomplete.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.