By Ayesha Rascoe and Dustin Volz
WASHINGTON (Reuters) – The U.S. government will set up a new agency to do background checks on employees and contractors, the White House said on Friday, after a massive breach of U.S. government files exposed the personal data of millions of people last year.
As a part of a sweeping overhaul, the Obama administration said it will establish a National Background Investigations Bureau. It will replace the Office of Personnel Management’s (OPM) Federal Investigative Services (FIS), which currently conducts investigations for over 100 Federal agencies.
The move, a stiff rebuke for FIS and OPM, comes after last year’s disclosure that a hack of OPM computers exposed the names, addresses, Social Security numbers and other sensitive information of roughly 22 million current and former federal employees and contractors, as well as applicants for federal jobs and individuals listed on background check forms.
Unlike FIS, the new agency’s information systems will be handled by the Defense Department, making it even more central to Washington’s effort to bolster its cyber defenses against constant intrusion attempts by hackers and foreign nationals.
“We can substantially reduce the risk of future cyber incidents” by applying lessons learned in recent years, said Michael Daniel, White House cyber security policy coordinator, on a conference call with reporters.
The White House gave no timeline for implementing the changes, but said some would begin this year. It will seek $95 million more in its upcoming fiscal 2017 budget for information technology development, according to a White House fact sheet.
‘NOT THERE YET’
Officials have privately blamed the OPM data breach on China, though security researchers and officials have said there is no evidence Beijing has maliciously used the data trove.
Controversy generated by the hack prompted several congressional committees to investigate whether OPM was negligent in its cyber security practices. OPM Director Katherine Archuleta resigned last July as the government intensified a broad push to improve cyber defenses and modernize systems.
“Clearly we’re not there yet,” Admiral Mike Rogers, head of the National Security Agency, said at a cyber security event in Washington this week when asked about U.S. preparedness against hacks. The damage done by cyber attacks, he added, “is going to get worse before it gets better.”
OPM has been plagued by a large backlog of security clearance files, prompting it to rely on outside contractors for assistance, possibly compromising cyber security.
The Defense Department and OPM did not respond when asked if the government will still rely on support from contractors.
Representative Jason Chaffetz, the Republican chairman of a House of Representatives panel that has been looking into the issue, said Friday’s announcement fell short.
“Protecting this information should be a core competency of OPM,” Chaffetz said in a statement. “Today’s announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process.”
(Additional reporting by Mark Hosenball and Andrea Shalal; editing by Kevin Drawbaugh, Susan Heavey and Alan Crosby)