Vendor hired to improve security of OPM’s network goes out of business

The story was updated at 3:51 p.m. on May 16 with new information from Imperatis.

The contractor hired to help the Office of Personnel Management harden and modernize its computer network went belly up.

Imperatis Corp. stopped coming to work on May 9 and OPM terminated the company’s contract that same day. Imperatis had about a month of work left under the deal.

“On Friday May 6, 2016, the Homeland Security Department and OPM learned that the company would be ceasing operations immediately. In its communications with the government on May 7, 2016, Imperatis referenced financial distress at the company as the reason for the immediate closure,” said OPM spokesman Sam Schumach. “DHS and OPM are currently assessing the operational effect of the situation and expect there to be very little impact on current OPM operations, given OPM had been planning for contract performance/activities to end in June 2016. We will provide updates as necessary.”

OPM hired Imperatis in June 2014 under a sole source contract. Little is known about how much the contract was worth or for how long the deal was supposed to last.

Sen. Claire McCaskill (D-Mo.) wrote to OPM acting Director Beth Cobert May 13 asking for more details on the IT project as well as the agency’s contract with Imperatis.

Sen. Claire McCaskill, (D-Mo.) wrote to OPM asking for details about a IT contract. (AP Photo/Lauren Victoria Burke)
Sen. Claire McCaskill, (D-Mo.) wrote to OPM asking for details about an IT contract that the agency terminated. (AP Photo/Lauren Victoria Burke)

“I am disturbed, but not entirely surprised, by this turn of events given Imperatis’ troubled history with government contracting,” McCaskill wrote. “I write to request additional information about OPM’s management of the contract and contingency plan for its Information Technology (IT) overhaul now that Imperatis has defaulted on its obligations.”

McCaskill is asking eight questions, including the current status of the IT project, the plan to replace Imperatis and whether the time it takes to hire a new contractor, if necessary, will put OPM’s data and network at risk of a cyber attack.

“Nevertheless, it appears that OPM failed to discover the company’s financial problems before the company informed the government on May 6, 2016, that it was immediately ceasing operations,” McCaskill said. “I am also concerned that Imperatis’ default may now delay OPM’s much-needed IT infrastructure and security fixes.”

She requested OPM provide a briefing to her staff by June 13.

An Imperatis spokesman contacted Federal News Radio to offer a few more details about the status of the company and the project.

“Imperatis is restricted by a confidentiality agreement which prevents us from fully discussing the matters being reported. There is much more to the story than is currently being reported,” the spokesman said. ” The company is confident that as and when the full facts are publicly available, they will  completely contradict the mischaracterization of the company’s performance being reported at this time.”

NextGov first reported OPM’s decision to terminate the contract with Imperatis.

OPM hired Imperatis to implement its IT modernization program, called the “shell.”

The shell is a multi-year effort designed to modernize OPM’s network, applications and data center.

As the news of major cyber breach OPM suffered last year became public, its contract with Imperatis came under heavy scrutiny by OPM’s inspector general and members of the House Oversight and Government Reform Committee.

The IG said in a September 2015 management alert about the project there was confusion over Imperatis’ exact role in implementing the shell.

The IG said in the alert that OPM is at a “high risk of project failure,” unless it writes a major IT business case to ensure it has the budget and project management tools it needs to finish the infrastructure plan.

Rep. Jason Chaffetz (R-Utah), chairman of the Oversight and Government Reform Committee, followed with letters to OPM, Imperatis and DHS’s U.S. Computer Emergency Readiness Team (US-CERT). Chaffetz specifically wanted to know Imperatis’ role in the shell project as well as details about the contract.

One major reason hackers were successful in taking the data of more than 21 million current and former federal employees was OPM’s antiquated infrastructure.

OPM asked for $37 million for the shell program each of the last two years, but Congress rejected that request.

Cobert told House Appropriations subcommittee members in March that the $37 million price tag is the result of months of discussions within the agency, where she and her staff revised pieces of the Shell plan.

“We’ve worked this through, we completed the OMB-300 in the fall and reviewed that with the inspector general and frankly, expect to continue the ongoing dialogue we have with the inspector general and his full staff about how we’re using this money,” she said. “But we have a more refined plan.”

As for Imperatis, its website remains online, but there are no listings under its leadership section.

From fiscal 2014 to 2016, Imperatis won 39 contracts worth more than $4.6 million, according to the USASpending.gov portal.

Every award either came from the General Services Administration, through the IT schedule, or the Defense Department. There are no specific awards to Imperatis from OPM in the last four years.

 

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.