Two members of the House Oversight and Government Reform National Security Subcommittee are calling on the Obama administration to find a new place to store the sensitive, personal information it collects from federal employees.
“In the wake of the recent data breaches at the Office of Personnel Management (OPM) that compromised sensitive security clearance information for over 20 million Americans, the need to identify the key vulnerabilities in our system and make actionable recommendations has never been more urgent,” Reps. Ted Lieu (D-Calif.) and Steve Russell (R-Okla.) wrote, in an Oct. 7 letter to David Mader, acting deputy director for management at the Office of Management and Budget. “We strongly believe that security clearance data — which has been described as ‘crown jewels’ of our national intelligence — should not be protected by OPM, which is neither an intelligence agency nor a defense organization.”
The House Oversight and Government Reform Committee conducted two hearings in June to investigate the OPM breaches. Lieu and Russell were shocked at that time to learn that the agency had failed to fixed long-known vulnerabilities to its data security.
“While we have renewed faith in OPM’s efforts to overhaul its systems under the leadership of Acting Director Beth Cobert, we continue to believe that it is inappropriate in the 21st century for extremely sensitive data of American national security personnel to be housed in an agency without a national security focus,” they wrote. “Simply put, OPM was not designed to house and protect this sensitive data.”
Mader serves as the chairman of President’s Suitability and Security Clearance Performance Accountability Council, which is nearing the end of a 90-day review of “information security, governance, policy, and other aspects of the security and suitability determination process.”
Lieu and Russell see this review as an ideal opportunity to target weaknesses in the government’s background investigations process.
The lawmakers called on PAC to identify a more appropriate — and secure — location to keep the sensitive personal data the government collects as part of the security clearance process. They also have drafted legislation that would help accomplish that goal.
“There is an increasing need to reevaluate what type of information we need to store,” the lawmakers wrote. “Monitoring for unusual bank or travel activity can often tell us more information about a person than their neighbors and address for the past 10 years. The antiquated SF-86 should be modernized for 21st century threats. We also urge the PAC to reduce the large number of personnel that are granted security clearances to further minimize the risk.”