The Obama administration asked the Pentagon on Friday to help overhaul the federal security clearance system, aiming to turn the page on a devastating data breach that exposed a major vulnerability for US national security.
A new government office, called the National Background Investigations Bureau, will take over the job of running background checks on all federal employees, contractors and others. But the Defense Department will design, build and operate the computer system that houses and processes people's personal information, Director of National Intelligence James Clapper and other officials said.
The White House's handover of the sensitive cybersecurity role to the military was a significant demerit against the Office of Personnel Management, the agency at the center of last year's scandal over one of the worst government data breaches known to the public. Tellingly, the White House said that while the new bureau would be part of OPM, the president would be appointing its director.
The overhaul comes in response to a data breach last year that U.S. officials have warned could help give China a major advantage in recruiting informants inside the US government or identify American spies abroad. US officials believe a Chinese espionage operation infiltrated OPM's records accessing information on 21.5 million current and former employment or job applicants. Fingerprint images belonging to some 5.6 million people were stolen.
Officials offered few details about how the new system would differ from one penetrated by hackers, but said the administration wanted to leverage the Pentagon's expertise in national security and protecting US secrets. OPM spokesman Samuel Schumach said that since the hack, the agency has started real-time computer monitoring, installed protections against unknown devices and adopted two-factor authentication, which adds a level of security beyond a single password.
"We are committed to protecting the security of not only our systems and data, but also the personally identifiable information of the people we entrust with protecting our national security," Clapper, White House cyber security coordinator Michael Daniel and other officials said in a blog post.
The computer networks that hackers breached last year had been left vulnerable for years without basic cybersecurity protections, its internal watchdog told Congress. Social Security numbers and other information were unencrypted. In the new system, the Pentagon will encrypt data where appropriate and consider which information should be kept separate from the rest of the network, said a US official, who wasn't authorized to comment by name and requested anonymity.
The administration didn't say when they expected the new system to be operational. President Barack Obama planned to ask Congress in his budget next month for $95 million to build the computer system, but officials said development would start using the personnel office's existing funds.
California Rep. Adam Schiff, the top Democrat on the House's intelligence panel, said he welcomed the move to centralize security clearance investigations. He said the government's personnel office was never meant to be a national security agency, and that the Pentagon's takeover would help "ensure that the personal information of those who work to secure all of us is protected."
But House Oversight and Government Reform Committee Chairman Jason Chaffetz, R-Utah, said it was the personnel office's responsibility to be able to protect people's personal information. He argued that the Obama administration was merely creating a new entity without dealing with the underlying issue.
"Today's announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process," Chaffetz said.
Last year's hack sparked widespread concerns about privacy and sharp Republican criticism. It led the resignation of agency's chief, a former Obama campaign official, in July 2015. Obama and US diplomats have since raised the issue with Chinese government officials, although it was not clear whether the hack was directly tied to the government.
Intelligence officials have said the full extent of damage will play out over years, and may never be visible to the public.
Adm. Mike Rogers, the National Security Agency director and head of US Cyber Command, warned earlier in the week that the increasing value of data meant there would likely be more such breaches. He said voluminous stores of personal data are becoming a commodity -- partly because there now are ways to analyze and use the information.
"What you saw at OPM, you're going to see a whole lot more of," Rogers said.
Associated Press writer Deb Riechmann contributed to this report.