Pentagon outsourcing $600 million background check system to private sector
Tue 1 Mar 2016
The United States Department of Defense is to tender out a $600 million contract to private industry to develop a system for a new agency for background checks, in the wake of last year’s hacking incident where the personal data of 22 million people was exposed via attacks on the Office of Personnel Management.
Among the major players expected to be bidding are Northrop Grumman, Raytheon, Lockheed Martin and General Dynamics.
Richard Hale, the deputy chief information officer for cybersecurity at the Pentagon, told Reuters that although the new system is needed as soon as possible, it would be subject to a great deal of testing prior to deployment.
The Pentagon will meet with contenders for the contract before September 30th, which marks the end of the fiscal year. Initial funding for the IT backbone for the recently-created National Background Investigations Bureau stands at $95 million, with a projected spend of$520 million by 2021. Hale said that ‘some parts’ of the new system are expected to be operational by 2018 or sooner.
Hale said “We have quite a lot of faith in the cleared defense industry… We believe that we can develop this information technology with industry as safely as we could as if we were to do the development entirely in house.”
The model for the new system is reported to be one of ‘continuous evaluation’ for security clearances, using diverse sources of information including travel and financial records.
The new system being tendered is designed to be ‘flexible’, to accommodate revisions to the clearing process. As any developer knows, that’s going to raise the outlay significantly – though perhaps not as much as the cost of abandoning ‘baked’ code and procedures which are ultimately found to be flawed or exploitable.
In June of 2015 Chinese hackers infiltrated the OPM’s database, with initial estimates of 4 million breached accounts finally rising to 22 million. The data exfiltrated included extensive ancillary information including psychological reports, known foreign contacts, college room-mates and family members. The breach affected a large swathe of U.S. government employees, although not the CIA, which maintains its own system of background checks.