Hacked US Govt Agency's Security Is So Bad It's Returned to Pen and Paper
After shutting down its security clearance application system, OPM goes old-style.
In a world where everything that is connected to the internet can be hacked, perhaps the best security practice is to go old school and bring back pen and paper.
That's exactly what the US government human resources arm, the Office of Personnel Management (OPM), is doing after its massive hack. On Thursday evening, OPM announced that it would start accepting handwritten applications for security clearances. The agency shut down the electronic filing system e-QIP on Monday after finding a security vulnerability in it.
Since OPM is expecting the e-QIP system to be offline "for four to six weeks," applicants must now submit on hard copy.
"This will allow the agency to proceed with existing interim policies that requires initiation of background investigations, including those for SECRET level clearances, competitive service employment, and the issuance of interim identity credentials," OPM's spokesperson Samuel Schumach wrote in a statement.
This fix will quell critics, who claimed that shutting down the system would delay hiring new government workers and cripple an already slow process, causing what The Washington Post called—perhaps going a tad overboard—"dramatic" disruptions.
The bad news is that applicants who have to fill out the Standard Form 86, or SF86, for national security jobs will have to fill out its more than 120 pages by hand.
Applicants will have to fill out forms of more than 120 pages by hand.
Last month, OPM revealed that hackers had breached its network and stolen more than 4 million personal records of government employees—but it turned out that was only the beginning of something much worse. The agency later revealed a second hack, this one affecting the security clearance system. OPM has still not disclosed how many government workers, some in very sensitive positions, such as undercover agents overseas, were affected by this second hack.
The number could be as high as 32 million people, or perhaps more. Their most personal secrets could have been exposed, given that the hack affected not only the data submitted by the workers, which already contains a lot of personal information, but also information obtained through what's called the adjudication process. This process includes information obtained by government investigators through interviews with relatives and friends of the applicant, among others, which that can sometimes expose sex secrets, past criminal activity, or alcohol abuse, as The Daily Beast reported.At least now all these secrets won't be connected to the internet.