Why the fall of USIS should scare the rest of us

There are several different angles to the news that the Office of Personnel Management has effectively cancelled its contracts with U.S. Investigative Services.

Angle No. 1

The decision to not exercise options on the company’s Background Investigation Fieldwork and Background Investigation Support Services contracts effectively makes permanent the stop-work order OPM issued in early August after the company was hit with a cyberattack.

[More on the cyber attack in a moment. But if you are a government contractor, you should be very afraid.]

That action effectively kills the company’s background investigation business. The 2,100-employees who were furloughed after OPM issued the stop-work order on Aug. 6 won’t be coming back to USIS.

The contract officially ends on Sept. 30.

With the demise of its background investigation work, USIS will be cut in half or more.

Counting the furloughed employees, USIS has 5,700 workers with 3,000 working on background investigations.

With OPM’s action this week, USIS will rely on its Global Security and Solutions business unit, which does not do background investigations. The business has about $240 million in revenue and 2,000 employees, according to the USIS website.

That unit is now the core of USIS. It provides security, intelligence support, litigation support, training and records management.

Most likely, this will be the business that survives. My guess is that USIS will rename and rebrand itself around this business. The name USIS is just too tainted.

Angle No. 2

USIS conducts 40 percent of the background investigations for the federal government.

So, what happens on Oct. 1, the day after the USIS contract officially expires?

Remember, OPM created USIS in 1996 because it couldn’t handle the volume of background investigations. OPM was plagued with a horrendous backlog then, and the demand for clearances has only grown - exponentially - since the Sept. 11, 2001, terrorist attacks.

Is it reasonable to think that OPM can suddenly take all of the work back in house?

Or, will it quickly issue a new contract to another company?

The one bright spot for the USIS’s furloughed employees is that whether it is OPM or another contractor, someone is going to need to hire a bunch of investigators in a hurry. Hopefully, these good folks won’t be sitting idle for too long.

But I shudder to think what the backlog of clearances will look like a year from now.

Angle No. 3

USIS had been under intense scrutiny for over a year because of its involvement in conducting the background investigations for NSA leaker Edward Snowden and Navy Yard shooter Aaron Alexis.

The company also is the subject of a False Claims Act lawsuit filed by a former employee and recently joined by the Justice Department.

But it wasn’t until the cyberattack on its systems that OPM made the move to shut down the company.

The agency issued a stop-work order, but statements out of USIS and OPM were that the stoppage was temporary so that cyber defenses could be bolstered. That was on Aug. 6.

Government Executive reported on Sept. 3 that the U.S. Computer Emergency Readiness Team gave USIS a clean bill of health. 

The spirit of cooperation apparently was only rhetoric for OPM because it appears that the cyber breach was the opening OPM was looking for.

First, the stop-work order and then the decision to not extend the contract and destroying half of USIS’s business.

And that’s why more than just USIS employees and its investors need to be worried about OPM’s actions in the wake of the cyberattack.

The standard practice to this point has been cooperation and collaboration between contractor and government to address the aftermath of an attack.

OPM has thrown that practice out the window.

If the government is looking for an excuse to shut you down, a cyberattack might just be the straw that breaks the camel’s back.

And there is plenty of exposure for contractors, with US-CERT reporting an average of 620 cyber incidents a day that involve federal agencies, critical infrastructure or government contractors. [I’m still trying to track down data specific to contractors.]

In recent years, there have been reports of cyberattacks on multiple companies including Lockheed Martin, Northrop Grumman, L-3 Communications and Boeing. Many of the attacks have been traced back to government groups in China.

But the government didn’t punish these companies. Instead, government and industry worked together to solve the problems.

USIS self-reported its cyberattack, which also had the markings of a state-sponsored attack. That was the responsible thing to do. As a nation, we want to encourage that kind of action.

But in light of how OPM has treated USIS, will contractors think twice before reporting such an incident? They might if they have a rocky relationship with their largest customer.

That’s why OPM’s move against USIS should scare government contractors and the rest of us.