A better way for government to identify red flags, warning signs about employees
Jonathan McDonald, executive vice president of TransUnion, says agencies need to look to multiple sources to understand potential risks posed by employees.
The current process used by the federal government to grant and renew security clearances for government employees and contractors has been called into question due to negative acts committed by persons with valid security clearances.
Over the last several years, numerous instances have occurred that expose major flaws in the background investigation process for government employees. These include high-profile data leaks such as those perpetrated by Edward Snowden and Bradley Manning, the Navy Yard shootings committed by Aaron Alexis, acts of espionage committed by Ana Montes while at the Defense Intelligence Agency (DIA), and the terrorist act committed by Maj. Nidal Hasan while on active duty at Fort Hood.
Each of these cases illustrate the need for the federal government to make major improvements in their evaluation of personnel for insider threats. An effective continuous evaluation system can transform security clearance reinvestigations from a deadline-driven process to an event-driven process potentially reducing the risks clearance holders pose to the public or national security.
The background investigation process for those holding a security clearance hasn’t materially changed since the late 1950s. A person who has a need to access classified information usually completes the Standard Form 86.
Upon completion of the SF-86, a field investigator conducts an investigation on the person. The findings of the investigation are then sent to a Central Adjudication Facility, where an adjudicator determines suitability for a security clearance. After a clearance is initially granted, the government conducts a periodic reinvestigation every five-to-10 years depending on the level of clearance.
The problem with the periodic reinvestigation process is that a lot can happen in 5-to-10 years. Vital information can go unnoticed or unreported until it’s too late, leaving government agencies vulnerable to insider threats like those mentioned above. With continuous and automated evaluation, an investigator does not have to search for the event; the event presents itself as soon as it is detected.
For example, what if after a thorough investigation, a person who’s had their security clearance for a while “goes bad?”
By regulation, individuals are required to self-report anything derogatory that would impact their clearance status, but oftentimes individuals fail to self-report because of fear of losing their security clearance. In addition, there may be cases where people were granted the clearance but intentionally chose not to report something derogatory, and the investigator did not uncover it.
With continuous and automated evaluation, reinvestigations would become event-driven, not deadline-driven or driven off of self-reported items.
The executive and legislative branches of the government have already recognized the flaws in the historic process and have signaled the need to quickly and continuously identify and access derogatory information to gain insight into their personnel’s behavior, which theoretically would help prevent workplace violence (Navy Yard and Fort Hood), data leaks (Snowden, Manning), or espionage (Montes).
As such, they’ve mandated a continuous evaluation capability to address these gaps in the security clearance process. One such mandate is the Automated Continuous Evaluation System (ACES) implemented by the Department of Defense (DoD). In a February 2014 report to the President, the Suitability and Security Clearance Performance Accountability Council (PAC) cited a study centering on this system. The study, which examined the “value and effectiveness” of the ACES system found that 21.7 percent of the 3,370 sampled members exhibited previously unreported derogatory information that resulted in a revocation or suspension of a security clearance.
As demonstrated by the study, a continuous evaluation system such as the one adopted by the DoD will help to identify red flags, warning signs and other events that may signal an investigator to conduct a reinvestigation.
While the need for continuous evaluation is becoming self-evident, the implementation of this capability must be well thought out in order to fully address the need. For example, events can be complex and require multiple conditions to be considered noteworthy. Consider a situation where a single credit tradeline becomes delinquent, compared to one where multiple tradelines become delinquent in a short period of time. This latter situation could be a predictor of financial distress, potentially making a person more vulnerable to outside coercion or influence.
A continuous evaluation system with the capability to understand and act on these nuances by proactively notifying investigators of a potential risk would then enable investigators to conduct a deeper investigation to help determine if a potential security threat exists and if additional background investigation is needed.
The concept of examining data from various sources in the context of continuous evaluation isn’t new. The financial services industry regularly leverages this capability in the form of notification triggers to reduce their risk of offering financial services products to consumers with quickly changing behaviors.
These triggers help predict the financial risk a bank may assume with a particular customer, enabling the bank to take proactive action to manage that risk.
Leveraging big data and analytics in the government arena, though, remains a relatively new process. However, the federal government is beginning to use big data in a way that makes them fully appreciate the value of continuously evaluating individuals with security clearances to ensure the integrity of their classified programs and to minimize the possibility of future insider threat occurrences.
Jonathan McDonald is executive vice president of government information solutions for TransUnion. He is responsible for leading TransUnion’s public sector business providing mission-critical solutions to government agencies. McDonald brings more than 20 years of experience in government market sales and management at major big data and analytic companies. He also leads TransUnion’s newly formed Government Advisory Board.
A better way for government to identify red flags, warning signs about employees
Jonathan McDonald, executive vice president of TransUnion, says agencies need to look to multiple sources to understand potential risks posed by employees.
The current process used by the federal government to grant and renew security clearances for government employees and contractors has been called into question due to negative acts committed by persons with valid security clearances.
Over the last several years, numerous instances have occurred that expose major flaws in the background investigation process for government employees. These include high-profile data leaks such as those perpetrated by Edward Snowden and Bradley Manning, the Navy Yard shootings committed by Aaron Alexis, acts of espionage committed by Ana Montes while at the Defense Intelligence Agency (DIA), and the terrorist act committed by Maj. Nidal Hasan while on active duty at Fort Hood.
Each of these cases illustrate the need for the federal government to make major improvements in their evaluation of personnel for insider threats. An effective continuous evaluation system can transform security clearance reinvestigations from a deadline-driven process to an event-driven process potentially reducing the risks clearance holders pose to the public or national security.
The background investigation process for those holding a security clearance hasn’t materially changed since the late 1950s. A person who has a need to access classified information usually completes the Standard Form 86.
Join us Jan. 27 for our Industry Exchange Cyber 2025 event where industry leaders will share the latest cybersecurity strategies and technologies.
Upon completion of the SF-86, a field investigator conducts an investigation on the person. The findings of the investigation are then sent to a Central Adjudication Facility, where an adjudicator determines suitability for a security clearance. After a clearance is initially granted, the government conducts a periodic reinvestigation every five-to-10 years depending on the level of clearance.
The problem with the periodic reinvestigation process is that a lot can happen in 5-to-10 years. Vital information can go unnoticed or unreported until it’s too late, leaving government agencies vulnerable to insider threats like those mentioned above. With continuous and automated evaluation, an investigator does not have to search for the event; the event presents itself as soon as it is detected.
For example, what if after a thorough investigation, a person who’s had their security clearance for a while “goes bad?”
By regulation, individuals are required to self-report anything derogatory that would impact their clearance status, but oftentimes individuals fail to self-report because of fear of losing their security clearance. In addition, there may be cases where people were granted the clearance but intentionally chose not to report something derogatory, and the investigator did not uncover it.
With continuous and automated evaluation, reinvestigations would become event-driven, not deadline-driven or driven off of self-reported items.
The executive and legislative branches of the government have already recognized the flaws in the historic process and have signaled the need to quickly and continuously identify and access derogatory information to gain insight into their personnel’s behavior, which theoretically would help prevent workplace violence (Navy Yard and Fort Hood), data leaks (Snowden, Manning), or espionage (Montes).
As such, they’ve mandated a continuous evaluation capability to address these gaps in the security clearance process. One such mandate is the Automated Continuous Evaluation System (ACES) implemented by the Department of Defense (DoD). In a February 2014 report to the President, the Suitability and Security Clearance Performance Accountability Council (PAC) cited a study centering on this system. The study, which examined the “value and effectiveness” of the ACES system found that 21.7 percent of the 3,370 sampled members exhibited previously unreported derogatory information that resulted in a revocation or suspension of a security clearance.
As demonstrated by the study, a continuous evaluation system such as the one adopted by the DoD will help to identify red flags, warning signs and other events that may signal an investigator to conduct a reinvestigation.
Read more: Commentary
While the need for continuous evaluation is becoming self-evident, the implementation of this capability must be well thought out in order to fully address the need. For example, events can be complex and require multiple conditions to be considered noteworthy. Consider a situation where a single credit tradeline becomes delinquent, compared to one where multiple tradelines become delinquent in a short period of time. This latter situation could be a predictor of financial distress, potentially making a person more vulnerable to outside coercion or influence.
A continuous evaluation system with the capability to understand and act on these nuances by proactively notifying investigators of a potential risk would then enable investigators to conduct a deeper investigation to help determine if a potential security threat exists and if additional background investigation is needed.
The concept of examining data from various sources in the context of continuous evaluation isn’t new. The financial services industry regularly leverages this capability in the form of notification triggers to reduce their risk of offering financial services products to consumers with quickly changing behaviors.
These triggers help predict the financial risk a bank may assume with a particular customer, enabling the bank to take proactive action to manage that risk.
Leveraging big data and analytics in the government arena, though, remains a relatively new process. However, the federal government is beginning to use big data in a way that makes them fully appreciate the value of continuously evaluating individuals with security clearances to ensure the integrity of their classified programs and to minimize the possibility of future insider threat occurrences.
Jonathan McDonald is executive vice president of government information solutions for TransUnion. He is responsible for leading TransUnion’s public sector business providing mission-critical solutions to government agencies. McDonald brings more than 20 years of experience in government market sales and management at major big data and analytic companies. He also leads TransUnion’s newly formed Government Advisory Board.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
How 21st-century data management can help leaders provide more effective correctional healthcare services
Breaking down barriers: The challenges of federal micro-purchases for small businesses
The push to upskill the technology workforce in federal agencies