The Office of Management and Budget will kick off a 120-day review of the security clearance process next week.
An interagency working group will make recommendations to the president for improvements across three broad areas.
“For suitability and fitness, the review will focus on whether the processes in place correctly identifies applicants who, based upon their character and past conduct, may be disruptive to operations or even dangerous to the workplace,” said Joe Jordan, administrator of the Office of Federal Procurement Policy, during a hearing before the Senate Homeland Security and Governmental Affairs Committee Thursday. “The focus on national security risk will center on determining eligibility and granting access that could lead to loss of classified information and damage to national security. Additionally, we will evaluate the means to collect, share, process and store information that supports these decisions, while emphasizing transactions among and equities shared across agencies.”
Jordan added the working group would review how these changes to the standards and procedures could be applied to federal contracting. One example Jordan highlighted is the increased sharing of data between agency suspension and debarment officials, and the offices which are responsible for determining security clearances.
Jordan, and representatives from the Office of Personnel Management, the Office of the Director of National Intelligence, the Defense Department and the Government Accountability Office, tried to alleviate lawmakers’ concerns since the tragic shooting of the Navy Yard and the almost six-month barrage of leaked classified data from Edward Snowden underscored the problems with the security clearance process.
President Barack Obama called for the review in the wake of the Navy Yard tragedy in September. One of the biggest issues in the Navy Yard tragedy and the Snowden leaks highlighted is the time between security clearance reviews. Currently, if a federal employee or contractor receives a security clearance at the secret level, the government doesn’t review them again for 10 years. If the employee or contract receives a top secret clearance, the government reviews them again in five years. Both situations rely on self reporting of any problems or changes by the government employee.
The review will try to address some of these shortcomings.
Jordan said agencies will collaboratively work on the issues with a goal of figuring out where the gaps and problems are, and addressing those issues immediately.
The interagency group will issue their recommendations to the president in mid- February.
This latest interagency committee is one of several that has tried to address long-standing issues with the security clearance process.
Congress got involved with the 2004 Intelligence Reform and Terrorism Protection Act where it called for major changes to the security clearance process, including speeding up the time it takes to get someone through the process.
Some lawmakers and experts say what the government is experiencing now is a reaction to that need for speed.
The issues with Aaron Alexis, the Navy Yard shooter, or Edward Snowden, in part, could be tracked back to the short cuts by vendors who are under pressure to meet congressionally-imposed deadlines to get the initial security clearance done. One of those requirements is a goal that says 90 percent of the initial clearances must be done in an average of 46 days.
Too much time in between reviews
One hole in the entire security clearance process that agencies recognized several years ago is with reevaluations of employees and contractors. Agencies leading these security clearance improvement efforts recognize there’s a need to have a continuous evaluation process.
Brian Prioletti, the assistant director of the Special Security Directorate in the National Counterintelligence Executive Office in the Office of the Director of National Intelligence, said ODNI has been testing a concept of continuous evaluation along with DoD over the last several years.
“We created a concept of operations that is now ready for testing that takes a level of checks and balances that are high enough to satisfy the requirements of top secret-sensitive compartmented information organizations such as the IC, but also reasonable for non-title 50 organizations or some of the other organizations. That’s a very touchy balancing act to make sure we have enough checks,” Prioletti said. “But it’s an expansion of what’s currently done. There are national agency checks, police checks and financial checks for secret-level clearances. We’ve expanded those to cover other areas. Some databases that include classified information and some that do not, as well as the commercial databases.”
Prioletti said the continuous evaluation working group, which includes OMB, OPM and DoD, is trying to balance the need for information with the need to protect citizens’ privacy and civil liberties. He said the working group is trying to figure out how to incorporate open source data through social media sites and other streams into the continuous evaluation process.
Pace of change too slow
Sen. Rob Portman (R-Ohio) said he’s concerned about how long this continuous evaluation program has taken to get off the ground.
Portman said DoD’s Automated Continuous Evaluation System (ACES) has been in the works since 2005, and President George W. Bush reiterated the importance of continuous evaluations in a 2008 executive order.
Stephen Lewis, DoD’s deputy director for Personnel, Industrial and Physical Security Policy within the Directorate of Security Policy and Oversight in the Office of Undersecretary of Defense for Intelligence, said ACES is making solid progress.
“It does provide on-demand queries of a large number of government and commercial data sources as well as an analytical capability to flag issues of concerns. So that’s an existing capability,” he said. “As you mentioned, it was used in an Army project, and out of 3,300 individuals, a total of 100 personnel actions were taken as a result of information identified during those queries.”
Lewis said DoD is adding capabilities to ACES, including a continuous evaluation concept demonstration to take it a step further.
“The concept demonstration would have real time updates, so as information became available, it would be pushed into the system,” he said. “The concept demonstration is currently scheduled to run from April to October 2014, and the anticipated population is 100,000 cleared military, civilian and contractor personnel.”
Lewis added ACES is considered operational but still in the research and development mode in many respects.
Portman said DoD needs to move ACES or the continuous evaluation program along more quickly so it can cover all 2.5 million DoD military, civilian and contractors with security clearances.
Portman encouraged Lewis and the rest of the witnesses to tell Congress what it needs to get this program to full capacity and out of the pilot stages.
Several committee members joined Portman in expressing frustration over the security clearance process and asking what can be done to fix it.
The other big issue that came up during the hearing was how many federal employees and contractors have security clearances. GAO found almost 5 million in all, to which Sen. Tom Coburn (R-Okla.), the ranking member of the committee, said that highlights another governmentwide problem — agencies are over-classifying information.
Quality control lacking?
The frustration is more than just over the number of people, but the end-to-end process is filled with holes nearly 10 years after Congress passed the reform act.
Sen. Claire McCaskill (D-Mo.) said the recent examples of Alexis and Snowden show just how troubled the entire security clearance process has become.
“The notion you are calling what you are doing quality control is probably what I’d call offensive, because I think there’s a lot of checking boxes going on. Was this report obtained? Yes,” she said to acting OPM Director Elaine Kaplan. “What I don’t have confidence in is that there is even on a random basis a more thorough examination….I’m glad you have a working group. What I’d like to do see us do as a committee is ask for some specific recommendations on who is getting clearances and are they all necessary.”
McCaskill added it’s not a matter of doing more or doing fewer security clearances, but tightening the process and applying oversight to those who hold approvals already.
“What we are doing now is the worst of all situations because we are giving the impression that all of these millions of people who have security clearances, we’ve checked them out,” McCaskill added. “We are confident that they are mentally stable, they are not criminals and they obey the law. We have no idea if that’s true. We are clueless as to whether or not that’s true because this process has become in a way a pro forma kind of process.”
McCaskill said she’s especially frustrated with contractors, and specifically USIS, which accounts for about 50 percent of all security clearance investigations. USIS is under fire for how it investigated security clearances requests. The Justice Department yesterday announced it was joining the false claims act whistleblower lawsuit brought against USIS in the wake of Edward Snowden scandal.
Lawmakers are trying to address the continuous evaluation issue with a new bill requiring random and more frequent security clearance checks to try to prevent people such as Alexis or Snowden from having access to information or buildings when they shouldn’t.