Pentagon security agency looks to expand ‘continuous vetting’ beyond DoD, add more data sources

Approximately 3.6 million Defense Department service members, civilians and contractors are now enrolled in an initial version of continuous vetting. The Defense Counterintelligence and Security Agency is looking to expand the system to other agencies and add more data sources to the automated record checks program.

The DoD milestone announced last week is a transitional phase in the government’s push toward its “Trusted Workforce 2.0” model. The concept promises to streamline the government’s personnel vetting process through automated record checks, simplified security standards and more information sharing across agencies.

Getting all DoD clearance holders in an initial version of continuous vetting marks the “1.25” phase of the “2.0” initiative. The current system of continuous vetting is limited to “a risk-managed approach with select automated records checks,” according to DCSA.

But it still notably defers the requirement to periodically re-investigate clearance holders every five or 10 years.

“Continuous record checks means that issues of risk and concerns regarding an individual’s trustworthiness that may have taken years to discover previously can now be identified and addressed in real time,” DCSA Director Bill Lietzau said during a media roundtable at the Pentagon yesterday.

He said DCSA is pulling data from both internal government databases and external sources to generate alerts for issues like criminal activity. DCSA then determines whether the alert is valid and worth investigating further.

The next phase of the Trusted Workforce initiative involves expanding continuous vetting to seven data categories: Terrorism, foreign travel, financial activity, criminal activity, credit reports, public records, and agency-specific eligibility criteria.

DCSA is also working to get other agencies enrolled in continuous vetting. Lietzau said 30 non-DoD agencies were either actively onboarding their cleared staff into the new system or were signed up to do so.

He listed the Federal Aviation Administration, the General Services Administration, the Department of Health and Human Services, and the Department of Veterans Affairs as among those getting enrolled in continuous vetting.

The “2.0” goal is not expected to be achieved until Oct. 1, 2023. That will involve a “maximum” number of automated record checks that covers the entire federal workforce, according to DCSA. It will also completely remove the requirement for periodic reinvestigations, rather than deferring it.

Beyond the initial seven categories of data, Lietzau said he expects more to “come online.” Asked specifically about social media checks, he said DCSA is running several pilot programs to test the efficacy of monitoring such content.

Some lawmakers have called on DoD to include social media in background investigations specifically to ensure the government isn’t granting clearances to domestic violent extremists.

“Whether it’s an event-driven look at social media, whether it’s a regular, continuous look at some social media or whether it’s one time, when they’re investigated, look at social media, there’s different ways you could use some of the social media search capabilities that are out there,” Lietzau said. “We’re still right now analyzing how much value we think there is in that.”

He added that it would be up to policymakers to determine how to approach issues like free speech and privacy.

“Those are absolutely appropriate questions . . . that are all going to be dealt with over time as we kind of incrementally move forward in this,” Lietzau said.

Meanwhile, DCSA is also leading development of the IT backbone of the “Trusted Workforce 2.0” model, the National Background Investigation Services or NBIS.

“It’s a large amount of data, and so we have to build the IT systems and processes to be able to, to handle that data,” Lietzau said.

NBIS was initially conceived to replace the legacy Office of Personnel Management background investigation database that was hacked in 2015, but progress on the new system has lagged.

DCSA is still operating the legacy OPM database, and NBIS was recently “re-baselined” to adjust its development schedule. The initial capability for processing background investigations won’t be available until next summer, and the agency expects to continue operating legacy OPM systems until 2023.

Absent a functional IT system, many of the goals of a streamlined security clearance and background investigations process may be difficult to achieve, according to Charlie Sowell, chief executive officer of SE&M Solutions and former member of the National Industrial Security Program Policy Advisory Committee.

“Without that, all of the great policy ideas and functional capabilities are just pie in the sky,” he said.

Lawmakers are keeping a close eye on NBIS. The House’s version of the fiscal year 2022 defense authorization bill would require a Government Accountability Office report on the system’s progress, cost and cybersecurity controls.

Related Stories

    Pentagon security agency aims to get background investigations software on track

    Read more
    (Amelia Brust/Federal News Network)

    Agencies on deadline to enroll security clearance holders in continuous vetting

    Read more

Comments

On DoD

WEDNESDAYS, 11 A.M. & 2 P.M.

Each week, Defense Reporter Jared Serbu speaks with the managers of the federal government's largest department. Subscribe on PodcastOne or Apple Podcasts.

Sign up for breaking news alerts