As the administration begins to implement its new federal security clearance program, former federal intelligence community executives say its success will largely depend on the Defense Department’s ability to build and run the right IT systems.
Standing up the National Background Investigations Bureau and transitioning personnel from the Federal Investigative Service (FIS) to the new agency shouldn’t be a heavy lift for the administration, experts said.
But building the IT and cybersecurity systems could be much more difficult, and DoD said it’s still realizing the full scope of the project.
“DoD chief information officer and the Defense Information Systems Agency, along with organizations across the department and OPM, are still in the initial stages of a review of Federal Investigative Services and its subsystems,” the DoD’s Office of the CIO said in a statement to Federal News Radio. “DoD expects that significant portions will be redesigned, but it is too soon to tell if any of the current FIS system will be reutilized for DoD operations.”
A new agency, the National Background Investigations Bureau (NBIB), will absorb the current responsibilities that the Federal Investigative Service (FIS). DoD will design, build, secure and operate the IT and cybersecurity systems for the new agency.
DoD no doubt has experience in building and securing IT systems, said Charlie Sowell, senior vice president for system and software engineering solutions at Salient CRGT and a former senior adviser to the Director of National Intelligence.
“DoD has had substantial experience in the development of systems with strong cybersecurity and has worked to integrate commercial and government developed cyber defense and detection tools into the DoD networks,” Marcel Lettre, undersecretary of defense for intelligence, said during a Jan. 22 call with reporters. “We believe the latter gives us unique cyber capabilities.”
But there are many IT governance and process issues surrounding the DoD project that haven’t been answered, Sowell said.
“How does DoD develop the system?” he asked. “Do they need systems of record notices with other organizations that will touch the data, that will receive the data? …There’s a lot that hasn’t been answered. It’s easy to say DoD is going to do it. It’s much harder to plug through all the details of what they have to do, and then who’s going to be responsible for doing what when it actually comes time to turn the key on the new system and start processing cases.”
Sen. Jon Tester (D-Mont.), a vocal advocate for security clearance reform, said he’s encouraged by DoD’s involvement. But failing to develop proper requirements for the IT systems during the transition between the old and new agencies could have its risks, he said.
“While NBIB is being established, we must take all precautions to ensure that personnel data remains secure and that the transfer of function does not interrupt investigations already underway,” Tester wrote in a Jan. 28 letter to President Barack Obama. “We also must ensure that NBIB makes smart, targeted investments in its IT infrastructure.”
Successful program management couldn’t be more important, Sowell said, considering the existing backlog of unprocessed background investigations.
The Office of Personnel Management said more than 388,000 initial secret cases and 117,000 periodic reinvestigations remained in the backlog at the end of fiscal 2015.
“The show must go on, and the show is behind schedule as it is,” he said. “There are hundreds of thousands of cases backlogged. It’s hard to imagine that that backlog is going to miraculously disappear while you’re transitioning the organization and while you’re transitioning the system without a lot of energy and a lot of money.”
Funding is another issue.
OPM already has gotten a head start on some aspects of the new program, using funds from the fiscal 2016 budget Congress recently appropriated, Federal CIO Tony Scott said Jan. 22.
President Barack Obama will ask for $95 million in his fiscal 2017 budget proposal, which is expected to be released on Feb. 9.
But Charlie Allen, a principal at the Chertoff Group and chairman of the Intelligence and National Security Alliance’s Security Policy Reform Council, said $95 million might not be enough.
Timing of new agency’s stand up unclear
It’s still unclear when the administration will officially stand up the NBIB or when the agency will begin to absorb the FIS, the organization that currently conducts about 95 percent of all federal background checks.
“At first glance, these changes sound promising,” Sen. Claire McCaskill (D-Mo.) said in a statement. “But the stakes of getting this right couldn’t be higher, so this transition will have to be airtight if Americans are to be confident in the security of the nation’s secrets and federal facilities.”
The timeline will become more clear after OPM’s transition team meets and sets specific milestones, OPM leaders said.
But as some experts stressed, the transition should begin sooner rather than later.
“There has to be significant speed and there will have to be a lot of energy going into a new administration,” Allen said. “This is an important issue. We need to have things up and running in a year. After all, the Transportation Security Administration was up and running in six months. Now, they had endless money and they had plenty of resources to do that, and I’m not arguing that this can be accomplished in six months, but we should have a significantly improved posture for background clearances a year from now.”
Sowell said he couldn’t envision a scenario in which the entire program was up and running before 2020. Standing up the NBIB, he said, will take less time.
“You’ll see a much faster implementation of standing up the NBIB,” Sowell said. “In other words, to whatever degree, it requires badge flipping between the existing Federal Investigative Services employees to the bureau employees, that’s going to take some time, but it’s nowhere near as difficult as building the new system. I wouldn’t be surprised if the NBIB is fully up and running within the course of the next year.”
What kind of leader?
The President will ultimately appoint the director of the NBIB, but the Office of Management and Budget gave no indication of when that nomination will happen.
Some clearance experts largely praised the role of the new director.
“This entity will have a considerable amount of operational autonomy and will be elevated in profile, compared to the current existing structure,” Michael Daniel, special assistant to the President and cybersecurity coordinator of the National Cybersecurity Council, said Jan. 22.
Allen stressed that the new leader, whoever it may be, should have a deep background and years of experience in the national security, intelligence and defense sectors.
“It’s going to take a recognized manager [who] understands some of the cultures, the individual cultures of the intelligence community, the Department of Defense and the national security sector generally, to be successful,” he said. “And you have to be a very strong program manager.”
The new leader should also have a great deal of passion for the clearance process as a whole, given the position’s vast number of responsibilities, Sowell said. The NBIB director should have experience working across government — a person with enough political gravitas to balance conversations with OPM and DoD, as well as Congress.
“They’re also going to be responsible for controlling costs as much as possible, because agencies have to pay for the background investigations through a revolving fund,” Sowell said. “They’re also going to have to help the workforce maintain and build morale while they work through all these tough issues, and they’re going to have to argue on Capitol Hill for the funds necessary to accomplish this incredible mission. It is a large undertaking.”