The intelligence and industry communities have developed some “aggressive timelines” to use more automation, big data and “big intelligence capabilities” to significantly change the way the federal government vets employees and contractors for both suitability and security clearances.
It’s part of the Trusted Workforce 2.0 initiative that the Office of the Director of National Intelligence (ODNI) and National Counterintelligence Security Center (NCSC) Director Bill Evanina launched back in March.
“When people apply for clearances you’re going to hear about, ‘Wow, that’s really different,'” Evanina told reporters Tuesday after a speech at a Next Gov event on insider threat. “That goes from everything from the software to how people apply and at the same time what their timelines are. We’re going to put more pressure on agencies, the 23 agencies that are actually doing investigations, to be more compliant with timelines. It’s a holistic change.”
The NCSC and ODNI are expected to present their plan to the Senate by the end of the year. Implementation would start in 2019, Evanina said.
Insight by Carahsoft: Learn from IT experts as they outline the significant impacts cloud and 5G have on implementing zero trust architecture in this exclusive executive briefing.
“This process that we end up [with] will not only help the servicemen in DoD who come in to go work as 19-year-olds … as well as the NSA and CIA. It’s going to be scalable and usable for everyone. It has to be. And then also think about how we let people come into government and go out of the government and come back into government. It has to be flexible.”
The current situation begs change. The backlog of pending investigatory matters sits at more than 700,000. Wait times for a security clearance or periodic reinvestigation range from an average of 200-and-400 days, according to the most recent update listed on Performance.gov.
Industry has expressed its frustration with the backlog, the wait times and a lack of transparency between executive branch agencies and contractors about the security clearance process — one that hasn’t changed much since Congress passed the National Security Act back in 1947.
“We have, over time, added things to it and rarely have we subtracted anything from it,” Charlie Phalen, director of the National Background Investigations Bureau, said. “What you see today would be recognizable by my father, who was in this industry back in 1951.”
Phalen and the NBIB have spent the past year hiring more federal and contracted investigators and setting up “surge hubs” at specific Air Force bases to work down the backlog of pending clearances, which the agency said has helped. But the investigatory process itself needs to change, he said.
“We have to change the rules,” Phalen said.
The periodic reinvestigation is one area that’s ripe for big changes. The Defense Department has already been planning to add more cleared employees and contractors to its continuous evaluation program in lieu of periodic reinvestigations.
“Honestly, today’s periodic reinvestigation problem … as a screening tool, it’s probably too late,” Phalen said. “That’s our basic premise. It’s served it’s time. It’s not the wrong thing to do, but it’s not as effective as where we need to evolve to in this organization. In the intervening time between these investigations, behaviors emerge, evidence pops up, informants talk, some monitoring program sees something, external records searches reveal something, and then somebody has to act.”
DoD is rapidly developing continuous evaluations capabilities that will likely play a central role as the agency prepares to assume responsibility for the entire governmentwide security clearance portfolio. As Federal News Radio previously reported, the administration is planning an executive order to authorize that transfer.
Phalen said the entire NBIB organization, including its current employees, facilities, assets and workload, would move to the Defense Department.
“In the long run, this is a much better solution and will keep us able as an attack organization to stay focused on … the most important stuff that we’re doing, the initial trust determinations that are made on individuals working for and in the government and the ability to keep track of those individuals,” Phalen said. “Our goal here really is to be one team, no speed bumps.”
Meanwhile, agencies are still battling legal, cultural and technological challenges to develop their own insider threat programs.
Agencies have generally been slow to achieve final operating capability on an insider threat program. Though resources, technology and policy have certainly been obstacles for many organizations, behavior and workplace culture have been the toughest challenges to tackle.
“We don’t have viable venues to report suspicious activity,” Evanina said in his speech. “If you feel in your gut that something doesn’t make sense or you have key indicators that [for] your coworker or an employee that something’s amiss? Should you be able to report that to someone? Yes, but we do not have the right vector for how we do that.”
The ODNI in 2016 allowed agencies to begin using social media to vet federal employees during the background investigation process. But that’s been slow to take off, Evanina said.
“We are not there as a country yet,” he said. “We are not there with the appetite to say we are going to monitor or identify or evaluate the behavioral aspects of our employees.”
Agencies may get there, eventually, with more training and workforce development. The ODNI is partnering with the defense undersecretary for intelligence to develop a certification program for insider threat professionals within the federal government, said Wayne Belk, director of ODNI’s National Insider Threat Task Force.
They’re developing the program in phases and will first begin with training for analysts, he said.