The future of continuous evaluation is just about here, and it has a different name

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

What started as pilot program for the Defense Department and other agencies in the intelligence community will soon become the key piece to the Trump administration’s overhaul of the suitability, credentialing and security clearance process.

The overhaul itself is called the Trusted Workforce 2.0 initiative, and it’s the administration’s attempt to, at last, modernize a security clearance and vetting system that’s badly in need of an update.

The initiative itself will come in the form of several new policies and procedures, which are due sometime near the end of the year, defense and intelligence officials have said. Everything from the type of security clearances themselves to the standards used to investigate and adjudicate clearance holders will change.

And the continuous evaluation concept, the program DoD and others have used to monitor its cleared population and maintain trust with its employees and contractors, will also evolve.

In the future, the defense and intelligence community will pivot to the term “continuous vetting,” Tricia Stokes, director of defense vetting for the newly renamed Defense Counterintelligence and Security Agency (DCSA), said Thursday at AFCEA and INSA’s Intelligence and National Security Summit.

“We’ve committed to a new model of continuous improvement, continuous assessment [and] performance of ourselves, judging ourselves on how well we’re doing and always, always assessing the status quo,” she said. “It was a lot of years before we’ve changed this business model. That’s what’s different today. Generally speaking, the logical same criteria apply, but how we do it, how often we do it, how we look at it, more transparency, more input from the subject, more input from the subject supervisor — that’s what I see as different today.”

DoD has nearly 1.4 million clearance holders enrolled in its continuous evaluation program to date. The program itself pulls in unclassified information though a series of automated records checks, Stokes said.

DoD’s program will also pull in some data feeds from the Office of the Director of National Intelligence’s own continuous evaluation program, which ODNI operates as a shared service to a variety of agencies.

“It’s going to round out our checks to get to a continuous vetting compliance perspective and get us those high-side checks, too,” Stokes said. “Again, [it’s] a deliberate decision on the government’s part, DoD at that time, to not duplicate what DNI is putting in place.”

The ODNI program alerts agencies to potential red flags on a clearance holder’s credit or financial transactions. It also searches for suspicious transactions, foreign travel or potential links to terrorism, said Brian Dunbar, assistant director of security for ODNI’s National Counterintelligence and Security Center.

Those kinds of checks on the cleared population will continue in the future state of continuous vetting. What will change, however, is how often DoD and ODNI perform those checks.

Today, most clearance holders are generally reviewed once every five-to-ten-years. In the future, continuous vetting will replace periodic reinvestigations entirely, giving DoD a near-real-time look at its trusted population.

Advertisement
To be clear, DoD has already been enrolling clearance holders into its continuous evaluation and vetting program today in lieu of performing a periodic reinvestigation, but that work will scale up in the future.

The concept of time will shift as DoD continues to deploy its continuous vetting program. With near-real-time information about an employee’s missed credit card payment, for example, DoD and other adjudicatory agencies will need to shift their mindset as they evaluate the trustworthiness of their workforce.

“I [can] find something out on you tomorrow that you did yesterday,” she said. “Time is not going to be a mitigator. But what might be a mitigator and what will be in the new adjudicative model will be, what did you do about it? What outcome, what action did you take? Were you responsible? Or were you irresponsible? People have lives; people make mistakes. It’s a different mindset.”

Industry embracing their own continuous evaluation programs

Industry is also deploying the continuous evaluation concept.

Booz Allen Hamilton recently implemented its own continuous evaluation program over the past year. The program covers the company’s entire workforce of 27,000, even those who don’t have security clearances.

Booz Allen made participation in the continuous evaluation program contingent on continuing employment with the firm, said Sharon Claridge, the company’s director of security services.

About five people declined to participate in the program and subsequently left the firm, she said. Booz Allen was pleasantly surprised so few employees opted out of the program.

“It was a heavy lift in terms of communication, transparency [and] change management to educate the workforce on what this was going to be for Booz Allen, what it meant and how it worked,” she said. “We took several months to do that. We held all kinds of office hours [and] briefings and, in the end, one-on-one sessions.”

Like the government, Booz Allen’s continuous evaluation program is also looking for signs of financial or personal distress from its employees. If employees can handle their own personal lives, they should be able to responsibly maintain classified information, both Claridge and Stokes said.

For Booz Allen, the continuous evaluation program has shed more light on what their employees are dealing with after work hours, and the company has designed employee assistance and financial literacy programs based on the data, Claridge said.

“That’s where we can route real support, where we’re … working with the person’s supervisor [and] working with [the employees themselves] if they need accommodations,” she said. “That’s what I’m most proud of, because our interests are a little bit different from the government’s. It’s not about continuing eligibility for a clearance, although it is to some good degree. It’s about making sure we’re delivering a trusted workforce to our clients and that we’re taking care of our people.”

Stokes said DoD could likely learn a thing or two from Booz Allen’s continuous evaluation program. Communication on this topic hasn’t always been the government’s strong suit, she acknowledged, and DCSA wants to keep employees and contractors informed about what continuous vetting is — and what it isn’t.

Social media won’t be a component that perhaps observers or members of Congress initially thought it would in the government’s efforts to track and monitor clearance holders.

ODNI gave agencies permission to collect, use and retain publicly available social media information during the background investigation process back in 2016. But it hasn’t been a widespread practice for many agencies, Dunbar said.

“Departments and agencies have not utilized social media to a great extent yet. It’s also extremely costly,” he said. “In Trusted Workforce 2.0, there will be a mandatory social media check that occurs at the highest tier. It’s just the right thing to do.”

Under the Trusted Workforce 2.0 initiative, ODNI is planning to reduce the number of investigative tiers from five to three. It’s the employees and contractors at the highest “top secret” level who may be subject to social media checks in the future, Dunbar said.

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.