No matter how you look at it, the process for investigating people and granting them security clearance has been a hairball for decades. Now the agency doing this work is firmly reestablished back in the Defense Department, as the Defense Counterintelligence and Security Agency, or DCSA, home to the National Background Investigation Services. Director Bill Lietzau joined Federal Drive with Tom Temin with an update on the agency and its mission.
Insight by Red Hat: Learn how organizations are working to meet their missions in real-time by downloading this exclusive ebook.
Tom Temin: Mr. Lietzau, good to have you on.
William Lietzau: Thanks, Tom. It’s good to be here.
Tom Temin: And I want to get right to the process of background investigations because we have understood that you are moving toward this idea of continuous vetting, to try to speed it up, make it more accurate and stay with people throughout their careers. What’s the status right now toward that idea? And where do things stand?
William Lietzau: Yeah, so I think we – when when I say “we,” I mean the entire US government, it’s not just a DCSA (Defense Counterintelligence and Security Agency) initiative – this is really kind of an all-of-government initiative that you’ll sometimes hear of, hear referred to as Trusted Workforce 2.0. That’s an initiative put together with an interagency group led by the executive agent for security, the DNI (Director of National Intelligence) and the executive agent for suitability the Office of Personnel Management, with several other interested parties and experts that have really been meeting together for years and come up with this trusted workforce policy. And what DCSA amounts to is the primary US government implementer of that policy. And where we are today is where to place where a lot of the outline of that policy has been written, they call it a unified policy with three tiers of vetting and five scenarios. The only important gist of the change there is that we’re shifting from a orientation where we’re used to periodically reinvestigate somebody based on the level of their clearance. And we’re moving in the direction of a continuous vetting of people once they enter the trusted workforce group of people. And in that regard, DCSA has really moved a good part of the way in that direction, because as of today, I think I have something just shy of 3 million people in some sort of a continuous vetting environment. And our goal is to scale this such that we can get the entire federal workforce into a continuous vetting scenario in the next couple of years.
Tom Temin: And would that also include the contractor people that are having security clearance because of the work they do on behalf of the government?
William Lietzau: Absolutely. In fact, in the initial tranche, we do have contractor personnel, at least those who are on DoD contracts, because of the nature – you can imagine, when you’re dealing with literally millions of people and data checks with a continuous vetting scenario, you’re looking at data checks on a frequent basis, sometimes daily. So you can imagine with that amount of data, we need IT systems that are able to support the process. And in that regard, it was a little bit easier to start with some of the DoD population where some pilot programs were already in place that allowed us to get a jump on the process. That included both military personnel, DoD civilians and contractors on our industrial base.
Tom Temin: Sure. And what are some of the data sources that have to be checked? Because I’m imagining a great deal of them are not something that the government itself generates or has as a database?
William Lietzau: Yeah, they’re the kinds of things you would expect. The government does generate a number of them. We have databases that look at indicators of terrorism, we have databases that give us criminal checks, both at the federal level, at the state and local levels, we have different ways of checking those different databases, some better than others, because we’re in the process of – we have, we have one way of doing it with background investigations when someone initially comes into the federal government, and they’re initially checked to see if they in fact, represent somebody we’d want in the trusted workforce. But then on a continuous basis, it’s a little bit different, how we do those checks. You also though, are looking at, for instance, financial records, the same kind of credit checks that you might, for instance, see if you were buying a house, or buying a car, those kinds of checks we also were doing on a regular basis. So there’s a broad spectrum of checks, not all of which would I be able to talk about on the phone, but they’re all being built into the program, so that we can get the best picture of the people who are working for the US government as we can get.
Tom Temin: We’re speaking with Bill Lietzau, he’s director of the Defense Counterintelligence and Security Agency. And just a final question on that: I imagine there has to be almost an algorithmic part of this because someone buying a house doesn’t indicate anything in particular, necessarily, but if someone suddenly moves and they buy a million-dollar house, and they’re making, $75,000 at an agency or at a contractor, that’s the kind of thing that you would want to flag.
William Lietzau: Yeah, no, you’re absolutely right. And we do come up with, I wouldn’t call them algorithms right now, we’re moving in that direction. What we do is you have investigative standards. Again, some of these things fall outside of DCSA into the hands of the executive agents responsible for setting the policy in place. And there, we have investigative standards for the things that we would have to look at for someone. And then there’s adjudicative standards for when we’re making a decision as to whether we need to take action, whether we, one, give them a clearance in the first place or two, take some sort of a potentially adverse action based on something that happened. Those standards are put in place by the policymakers, and then DCSA implements them. And in implementing them, of course, we’re always looking for ways to gain efficiency. I mean, just to put a scale on this investigations alone, initial ones, we’re looking at ingesting about 10,000 requests a day at this agency. So you can imagine that’s for an investigation involving agents in the field and things. You take that to a different level and you think of looking at data sources for everyone who’s already in the workforce. And the number of data hits goes up exponentially. So we have to put algorithms in place that allow us to kind of parse through that information and try to figure out what’s relevant and what’s not.
Tom Temin: And under the Trump administration, they published core vetting principles that describe this whole idea of suitability, credentialing, security clearances – do those standards pretty much still go at this point? And are they still pursuant to the Trusted Workforce 2.0?
William Lietzau: I think they absolutely do. You know, the fact that you mentioned that they were put in place during the Trump administration. Obviously, we’re in a different administration now. But I will say that throughout my time in this job, which has been just less than a year, I have noted that of all the areas of US government work, this one really is bipartisan. The first phone call I received to talk about the agency in my new job as a brand new director had both Senator Warner and Senator Rubio from the Senate Select Committee on Intelligence, both sides of the aisle, same phone call, same questions, there was really no daylight between them. So our job is security. I constantly tell my workforce we are apolitical. And we just care about the nation’s security. And so in that regard, might there be some betting principles that adjust? Sure, there could be but that’s because we’re always trying to improve them. I sit on the same policymaking groups that I mentioned, the Performance Accountability Council led with the executive agents in place and several others, and I don’t really hear political discussions taking place. I hear security discussions.
Tom Temin: Sure. And of course, there are calls now for adjudication standards to take into account this idea of domestic terrorism. We’re hearing that a little bit more and more. And I guess that’s the F-86 process? How does that work and how are you bringing in the domestic terrorism piece?
William Lietzau: Yeah, well, I don’t think that there’s anything as new there as some might think it might just be a renewed emphasis on domestic terrorism. I mean, we’re always looking for that. In fact, this just popped into my head but as I was just walking into the office, minutes before this phone call, I was looking at the memorial we have out front where four of our agents died in the Oklahoma attack some years ago, which was domestic terrorism. So all of those data checks that I mentioned to you earlier, already catch the kinds of things that would be involved in domestic terrorism as well as the ones involved in some kind of a foreign sponsored terrorism. And we’re checking those everyday, even right now. And the other thing, you mentioned, I think you said the “F-86,” I think you’re referring to the SF-86, which is the kind of ingest form that kicks off an investigation. And yes, they’re constantly looking at ways that they can improve the questions that are asked on the SF-86. And they’re very well, maybe some changes in the future, because we’re always trying to improve the data that we collect from a subject to right in the beginning. But I don’t see any major changes. We’re already looking at everything that we think might be of interest today.
Tom Temin: I think the size of that form is only exceeded by the forms you have to fill out, say, if you’re nominated for a Cabinet secretary.
William Lietzau: I don’t disagree with you having had to just fill one out myself not too long ago. I wanted to shorten it.
Tom Temin: Let’s get to some of these statistics here because people love to look at the backlog of applications for security clearance. What are the trends? What’s the backlog right now and give us that picture.
William Lietzau: Yeah, I think we’re in a very good place with the backlog. As you may know, we of course had the data breach, where China hacked into OPM’s computers some years ago. DoD started putting in place a new system to prevent that. But in the aftermath of that, and all of the, different attempts to correct that error, what happened is the National Background Investigation Bureau essentially ended up with a pretty massive backlog of about 725,000 investigations that were pending. You heard me mention a statistic earlier that we ingest about 10,000 investigations a day, it’s a working day. They’re actually a little bit more than that. So you can imagine if systems go down, or there aren’t investigators available, or whatever, you’re going to fairly quickly amass a pretty difficult-to-clear backlog. And that’s what happened. So over the last several years, first, the National Background Investigation Bureau and now DCSA, has been working to eliminate that backlog, for the primary purposes of being able to then get through the clearance process and the adjudication process more quickly, so that we’re not having potential federal employees waiting and waiting, kind of wasting tax dollars while they’re unable to work on the types of work we want them to be able to work on. So the good news is that 725,000-case inventory is now down to about a manageable 200,000-case inventory. And I do want to brag about the employees of this agency just a little bit, because they continued to bring that backlog down, even while they were going through the pretty massive transition of forming a new agenc: DCSA. That’s always a difficult thing, different place your paycheck’s coming from. Sometimes people had to move their work location and everything else. And then they were hit with COVID, just as I was taking over as agency director. So they did not miss a step, though, and continued to bring down that backlog so that we’re now in a good place with the backlog and we’re looking at ways of tweaking our processes to really bring down the timelines into what I think everyone would find acceptable. So it’s a good news story.
Tom Temin: And has the pandemic affected you otherwise, or have things been pretty much on plan, even though we’ve had this crazy situation now a year?
William Lietzau: It has. I would say that certainly there – it has affected us. And it’s certainly just like everyone else in the country in the world, really, it’s had an adverse effect in some ways. We even today have some investigations that are kind of on hold, they’re causing our timeline averages to extend a little bit, because some of the data sources that we would normally use become unavailable in some locations, depending on what the lockdown situation is there. So that’s the downside. There’s also an upside though – the little bit of an upside was we had a slight reduction in ingest at the beginning of COVID. That allowed us to catch up on the rest of the backlog. And another thing is it forced us into a more it intelligent workplace. We, I think at the beginning of COVID just as I became director, we were issuing IT equipment, the ability to do teleconference interviews, things like that at a much faster pace. Believe it or not, we have, we have agencies that were still getting paper copies of the investigations delivered to them in a truck at the beginning of COVID. We don’t have any agencies like that anymore. They’re all doing it electronically. So we were, you know, this forced us to do some of the improvements that you’d want to do anyway. So I think there’s definitely been a positive aspect to COVID as well. And we’ve also figured out, you know, when you’re out in some parts of the country, some of our investigators are spending a lot of time on the road, going to interviews. And now there’s a little bit more of a triage that takes places to determine what interview really requires a face-to-face discussion and what interview can be done with some sort of a teleconference. Those are the good things.
Tom Temin: We’re speaking with Bill Lietzau, he’s director of the Defense Counterintelligence and Security Agency, and you’ve been in the job roughly a year and it’s been the COVID year. You must have a plan for how you want to see the agency develop and mature and kind of get established in the future. What are your plans there and how you plan to carry them out?
William Lietzau: Well, sure, thanks that’s a big question and a tough one. But you know, we’ve talked a lot about the background investigation mission. Remember, we have we call ourselves America’s gatekeeper, because we really not only are vetting people on a regular basis, we’re also vetting facilities, entities, companies, about 10,000 companies that do work for the US government on classified matters. We also credit classified systems on a pretty regular basis. And as you can tell from the name, we’re emphasizing more and more the counterintelligence aspect that helps us to kind of focus the vetting that we do, where we, kind of, you look at a vulnerability and where it crosses with a threat. That’s where you’re really making a risk-based analysis and so we’re trying to look at each of the risk analysis decisions that we make across the agency, improve the way we do it, and then figure out ways that we can work together to increase this efficiency. For example, adjudications for about 70% of the investigations we do are a little bit more even, are taking place now in the same agency. So we’re going to be able to, when there’s a missing piece of an investigation, we ought to be able to get that a little bit quicker than we did in the past. And we’re working out the business processes that allow us to do that. The other primary one that we have to do is what we call NBIS – it’s the National Background Investigation Service. It is the IT system, that the US government is congressionally directed, after the hack of the OPM computers in 2015. And DoD has been working on it. Originally they were working on it as a replacement for the legacy IT system that was hacked. But as we discussed earlier, in this interview, you’ve had a shift, where we’ve moved our policies toward a continuous vetting. So now to build that system intelligently. We wouldn’t want to just replace the old one, we want to build a system that can do the continuous vetting. So they’re doing that, and for the first time ever, as of Oct. 1 six months ago, DCSA now has cognisance over not only the investigation mission, but also the adjudication mission, and this NBIS IT capability that we’re building, to be able to give us all the functionality we need to do it. So for the first time ever really the US government has all this stuff in one place. And I think I have a responsibility to make sure that we build that NBIS system in such a way that will maximize our ability to accomplish, you know, the missions that the nation has given to us. As we talked about earlier, especially as we move into a continuous vetting scenario, you can’t do it without some, if not artificial intelligence and machine learning at least the intelligent algorithms that will allow us to sift through mountains of data in order to do the job well. So we really have to, that’s a no-fail mission we have to get up and running and implemented. And by the way, unlike the initial OPM IT system, which was in primary part built initially in 1984, so you can imagine – it’s not in as good a shape as we’d like it to be – I now also own that within DCSA. But with this system, the NBIS system, it’s really a beginning-to-end system where it’s the entire personnel vetting enterprise mission from ingesting the initial request for a clearance all the way through adjudication and then into continuous vetting. So that’s a capability that we have to build. And then we work it into the business processes that allow us to kind of complete our various missions more efficiently. That’s the vision. And COVID, as we talked about earlier, hasn’t always helped in some ways, but we’re trying to do the things that we can do with COVID as efficiently as we can. And then, as soon as we’re able to get past this, we’ll work on the other ones.
Tom Temin: Bill Lietzau is director of the Defense Counterintelligence and Security Agency. Thanks so much for joining me.
William Lietzau: Thank you, Tom. I appreciate it.
Tom Temin: We’ll post this interview along with a link to more information at FederalNewsNetwork.com/FederalDrive. Subscribe to the Federal Drive at Apple Podcasts or wherever you get your shows.