Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Security clearance process ready for, in need of its next makeover
Friday - 11/1/2013, 3:51am EDT
The Office of Management and Budget will kick off a 120-day review of the security clearance process next week.
An interagency working group will make recommendations to the president for improvements across three broad areas.
"For suitability and fitness, the review will focus on whether the processes in place correctly identifies applicants who, based upon their character and past conduct, may be disruptive to operations or even dangerous to the workplace," said Joe Jordan, administrator of the Office of Federal Procurement Policy, during a hearing before the Senate Homeland Security and Governmental Affairs Committee Thursday. "The focus on national security risk will center on determining eligibility and granting access that could lead to loss of classified information and damage to national security. Additionally, we will evaluate the means to collect, share, process and store information that supports these decisions, while emphasizing transactions among and equities shared across agencies."
Jordan added the working group would review how these changes to the standards and procedures could be applied to federal contracting. One example Jordan highlighted is the increased sharing of data between agency suspension and debarment officials, and the offices which are responsible for determining security clearances.
Jordan, and representatives from the Office of Personnel Management, the Office of the Director of National Intelligence, the Defense Department and the Government Accountability Office, tried to alleviate lawmakers' concerns since the tragic shooting of the Navy Yard and the almost six-month barrage of leaked classified data from Edward Snowden underscored the problems with the security clearance process.
February deadline for recommendations
President Barack Obama called for the review in the wake of the Navy Yard tragedy in September. One of the biggest issues in the Navy Yard tragedy and the Snowden leaks highlighted is the time between security clearance reviews. Currently, if a federal employee or contractor receives a security clearance at the secret level, the government doesn't review them again for 10 years. If the employee or contract receives a top secret clearance, the government reviews them again in five years. Both situations rely on self reporting of any problems or changes by the government employee.
The review will try to address some of these shortcomings.
Jordan said agencies will collaboratively work on the issues with a goal of figuring out where the gaps and problems are, and addressing those issues immediately.
The interagency group will issue their recommendations to the president in mid- February.
This latest interagency committee is one of several that has tried to address long-standing issues with the security clearance process.
Congress got involved with the 2004 Intelligence Reform and Terrorism Protection Act where it called for major changes to the security clearance process, including speeding up the time it takes to get someone through the process.
Some lawmakers and experts say what the government is experiencing now is a reaction to that need for speed.
The issues with Aaron Alexis, the Navy Yard shooter, or Edward Snowden, in part, could be tracked back to the short cuts by vendors who are under pressure to meet congressionally-imposed deadlines to get the initial security clearance done. One of those requirements is a goal that says 90 percent of the initial clearances must be done in an average of 46 days.
Too much time in between reviews
One hole in the entire security clearance process that agencies recognized several years ago is with reevaluations of employees and contractors. Agencies leading these security clearance improvement efforts recognize there's a need to have a continuous evaluation process.
Brian Prioletti, the assistant director of the Special Security Directorate in the National Counterintelligence Executive Office in the Office of the Director of National Intelligence, said ODNI has been testing a concept of continuous evaluation along with DoD over the last several years.
"We created a concept of operations that is now ready for testing that takes a level of checks and balances that are high enough to satisfy the requirements of top secret-sensitive compartmented information organizations such as the IC, but also reasonable for non-title 50 organizations or some of the other organizations. That's a very touchy balancing act to make sure we have enough checks," Prioletti said. "But it's an expansion of what's currently done. There are national agency checks, police checks and financial checks for secret-level clearances. We've expanded those to cover other areas. Some databases that include classified information and some that do not, as well as the commercial databases."
Prioletti said the continuous evaluation working group, which includes OMB, OPM and DoD, is trying to balance the need for information with the need to protect citizens' privacy and civil liberties. He said the working group is trying to figure out how to incorporate open source data through social media sites and other streams into the continuous evaluation process.