Security

Security clearance reform: more questions than answers

navy yard from wikipedia

There has been a lot of talk but little action on changes to the security clearance process in the four months since the Navy Yard shooting.

It has been more than four months since the Navy Yard shooting, more than six since the Edward Snowden insider leaks began and four years since Bradley (Chelsea) Manning downloaded the first of hundreds of thousands of documents for illegal release. But the security clearance process that granted access to three of the most serious breaches of government trust in recent memory remains troubled.

Calls to reform the processes behind security clearances are not new, but they have been ratcheted up in a new era of insider threats. But there are no clear solutions to fixing the system, and it would seem that questions outnumber answers.

"You can see the magnitude of what we're dealing with" in the cases of Snowden, Manning and Navy Yard shooter Aaron Alexis, said Rep. Rob Wittman (R-Va.), as part of a panel convened by the Congressional Smart Contracting Caucus in Washington on Jan. 28. "People question, how did that person get a security clearance? What due diligence did the contractor do to make sure that didn’t happen? What happened within [the Office of Personnel Management] to manage this process? All those are questions that come up when we see these things happen around us, and they make all of us question the system."

There is plenty of debate about options, such as changing the frequency of background checks, automating information-gathering processes and centralizing data. But even the proposed solutions themselves come with numerous questions about how to implement any changes.

"We have to do some reflection. How well does the actual background check work?" asked another participant, Virginia Democratic Rep. Gerry Connolly. "What reforms are going to be needed? Does the current system of five to 10 year [interims between checks] work? Or should we move to continuous evaluation, and aren’t there problems with that too?"

Connolly noted the potential for over-reaction – say, to a late credit card payment that ends up jeopardizing someone's clearance unnecessarily – and he questioned the ability to handle and sort the data accompanying the roughly five million people holding security clearances today.

With such serious consequences on the line, anything less than perfection could be deemed a failure, which makes the reform efforts that much more complicated. Combined with timeliness issues – including a presidential directive to examine clearance processes after the Navy Yard shooting – and constrained budgets, officials need to look deep for solutions.

"We want it done better, we want it done faster, we want it done cheaper – we would all agree to that, but that involves a real hard look at what flexibilities exist in the system to increase efficiency and do things like drive automation," said Joe Jordan, public sector president at FedBid and former administrator at the Office of Federal Procurement Policy.

Besides the need to digitize information-sharing, narrowing the numerous entities involved and establishing reciprocity are at least part of the answer, Jordan added.

Many of the proposed solutions rely on the use of IT – automation, continuous evaluation, shared data banks between agencies – but it's not an easy transition to make.

"The information technology space is thought to be the one [critical area]. That's the one that needs the most attention and is the hardest to get," said John Fitzpatrick, ‎director of the information security oversight office at National Archives and Records Administration.

It also is not a new area to be explored by the government. The use of technology has been studied, including by federal entities, to little avail, noted Brenda Farrell, director of defense capabilities and management at the Government Accountability Office.

"A lot of these visions weren’t realized because they didn’t have a target. ... It's very important for the next reforms that goals are clear, who's in charge is clear and there are metrics. One metric to measure the reform efforts, and one to measure whatever phase we're trying to improve," Farrell said.

Note: This article was updated on Jan. 29 to note that the Congressional Smart Contracting Caucus convened the Jan. 28 event.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Thu, Jan 30, 2014 RayW

I have a friend who is an investigator for one of the private firms. He was complaining that he gets investigations that are months old, sometimes close to a year, and is expected to complete the background in a week or two. This often requires travel to many states (and out west there is a LOT of distance between Montana and Texas) which cuts into the investigation time. Question is, where has the paperwork been sitting all this time?

The mentioned sharing of data is good for security, but that does not obviate the need to walk around asking references about the person and finding other people that are not references to go find out more and to get away from coached answers (for my first clearance in 1970 I was told that the investigator only asked my references who else I knew, and then went and asked those other people questions.)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group