It is the classic scenario. One kid in the class takes advantage of the system or ignores the rules, and everyone else suffers for it. Trust violated by one person can ruin trust for all. Whether it is right or wrong, it is still understandable. When national security is at risk and classified information has been compromised, the backlash on the rest of the cleared contractor community is unavoidable.
Increased Oversight for Systems Administrators & IT Security Professionals
The spotlight is definitely on the National Security Agency in the aftermath of the Edward Snowden leak. National Security Agency Director Keith Alexander is in the hot seat and in recent congressional testimony outlined steps to reduce the risk of future leaks. Two risk reducing measures the agency is looking to make are the reduction of system administrators and the development of a buddy system when accessing certain classified documents. A few other areas for action or discussion include: looking into insourcing versus contracting jobs, auditing positions to ensure clearances are necessary, and better defining the qualifications for IT security positions.
Increased Insourcing
Technically, no difference should exist between cleared civilian and contractor employees. It is the same vetting process for both parties. The rules and the stakes are the same. Incorrectly handling classified material has the same ramifications for either camp. However, if a leak occurs, the media and public opinion seem to prefer cleared individuals handling important information to be government employees and not contractors. In other words, if public opinion agreed that government and contractor employees were interchangeable, Snowden’s contractor status and background would not have been identified as having any significance.
So if the problem is not that Snowden was a contractor, why the scrutiny on outsourcing? Perhaps it means that public opinion cannot be trusted or perhaps it means that the government versus contractor status should be considered. The answer probably falls somewhere in the middle. The workforce has shifted over the years from government billets to contractor support positions and sometimes, this shift has been made for important positions. The importance of the position or level of cleared information is immaterial; however, team cohesiveness and loyalty could be questioned when the employees answer to different employers.
It is also arguable that since contractors can have a faster hiring time than the government, it could be easier for less reputable or trustworthy employees to be added to the team. Perhaps one benefit to the generally slow government hiring process is that it could potentially create a barrier for less than ideal candidates.
After looking into whether to insource or contract, perhaps an audit of cleared positions should be in order. Individuals move in and out of positions that require a certain clearance level, whether by making a personal job change or by changing job responsibilities within the same organization. Depending on the manpower available, it can be impossible to quickly adjust clearance levels to keep up with the demands of the job. Clearly, managing insider threats is a cost and risk management balance for each agency.
An Audit of IT Security Qualifications
Lastly, it is clear that the IT Security position is increasing in demand. A recent article in Government Information Security shows a 26 percent increase of the number of individuals who self identify as an information security analyst in the past two years. The area of expertise is a growing field within the defense department; however, as the area grows, clear qualifications need to be established in order to ensure the department acquires individuals with the correct credentials. Snowden may have had the right credentials, but his background does give the impression that skill outweighs the necessary credentials to work for the Defense Department.
Hindsight always seems like it is 20/20, especially when looked at through the media lens. The Snowden is providing the kind of scrutiny of the clearance system to lead to steps toward ensuring the right people are being hired to work within a classified environment. The system may be cumbersome or slow at times, but that cannot be an excuse for avoiding any checks and balances that would prevent another leak from taking place.
