In the wake of the Edward Snowden-storm and the Navy Yard shooting, congressional leaders and government security experts have been scrambling to find a way to identify the next troubled clearance holder before he or she becomes a national security problem. More frequent periodic reinvestigations, more advanced record keeping and an audit of cleared professionals are among the reforms proposed.
Now ‘continuous evaluation’ is on the agenda for the House Permanent Select Committee on Intelligence (HPSCI). Included in the 2014 Intelligence Authorization Bill is language requiring intelligence agencies to “continuously determine whether their employees and contractors are eligible for access to classified information.”This would include automated checks of social media accounts and other legally available public records, including financial information, credit reports, travel information and criminal records.
Currently, periodic reinvestigations gather this type of information. But in the case of secret clearance holders (such as Navy Yard shooter Aaron Alexis), such investigations are only carried out every 10 years. Current procedures require self-reporting potential clearance issues – a big gap and certainly a security vulnerability.
NEXT STOP – CONTINUOUS MONITORING
Continuous evaluation is just the interim step on the way toward continuous monitoring, a much more significant issue for security-cleared professionals. Even as officials debate the legality of the NSA’s PRISM program, many have noted its potential for preventing leaks such as Snowden’s in the first place. The federal government is certainly capable of close monitoring of clearance holders (they keep track of the porn habits of terrorists, after all).
In written testimony before the House Committee on Homeland Security, Gregory Marshall, Chief Security Officer with the Department of Homeland Security, offered continuous evaluation as just a stepping stone of what’s to come.
“This administration’s recent information-sharing and safeguarding initiative, also known as Insider Threat, seeks to complement background investigations and continuous evaluation with continuous monitoring,” Marshall said. “This program will incorporate and analyze data in near-real time from a much broader set of sources. Its focus is the protection of classified information but its applicability to suitability and contractor fitness is evident.”
The Obama Administration’s Insider Threat program has already come under criticism for dubious results, as well as creating a “toxic work environment” where issues from stress to divorce may be seen as potential threats to national security.
For all of the benefits of both continuous evaluation and continuous monitoring, the results on the security-cleared workforce are likely to be adverse. Particularly in a time when the government struggles to attract top cyber talent, it seems unlikely that young professionals will willingly sign up for a system that promises their personal online interactions will be sent via report to their government boss.
Security clearance reform is needed. And there’s no harm in Congress debating options and bringing experts to the table for discussion. But any knee-jerk reaction to ‘fix’ the system, whether it’s brought about by Congress or the Executive Branch, is likely to cause just as much damage to the clearance process it’s looking to reform.