Steve Bannon’s Hypothetical Security Clearance and Your Unencrypted Social Security Number

Security Clearance security clearance investigation

In two and a half hours of Michael Flynn, Steve Bannon and Russia, members of congress did make a few minutes for discussing security clearance policy during today’s Oversight and Government Reform Committee meeting. The debate veered into partisan waters for the majority of the question and answer period, with Democratic lawmakers setting their sights on the President’s executive authority over the security clearance process.

“The President has the ability to grant a clearance or grant access to anyone whom they please – it is at their discretion,” noted Director of the National Background Investigations Bureau Charles Phalen. Lawmakers pushed Phalen on what, if anything, could be done to prevent members of the President’s cabinet and advisory staff from having access to classified information.

Committee Co-chair Elijah Cummings (D-MD) proffered a series of accusations from  a Daily Beast article about White House adviser Steve Bannon. Other committee members asked what action might be taken against White House advisors who may now be under FBI investigation due to potential links with Russia.

Government officials were quick to stick to the script, continually pointing lawmakers to the President’s authority to select which members of his staff have ‘need to know.’ They also emphasized their office’s focus on producing only investigative products – which are then given to adjudicators who make the final security clearance determination based on agency guidance.

Cybersecurity and Legacy Systems

The other emphasis of the committee meeting was on cybersecurity. OPM is still operating with legacy systems, and when pushed on encryption, OPM CIO David DeVries noted that while data was still being moved over, currently Social Security Numbers on OPM’s systems are not encrypted.

DeVries noted that XML is now used on front-facing applications, and is what new users will experience. But data does remain on legacy systems, and that transition will continue throughout 2017.

Department of Defense CIO Terry Halvorsen was questioned on the Pentagon budget and whether or not there were sufficient resources to do the job. A recent Washington Post article highlighted a Pentagon report which had found billions of dollars of waste across the Defense Department.

“The report, issued in January 2015, identified “a clear path” for the Defense Department to save $125 billion over five years. The plan would not have required layoffs of civil servants or reductions in military personnel. Instead, it would have streamlined the bureaucracy through attrition and early retirements, curtailed high-priced contractors and made better use of information technology.”

Halverson avoided commenting on the report, but when asked about his own resources and budget stated, “I have the resources to do everything I need to do with the NBIB.”

Making Social Media Monitoring Work

Outside of criticizing the President’s role in security and whether or not the committee should investigate Russia’s role in the DNC hack, one of the most pointed exchanges was between committee Chairman Jason Chaffetz (R-UT) and Phalen regarding social media monitoring in the background investigation process.

“This is what drives people crazy about the government,” said Chaffetz. “You had to conduct a study to find out if looking at social media is valuable and the conclusion is: ‘it might be, yes’?”… Let me answer the question for you: Yes, looking at publicly available social media should be part of the process.”

Phalen pushed back that the question isn’t if social media should be used, but how to incorporate it into the current background investigation process – a process that is largely the same today as it was in 1980.

“The largest pole in this tent is not can we collect the information, it’s not is there going to be valuable information in there – it’s how we can incorporate it into a standard background investigation in a way that is cost effective to our customer base,” said Phalen.

Working Through the Backlog

While the current backlog of more than 500,000 background investigations was a surprisingly small piece of the hearing, OPM officials were asked what steps they were taking to improve the speed of the security clearance process. The hearing highlighted these stats:

  • In FY2015, it took on average 95 days to process a secret clearance and 179 days for a top secret clearance.
  • In FY2016, it took on average 166 days to process a secret clearance and 246 days for a top secret clearance.

Phalen noted “two things of large proportion” which should improve processing times. NBIB doubled the number of companies available to provide contract investigations, and also hired 460 new federal investigators in 2016. They plan to hire another 200 in 2017.

Lindy Kyzer is the editor of ClearanceJobs.com. She loves cybersecurity, social media, and the U.S. military. Have a conference, tip, or story idea to share? Email editor@clearancejobs.com. Interested in writing for ClearanceJobs.com? Learn more here.