Every revolution starts with an idea. Changing policies or circumstances alone is not enough. Now, for the first time in 50 years, the security clearance process has an ideological framework that could inspire revolution in even the most immobile bureaucratic hearts.
This vision to overhaul the clearance process was presented on Thursday by William Evanina, Director of the National Counterintelligence and Security Center (NCSC) and Deputy Director of the Office of Personnel Management (OPM) Michael Rigas. In very thorough and transparent conversation with press outlets (including ClearanceJobs.com), Evanina and Rigas presented an ambitious framework to move the deeply troubled process into the 21st Century. This framework builds on the Trusted Workforce 2.0 initiative released last March.
Problem #1: Backlog and delays
When discussions of the Trusted Workforce 2.0 initiative began last March, the inventory of the National Background and Investigations Bureau (NBIB) had reached an all-time high of 725,000 cases. So for the first four months of the initiative, all efforts were focused on bringing that backlog down. With changes to business processes, that number has now been reduced to 551,000 – a 24% decrease. While this represents great progress, clearance processing times have not improved and the backlog is still about double what a functional, “steady state” caseload should be.
As Rigas was quick to point out, “Not all of those 551,000 people are waiting on the sidewalk waiting to get into their government job.” Many are current employees with access under reinvestigation or who are working with interim clearances. However, some people are indeed waiting to start their jobs, or cannot perform them to the fullest extent thanks to the continued delays.
The Solution: Continuous evaluation and common sense
In addition to increasing the staff of NBIB, OPM has managed to reduce the backlog primarily by means of enrollment in Continuous Evaluation (CE). This ongoing process is a means to replace the 5 or 10 year periodic reinvestigations (PR) currently in place. CE continuously vets enrolled employees through the processing of data streams like credit reports and public records. This means security officers can address any red flags as they appear, not necessarily pile more folks into the OPM’s inventory. Currently DoD’s enrollment in CE has plateaued at around 1.1 Million.
In addition, officials have been making common sense changes to what Evanina referred to as “nickel and dime stuff” that has saved time and improved the process. People were getting held up in the periodic reinvestigations process for fairly minor things – adding to the backlog. For example, as one official noted, “Would anyone think that it makes sense to have to go out and verify selective service registration for someone who’s served in the military?”
Similarly, a reinvestigation might be held up because it required an interview with a former superior officer who was serving overseas. Instead of having to locate and fly someone halfway across the world to interview them in person, investigators are now using secure video teleconferencing where possible. Such common sense adjustments are breaking down the backlog and will hopefully speed up processing times in the future.
Problem #2: Process Security and Effectiveness for a modern workforce
The workforce is changing. Standards that may have made sense 25 years ago may not be applicable to the next generation of workers. Government needs to figure out how to find the talent it needs, onboard them quickly, while still making sure that employee is worthy of public trust.
The Solution: expanded methods; mental flexibility; risk management
Evanina, Rigas, and other ODNI and OPM officials affirmed Thursday that the investigations and adjudications process will have to take a more risk-based approach to assessing candidate suitability. While the process does now take into account the “whole person” concept – that generally no single red flag is grounds for clearance denial – officials are reevaluating what it means to be a trusted employee in the 21st Century. For example, if recreational marijuana use should continue to be legalized in more U.S. states, and if regular use continues to increase with the younger generations, should that still be grounds for clearance denial?
Likewise, how can social media be employed legally and effectively to monitor current and aspiring cleared personnel? If so, how do investigators verify which profiles actually belong to the candidate? How do they sift through such a massive amount of information for each individual? “I’m a big advocate for use of social media,” said Evanina. “but as government, we just haven’t figured out yet how to do that to scale.”
The use of CE should assist in this. Continuous vetting means that red flags in finances or arrest records (for example) won’t wait around until the next PR – they’ll pop up on the government’s radar immediately. This will not only tip security officers to potential insider threats, but will be able to offer employees help before they’re in over their heads. This will tailor the level of vetting to the level of risk.
Problem #3: Culture of mistrust
In order to make sure these process and mentality changes actually get made, what needs to change? According to Evanina, “Culture.”
In a sense, all these problems have a direct link to the stovepiped, often competitive nature of the national security and intelligence communities. Oftentimes agencies have operated as though they are independent entities, not part of a whole that shares a common mission. As a result, transferring a DoD-granted clearance to an intelligence agency might result in the employee requiring a new background investigation or other time-consuming, usually unnecessary hurdles. This is due, in great part, to a lack of trust between various agencies, as well as industry partners.
The Solution: Trusted Information providers; streamlining security, suitability, and credentialing
In fairness, it’s the job of these agencies to mistrust. National security depends on it. However, they must take a pragmatic approach of who they trust. According to ODNI and OPM officials:
“Currently, there are gaps between how security clearance vetting, suitability vetting, and credentialing vetting are conducted. The new approach better aligns the processes and criteria for all three vetting determinations to close these gaps. This will further streamline the process and result in more seamless mobility when an individual is moving from agency to agency or position to position.”
In other words, right now all the information gathering that determines whether a candidate is qualified, suitable, and safe to grant access is spread out across a wide range. This creates a lot of duplicated efforts, when instead, agencies may just be able to take someone else’s word for it. The Trusted Information Provider Program should “reduce the burden of information collection on an individual and duplication of effort with partner mission areas.” Trusted Information Providers will include entities such as human resources practitioners, military recruiters, and others in the public or private sector. In order to be considered a Trusted Information Provider, agencies, companies or departments will have to meet a rigorous set of security standards.
According to ODNI and OPM, “With the overarching framework developed, the next steps involve working through interagency processes to get the specifics right and begin issuing and implementing the policies across the federal government to bring about change.”
So now the seeds of security clearance reform have been sown. But like all great ideas, it’s precarious. This could completely revamp the system moving forward and solve not only security clearance issues, but national security issues, as well. But it could also be stamped out by the ruthlessly uninspired cabal known as “bureaucracy.” Let us hope for the former. Viva la revolucion.