Here’s your weekly DOHA dose – a shot of security clearance appeal cases and their outcome. The Defense Office of Hearings and Appeals releases the results of their security clearance appeals cases. They’re one of the best insights into which clearance cases are granted or denied in the Department of Defense.
True or false: using a coworkers credentials to log into a classified system will cost you your clearance
Edward Snowden is famously known as the snarky coworker who asked for a password, took credentials he shouldn’t have and then absconded with information he never should have accessed. Snowden’s breach caused a flurry of activity to protect government networks, including desk audits of cleared personnel which resulted in a more than 25% reduction in the number of active clearance holders. The incident also shined a light on Misuse of IT Systems as a criteria for denying or revoking a security clearance.
It may feel safe to assume, then, that failure to maintain IT system protocols is automatic ground for clearance denial. A recent appeal brought before DOHA demonstrates the power of positive testimony by coworkers – even for an egregious IT violation.
The individual in the case was a 56-year-old (yes, DOHA prints your age – but not your name!), cybersecurity professional who was issued a Statement of Reasons for intent to deny security clearance eligibility due to Guideline M, Use of Information Technology, and Guideline E, Personal Conduct. The case noted the applicant has held a security clearance for more than 20 years – since 1999 – but based on a 2018 internal investigation the individual was terminated due to violating IT policies. The individual attempted to use a coworker’s security token to log in and repair an IT system, along with using a thumb drive to transfer documents. During the investigation, when the individual was asked if he would do those things again, he replied (as my spirit animal would), “if it would get the job done.” When reminded by the corporate counsel that he had signed a non-disclosure agreement prohibiting sharing of credentials, he responded, “Okay, I won’t do it.”
The case appears to be a cut and dry case of an individual violating security policy, and losing access to classified information. That’s certainly the angle the individual’s employer took in firing him and entering an incident report. But in the SOR response and appeal findings, the following mitigating factors were considered:
- Time elapsed since the behavior, or behavior happening in unusual circumstances where it is unlikely to reoccur or cast doubt on the individual’s reliability, trustworthiness or good judgment.
- The misuse was minor and done ‘solely in the interest of organizational efficiency and effectiveness.
- Misuse was due to inadequate training or unclear instructions.
The mitigations appear directly in the adjudicative guidelines, and with all being applicable in the applicant’s case, he had a good argument for maintaining his eligibility.
False: Misuse of IT systems will not automatically result in clearance denial – especially when your coworkers have your back.
As is the case in many security clearance denials, the greater issue here is not the security breach itself, but the conduct surrounding it. If the individual had misused IT systems in order to make his own job easier, circumvent known company policy, or just to be a jerk, that would be an issue. In this case, the applicant argued that the violations of company policy were actually directly related to a desire to keep systems secure and perform his job effectively. The violations also took place on an unclassified network, and the individual seemed to understand the difference in policies on different systems – even if he was unaware of his own company’s policies.
Probably the single biggest factor supporting continued eligibility were the three statements given by coworkers of the individual – including the one whose token he asked to use. All provided positive references for the applicant and said they believed he didn’t intend to violate national security in his security violations. If those same three coworkers had testified that the applicant was a jerk – or just been unwilling to testify at all – the case would very likely have had a different outcome.
If you want to keep your clearance eligibility, it behooves you to be the kind of person your coworkers want to support.