The U.S. Department of Commerce published their findings of the internal review of the Investigations and Threat Management Service (ITMS) with the recommendation the unit be disbanded and permanently end the criminal investigation function within the DOC. The ITMS found itself in the hot-seat as a result of numerous complaints to DOC Office of Inspector General (OIG), which spanned many years. The OIG began its review in April 2021, and they are now publicizing the findings and recommendations.
Role of ITMS
The ITMS was created in 2006 to handle investigations within the DOC and to collaborate with national security entities, conduct investigations and analysis, and identify and assess critical threats. In addition, in 2014, the ITMS was charged with handling counterintelligence and insider investigations involving personnel (e.g. foreign visitors) and classified information. Additionally, the unit shoulders the responsibilities for protective intelligence investigations pertaining to the Secretary Commerce.
At the time of the OIG review, there were a total of 13 ITMS personnel, and they held Top Secret/SCI level clearances. When the review began, the entity had 1,945 open cases, of which over a third had no activity since 2017 or earlier. The review team determined that criminal investigative authorities weren’t necessary to conduct administrative investigations (i.e. security violations, suitability assessments, etc.). Furthermore, intelligence support to protecting the Secretary DOC was found not to require firearm authorization for ITMS personnel.
Still Need an Insider Threat Program
An insider threat program is required at DOC in adherence to EO 13857 which required implementation. In 2014 the program was initiated within ITMS. In doing so, they combined the criminal investigative units with the insider threat entity and the combo was to be the “hub” for the analysis of all prospective threats and to provide investigative leads – to themselves. Thus, creating a situation where the watchers were self-contained. The review team recommended insider threat responsibilities be stood up in a new unit with clearly defined parameters.
The counterintelligence work was being conducted under authorities, which according to the OIG, DOC simply did not exist within the DOC. Additionally how ITMS defined counterintelligence was itself problematic, “for example, ITMS appears to have used the term to refer to vetting of foreign nationals for access to department facilities or other matters more correctly identified as insider threat detection.”
Where ITMS appears to have completely crumbled is their lack of basic process and procedures to adequately track case files, handle evidence, and engage in effective case management. The situation was exacerbated by the lack of adequate management and supervision of ITMS activities over the course of several years. The absence of such all but ensured a lack of accountability within the ITMS.
“The Commerce Department leadership team took the ITMS allegations very seriously and upon learning about the concerns, immediately suspended all criminal enforcement activity and initiated a 90-day review to determine a comprehensive solution that would address these issues,” said Deputy Secretary Graves. “Commerce leadership has reviewed and accepted the recommendations in the report and will begin implementation immediately.”
Recommendations Going Forward
The four recommendations contained in the report are:
- The Department should eliminate ITMS, discontinue the criminal law enforcement function that was part of ITMS’s mission, clarify that the Department does not possess the authority to conduct counterintelligence activities, and redistribute other remaining functions of ITMS to other offices.
- The Department should establish an enhanced oversight framework for its administrative security investigations and insider risk management activities.
- The Department should update its written policies for its administrative security investigations and insider threat functions to ensure that they comply with all applicable laws and ensure that adequate safeguards exist to protect civil rights and civil liberties.
- The Department should continue ongoing work to close and archive ITMS cases, establish an appropriate schedule for the destruction of this information that complies with applicable law, and implement policies to ensure that no information developed by ITMS records inform future decisions without a prior legal review and independent factual corroboration.
The 26-page report is available here.