Security clearance reform: more questions than answers
Many of the proposed solutions rely on the use of IT – automation, continuous evaluation and shared data banks between agencies.
There has been a lot of talk but little action on changes to the security clearance process in the four months since the Navy Yard shooting.
It has been more than four months since the Navy Yard shooting, more than six since the Edward Snowden insider leaks began and four years since Bradley (Chelsea) Manning downloaded the first of hundreds of thousands of documents for illegal release. But the security clearance process that granted access to three of the most serious breaches of government trust in recent memory remains troubled.
Calls to reform the processes behind security clearances are not new, but they have been ratcheted up in a new era of insider threats. But there are no clear solutions to fixing the system, and it would seem that questions outnumber answers.
"You can see the magnitude of what we're dealing with" in the cases of Snowden, Manning and Navy Yard shooter Aaron Alexis, said Rep. Rob Wittman (R-Va.), as part of a panel convened by the Congressional Smart Contracting Caucus in Washington on Jan. 28. "People question, how did that person get a security clearance? What due diligence did the contractor do to make sure that didn’t happen? What happened within [the Office of Personnel Management] to manage this process? All those are questions that come up when we see these things happen around us, and they make all of us question the system."
There is plenty of debate about options, such as changing the frequency of background checks, automating information-gathering processes and centralizing data. But even the proposed solutions themselves come with numerous questions about how to implement any changes.
"We have to do some reflection. How well does the actual background check work?" asked another participant, Virginia Democratic Rep. Gerry Connolly. "What reforms are going to be needed? Does the current system of five to 10 year [interims between checks] work? Or should we move to continuous evaluation, and aren’t there problems with that too?"
Connolly noted the potential for over-reaction – say, to a late credit card payment that ends up jeopardizing someone's clearance unnecessarily – and he questioned the ability to handle and sort the data accompanying the roughly five million people holding security clearances today.
With such serious consequences on the line, anything less than perfection could be deemed a failure, which makes the reform efforts that much more complicated. Combined with timeliness issues – including a presidential directive to examine clearance processes after the Navy Yard shooting – and constrained budgets, officials need to look deep for solutions.
"We want it done better, we want it done faster, we want it done cheaper – we would all agree to that, but that involves a real hard look at what flexibilities exist in the system to increase efficiency and do things like drive automation," said Joe Jordan, public sector president at FedBid and former administrator at the Office of Federal Procurement Policy.
Besides the need to digitize information-sharing, narrowing the numerous entities involved and establishing reciprocity are at least part of the answer, Jordan added.
Many of the proposed solutions rely on the use of IT – automation, continuous evaluation, shared data banks between agencies – but it's not an easy transition to make.
"The information technology space is thought to be the one [critical area]. That's the one that needs the most attention and is the hardest to get," said John Fitzpatrick, director of the information security oversight office at National Archives and Records Administration.
It also is not a new area to be explored by the government. The use of technology has been studied, including by federal entities, to little avail, noted Brenda Farrell, director of defense capabilities and management at the Government Accountability Office.
"A lot of these visions weren’t realized because they didn’t have a target. ... It's very important for the next reforms that goals are clear, who's in charge is clear and there are metrics. One metric to measure the reform efforts, and one to measure whatever phase we're trying to improve," Farrell said.
Note: This article was updated on Jan. 29 to note that the Congressional Smart Contracting Caucus convened the Jan. 28 event.
NEXT STORY: GSA, DOD team up to bolster cyber protections