Security clearance process still slow, but more secure
OPM's National Background Investigations Bureau has made significant progress in securing its systems and data, but the security clearance backlog persists, a House panel finds.
The Office of Personnel and Management has made progress on hardening its systems and databases used for conducting security clearances, but a substantial backlog of investigations persists, according to testimony at a Feb. 2 congressional hearing.
The House Oversight and Government Reform Committee questioned OPM and Department of Defense officials about progress the new National Background Investigations Bureau is making on both the cybersecurity front, and in speeding up the clearance process.
OPM Chief Information Security Officer Cord Chase and OPM CIO David DeVries told members that the NBIB now has multifactor authentication for 100 percent of users accessing the NBIB system.
In addition, NBIB has upgraded legacy systems while it waits for the Department of Defense to complete the new NBIB network by the end of 2018.
Outgoing DOD CIO Terry Halvorsen, who also testified, said work was progressing on the new system and that he had all the resources needed to role it out on an iterative basis.
DeVries and Chase told members that NBIB has moved to a zero-trust security model with increased data segregation and that by the end of 2017 all high value assets will be fully encrypted.
Halvorsen told members the new system is being built using the naval concept of having internal watertight doors that can be closed in the event of a breach, so that the entire system doesn't have to be shut down.
"So we're designing this system so we can fight, and that is the correct word, fight through any attempt to breach this system, and if we get breached, be able to block and contain and then eradicate any malware or system loss that gets in here," Halvorsen said.
Chase said that by the end of last year, OPM had addressed outstanding vulnerabilities identified by the OPM Inspector General's Office and the Government Accountability Office. Chase said systems had been brought "to a standard baseline where we feel comfortable that we can control our environment and we understand where we were with the IT system boundaries and the IT system boundary inventories."
Despite the technological developments, the NBIB, which officially launched and replaced the Federal Investigative Services on Oct. 1, 2016, is still contending with a backlog of more than half a million investigations.
Committee chair Jason Chaffetz (R-Utah) pushed Phalen on whether the NBIB would make investigations of social media a standard element of background investigations. Phalen replied that NBIB had run a short pilot to evaluate how social media could be incorporated into the investigations process in an efficient manner.
"The collection is the easy part," said Phalen. "The analysis of it becomes harder, and the more data that's out there the more difficult the analysis becomes."
Chaffetz also took note that time to process clearances was getting longer, not shrinking. In FY 2015 the average processing time for a secret clearance was 95 days and 179 for top secret. In FY 2016, those processing times increased to 166 and 246 days respectively.
Kathleen McGettigan, acting director of OPM, and Charles Phalen, director of NBIB, told members that NBIB hired 400 new investigators last year and will add 200 more this year. In addition, NBIB contracted two new firms to conduct investigations and those contracts began on Feb. 1, 2017.
The hearing repeatedly veered into partisan waters, with heated exchanges among members, with many of the Democrats on the committee calling for the committee to investigate Russia's hacking and attempts to influence the 2016 election. Several Democrats also called for investigations of President Donald Trump's national security advisor Michal Flynn's ties to Russia. Ranking Member Elijah Cummings (D-Md.) also raised the issue of whether controversial comments attributed to Trump senior advisor Stephen Bannon would trigger probes from clearance investigators.
Chaffetz pushed back, telling Democrats that such investigations were the purview of the intelligence committee.Another recurring theme was the importance of developing the federal government's cyber workforce. Members and panelists agreed that the government needs better pay and incentives and a more streamlined hiring process -- including faster security clearances -- to recruit and retain the needed talent.
"We do rely on patriotism -- we can recruit a lot for that -- but the pay disparities are getting out of hand," said Halvorsen. "I have lost six or seven people this year…basically because they could not turn down anymore the offers."
NEXT STORY: VA shakes up infosec ranks