The mass shooting at the Washington Navy Yard in September and the unprecedented leak of classified information from the National Security Agency by a contractor led the Obama administration to order a mandatory 120-day review of the government’s process for granting and reviewing security clearances.
And while that review is only about a month old, senior intelligence and security officials are studying ways to leverage technology to create a new process of “continuous evaluation” of employees and contractors to better identify so-called red flags in a person’s behavior, such as run-ins with the law, that can go unnoticed for years until a person’s background investigation is updated.
“Continuous evaluation is a tool that will assist in closing this information gap,” said Brian Prioletti, assistant director for the Special Security Directorate of the National Counterintelligence Executive within the Office of Director of National Intelligence. “It allows for a review at any time of an individual with eligibility or access to classified information, or in a sensitive position, to ensure that the individual continues to meet the requirements for eligibility.”
As many as 4.9 million federal government and contractor employees currently hold or are eligible to hold a security clearance. And the government spent more than $1 billion in 2011 to conduct more than 2 million background investigations. But the government faces a monumental task of maintaining accurate and current information on employees, especially as current guidelines only require holders of secret-level clearances to undergo new investigations every 10 years and top-secret clearance holders every five years.
But Prioletti and other senior security officials throughout the defense, intelligence and homeland security communities envision a new, more agile security clearance and review process that leverages everything from database integration to automated data sharing between federal, state and local law enforcement agencies, as well as reviews of social media sites.
“Manual checks are inefficient and resource intensive. The CE initiative currently under development will enable us to more reliably determine an individual’s eligibility to hold a security clearance or sensitive position on an ongoing basis,” Prioletti said during a hearing of the House Subcommittee on Counterterrorism and Intelligence. “There are a number of ongoing pilot studies to assess the feasibility of select automated records checks and the utility of publicly available electronic information, to include social media sites, in the personnel security process.”
Gregory Marshall, chief security officer at the Department of Homeland Security, said a continuous evaluation system would ensure agencies are alerted to relevant security information, such as an arrest or conviction for a crime outside of the federal system, on a timelier basis.
“Continuous evaluation represents a significant process improvement over current capabilities and will mitigate some of the limitations in the existing background investigation process,” he said.
One of the limitations agencies continue to deal with involves the sharing of information about employees with clearances when they change jobs. The process, known as reciprocity, involves the transfer and acceptance of a background investigation from one agency to another. It is seen as an efficiency- and cost-savings measure designed to eliminate the need to duplicate investigations, a process that can take up to a year to complete.
But the government has very little information on how often security clearances are accepted or rejected between agencies, said Brenda Farrell, director of military and DOD civilian personnel issues at the Government Accountability Office. More troubling, she said, is the lack of insight into how often agencies pass on derogatory information that comes to light before an employee’s background investigation is due to be updated.
“We do not know how well it works,” Farrell said. “There are no metrics. How often information is passed along is unknown.”
“When we can point to an existing investigation, we’ll honor it on its face,” Marshall said. “One of the gaps that we see within DHS is that we are not allowed to do any additional checks unless we have derogatory information. So it would be critical that the first agency to pass that information along to the second agency in order for us to take action.”
Merton W. Miller, associate director of investigations at the Federal Investigative Services within the Office of Personnel Management, which conducts 95 percent of all government background investigations, acknowledged there remains a major gap in the current five- and 10-year timeframes for new background investigations.
If information about arrests, financial troubles or foreign travel is not captured and reported the time between reinvestigations remains a major gap, Miller said.
Miller pointed to an initiative known as Rap Back, which is part of the FBI’s Integrated Automated Fingerprint Identification System. An upgraded data repository within IAFIS will allow federal agencies to receive immediate notifications whenever somebody who holds a security clearance has been arrested and fingerprinted.
But database integration down to the local level remains a significant obstacle to achieving this capability, he said, as only a limited number of the thousands of local police departments around the country have digitized and automated their fingerprinting procedures.
