For years, the Government Accountability Office has harped on the necessity for security clearance reform. There’s no oversight, no guidelines, the office has repeatedly argued. This week, with the ongoing case of Edward Snowden — who has been gradually leaking classified documents — and a Senate hearing Thursday, the issue might finally be getting its due.
As Snowden continues to leak classified documents (as recently as Friday), the public and congressional spotlight has finally turned on a process even people in charge call underfunded and unclear.
As of October 2012, a director of national intelligence report showed more than 3.9 million federal government employees and 1 million government contractors held security clearances. And the number of new requests has increased each of the last three fiscal years, and is expected to continue to climb.
The National Security Agency is also considering a new policy of giving employees top-secret security clearance before giving them access to classified documents. It’s also a big money sink, nearly a billion dollars annually. In FY 2012, the Defense Department alone paid the Office of Personnel Management (which runs the security clearance process) $753 million for security clearance investigations; $252 million of that was for industry employees, such as Snowden.
At a Senate hearing June 20, GAO’s Brenda Farrell, director of defense capabilities and management, said while OPM has made strides in quickly handling the robust security clearance requests, “now is the time” to focus on the GAO’s recommendations: seek out cost-savings, establish progress metrics and set clear standards for who needs what level of security clearance.
In recent years, OPM has done a commendable job of eliminating the considerable backlog of security clearance requests. “But efforts to develop and implement metrics for measuring the quality of investigations have not included goals with related outcome focused measures to show progress or identify obstacles to progress and possible remedies,” Farrell said at the Senate Homeland Security and Governmental Affairs Committee hearing.
A GAO investigation of 3,500 security clearance investigations found 87 percent lacked required documentation. And OPM opted not to use a tool — the Rapid Assessment of Incomplete Security Evaluations — offered as a remedy for the problem. An OPM official said the agency wanted to create another system, but to date, OPM “has not provided details on the tool including estimated timeframes for its development and implementation.”
The director of national intelligence has also not helped OPM much, failing to provide any rubric to judge what type of security clearance each type of job needs.
“To safeguard classified data and manage costs, agencies need an effective process to determine whether positions require a clearance and, if so, at what level,” Farrell said. “Last year, we found, however, that the director of national intelligence, as security executive agent, has not provided agencies clearly defined policies and procedures to consistently determine if a civilian position requires a security clearance.”
Instead, agencies have relied on an OPM-designed tool to assess the sensitivity and risk levels of each civilian position. But audits have revealed agencies apply the tool differently. In April 2012, OPM assessed the sensitivity levels of 39 positions within DOD. On 26 occasions, OPM found a different level of sensitivity than DOD. Later that year, GAO recommended DNI and OPM collaborate to create a new sensitivity tool, taking into account changing standards on “consideration of character and conduct for federal employment,” Farrell said.
Basically, it comes down to a lack of oversight. Patrick McFarland, OPM’s inspector general, admitted as much at Thursday’s hearing.
“My office has been alarmed for several years about the lack of oversight of OPM’s Federal Investigative Services program,” he said. “I fear I will spend a great deal of time during this hearing saying ‘I don’t know’ or ‘We have not looked into that issue’ because our resources remain woefully inadequate, preventing us from performing the level of oversight that such an important program requires.”
A major issue OPM has not looked into is cost-savings from eliminating redundancies and identifying process efficiencies. GAO found numerous examples of “duplicative investments.” DOD spent five years and $32 million developing a “Case Adjudication Tracking System.” The goal of the system was to streamline case management, and officials thought it could be easily applied to other agencies at minimal cost. But when it took steps to reach out to other federal agencies, if found five of them were already developing similar systems.
But OPM’s funding structure handcuffs the inspector general. The money earmarked for background checks — nearly $1 billion annually — cannot be used for any oversight operations.
“This creates a curious situation where a business-like enterprise is not required to fund even the most basic oversight practices, such as an annual financial audit,” McFarland said. “No private sector shareholder would invest in a $1 billion enterprise without adequate assurance that it had effective internal controls — and yet, that is exactly what the American taxpayers are being asked to do.”
And of the $24 million appropriated for the OPM’s inspector general, $21 million must be used solely for oversight the office’s retirement, health care and life insurance programs. That leaves $3 million to oversee the entire security clearance process. McFarland pushed the senators to pass legislation allowing the inspector general to request up to one-third of 1 percent of the budget for security clearance investigations. That would only bump their appropriations up a few million, but McFarland believes it would reap significant rewards. In the last five years, he said, the OPM inspector general’s office had returned $7 for each dollar spent on oversight.
“I believe that OPM customers, as well as the taxpayers, would agree that this money would be well spent,” McFarland said.