Subscribe to our daily newsletter.
Subscribe

After Snowden, will the security clearance process finally change?

For years, the Government Accountability Office has harped on the necessity for security clearance reform. There’s no oversight, no guidelines, the office has repeatedly argued. This week, with the ongoing case of Edward Snowden — who has been gradually leaking classified documents — and a Senate hearing Thursday, the issue might finally be getting its due.

As Snowden continues to leak classified documents (as recently as Friday), the public and congressional spotlight has finally turned on a process even people in charge call underfunded and unclear.

As of October 2012, a director of national intelligence report showed more than 3.9 million federal government employees and 1 million government contractors held security clearances. And the number of new requests has increased each of the last three fiscal years, and is expected to continue to climb.

The National Security Agency is also considering a new policy of giving employees top-secret security clearance before giving them access to classified documents. It’s also a big money sink, nearly a billion dollars annually. In FY 2012, the Defense Department alone paid the Office of Personnel Management (which runs the security clearance process) $753 million for security clearance investigations; $252 million of that was for industry employees, such as Snowden.

At a Senate hearing June 20, GAO’s Brenda Farrell, director of defense capabilities and management, said while OPM has made strides in quickly handling the robust security clearance requests, “now is the time” to focus on the GAO’s recommendations: seek out cost-savings, establish progress metrics and set clear standards for who needs what level of security clearance.

In recent years, OPM has done a commendable job of eliminating the considerable backlog of security clearance requests. “But efforts to develop and implement metrics for measuring the quality of investigations have not included goals with related outcome focused measures to show progress or identify obstacles to progress and possible remedies,” Farrell said at the Senate Homeland Security and Governmental Affairs Committee hearing.

A GAO investigation of 3,500 security clearance investigations found 87 percent lacked required documentation. And OPM opted not to use a tool — the Rapid Assessment of Incomplete Security Evaluations — offered as a remedy for the problem. An OPM official said the agency wanted to create another system, but to date, OPM “has not provided details on the tool including estimated timeframes for its development and implementation.”

The director of national intelligence has also not helped OPM much, failing to provide any rubric to judge what type of security clearance each type of job needs.

“To safeguard classified data and manage costs, agencies need an effective process to determine whether positions require a clearance and, if so, at what level,” Farrell said. “Last year, we found, however, that the director of national intelligence, as security executive agent, has not provided agencies clearly defined policies and procedures to consistently determine if a civilian position requires a security clearance.”

Instead, agencies have relied on an OPM-designed tool to assess the sensitivity and risk levels of each civilian position. But audits have revealed agencies apply the tool differently. In April 2012, OPM assessed the sensitivity levels of 39 positions within DOD. On 26 occasions, OPM found a different level of sensitivity than DOD. Later that year, GAO recommended DNI and OPM collaborate to create a new sensitivity tool, taking into account changing standards on “consideration of character and conduct for federal employment,” Farrell said.

Basically, it comes down to a lack of oversight. Patrick McFarland, OPM’s inspector general, admitted as much at Thursday’s hearing.

“My office has been alarmed for several years about the lack of oversight of OPM’s Federal Investigative Services program,” he said. “I fear I will spend a great deal of time during this hearing saying ‘I don’t know’ or ‘We have not looked into that issue’ because our resources remain woefully inadequate, preventing us from performing the level of oversight that such an important program requires.”

A major issue OPM has not looked into is cost-savings from eliminating redundancies and identifying process efficiencies. GAO found numerous examples of “duplicative investments.” DOD spent five years and $32 million developing a “Case Adjudication Tracking System.” The goal of the system was to streamline case management, and officials thought it could be easily applied to other agencies at minimal cost. But when it took steps to reach out to other federal agencies, if found five of them were already developing similar systems.

But OPM’s funding structure handcuffs the inspector general. The money earmarked for background checks — nearly $1 billion annually — cannot be used for any oversight operations.

“This creates a curious situation where a business-like enterprise is not required to fund even the most basic oversight practices, such as an annual financial audit,” McFarland said. “No private sector shareholder would invest in a $1 billion enterprise without adequate assurance that it had effective internal controls — and yet, that is exactly what the American taxpayers are being asked to do.”

And of the $24 million appropriated for the OPM’s inspector general, $21 million must be used solely for oversight the office’s retirement, health care and life insurance programs. That leaves $3 million to oversee the entire security clearance process. McFarland pushed the senators to pass legislation allowing the inspector general to request up to one-third of 1 percent of the budget for security clearance investigations. That would only bump their appropriations up a few million, but McFarland believes it would reap significant rewards. In the last five years, he said, the OPM inspector general’s office had returned $7 for each dollar spent on oversight.

“I believe that OPM customers, as well as the taxpayers, would agree that this money would be well spent,” McFarland said.

Former Twitter exec joins OSTP

A new addition has been made to the White House’s Office of Science and Technology Policy: Twitter lawyer Nicole Wong is joining as U.S. deputy chief technology officer, on the heels of another recent hire, Code for America founder Jennifer Pahlka, who serves as deputy CTO of government innovation.

Wong announced the move to her Twitter followers Thursday, expressing excitement over her new role.

Wong will be working under U.S. CTO Todd Park, focusing on Internet privacy and technology issues.

The news comes following reports the National Security Agency had been using secret Internet and phone surveillance programs, an event that called to question the Obama administration’s commitment to Internet and data privacy.

Wong has “tremendous expertise in these domains and an unrivaled reputation for fairness, and we look forward to having her on our team,” OSTP said in a statement.

At Google, Wong worked as vice president and deputy general counsel, earning the nickname, “The Decider.” After eight years at Google, she made the move to Twitter in January 2012, and has since November served as director of legal products.

FedWire: GSA’s OS2 program, DISA & JIE and new FCC database

2013_04_fedwire2001FedWire is FedScoop’s afternoon roundup of news and notes from the federal IT community. Send your links and videos to tips@fedscoop.com.

GSA’s OS2 program has saved the government $200 million.

Tour the National Renewable Energy Lab’s latest research center.

DISA to be better aligned with JIE.

Beta version of the Federal Registry for Educational Excellence has launched.

NIST seeks industry input at Cybersecurity Framework Workshop.

FCC’s new database launch.

NASA announces winners of 2012 George M. Low Award for Quality.

Coast Guard senior leaders discuss challenges.

West Wing Week:
http://www.youtube.com/watch?v=VxAZhOGMOAA&feature=share&list=PL8C61A61D646F0865

Air Force top officer: Sequester is crippling Air Force

The Air Force’s top officer has spent the week reiterating the deleterious impact of sequester cuts on the Air Force’s combat readiness. And at a Senate hearing June 20, the Air Force got at least a small indication that lawmakers agreed.

Appearing before the Senate Appropriations Committee’s Subcommittee on Defense, Air Force Chief of Staff Gen. Mark Welsh pressed the upper chamber to continue funding for the $391 billion F-35 fighter jet program. And the panel agreed, maintaining funding for the project, infamous for its runaway budget and repeated delays.

The House Armed Services Committee has also approved continued funding for the project. The Senate panel’s decision comes three days after Welsh preached the necessity of the project at the Air Force Association’s monthly breakfast.

“When we truncated our F-22 buy, we ended up with a force that can’t provide air superiority in more than one area at a time,” Welsh said. “The F-35 is going to be part of the air superiority equation whether it was intended to be, originally, or not.”

The Air Force’s F-22 “buy” was reduced because of the across-the-board cuts. The Air Force has grounded 33 squadrons, 12 of which were trained for combat and intelligence gathering. Seven additional squadrons were downgraded to basic missions capability only.

“We’ve got folks sitting in fighter squadrons looking out of windows at aircraft that they haven’t touched since the first of April,” Welsh said at the breakfast.

Thursday, Welsh echoed his comments, explaining the F-35 — a fifth-generation fighter plane combining stealth technology with fighter jet nimbleness — is integral to battle readiness in the face of cuts elsewhere.

“The air superiority this nation has enjoyed for 60 years is not an accident, and gaining and maintaining it is not easy,” he told the panel. “It requires trained, proficient and ready airmen and it requires credible, capable and technologically superior aircraft.”

Superior aircraft are also critical to any possible military action in Syria, currently in the middle of a brutal civil war. At the breakfast, Welsh said Syria had more advanced anti-aircraft capability than either Libya when the U.S. intervened in 2011, or during the no-fly era in Iraq from 1991 to 2003.

“We know the Syrians have more updated equipment than they had in Libya or Iraq,” Welsh said. “We also know they actually operate it. They turn it on, they use it, they train with it. … So our assumption is they’re better trained.”

Which is why Welsh argued Thursday for the funding to update the aging Air Force fleet.

“Potential adversaries are acquiring fighters on par with or better than our legacy fourth-generation fleet,” Welsh told the committee. “They’re developing sophisticated, early warning radar systems and employing better surface-to-air missile systems, and this at a time when our fighter fleet numbers about 2,000 aircraft and averages a little over 23 years of age — the smallest and the oldest in the Air Force’s history.”

While the final budget is not yet in place, at least Thursday, it looked as if the Senate and House were agreeing with Welsh.

Is it a phone or the basis for the military’s Joint Information Environment?

Editor’s note: This story has been updated to reflect it is the Joint Chiefs of Staff and not DOD who expects to be 80 percent thin client by April 2014.

Dramatically, Lt. Gen. Mark Bowman gestured from the podium into the audience.

“Why don’t you stand up, chief,” he said to the uniformed man at the center table. “He’s got one of the kits here with him.”

It looked like a simple, corded phone inside a black suitcase — old school. But to Bowman — director of command, control, communications and computers and cyber/J6 at the Joint Chiefs of Staff — it was distinctly new school. It represented how the military must develop secure technology in a rapidly changing and often insecure cyberlandscape.

The secure mobile phone device — only developed in the last year — was brought to functionality through government partnership, private sector collaboration and a bullish push to get a prototype working ASAP, then make tweaks and improvements.

In fact, the kit Bowman showed off was the third iteration of the device since last fall, when a faulty secure landline during a high-level conference call led frustrated officials to seek a secure mobile option.

“It’s what we can do today — solve easy problems that were impossible to solve in the past,” he said. Later, he added, “Cloud, virtualization, interoperability — it’s there today. We can go with enterprises and save money. Enterprise licenses between the Army, Air Force and [Defense Information Systems Agency]. You save tons of money there.”

Speaking at the 2013 Emerging Technologies Symposium — organized by the Armed Forces Communications and Electronics Association — Bowman bluntly explained how people and companies frequently let innovative technologies pass by them. It starts with confusion. Someone adopts a new technology, but doesn’t understand it. Instead of trying to adapt the new technology, it’s easier to defensively mock it or shame others for jumping on the bandwagon.

“If you’re a standup comedian, you’re really good at this,” he said.

But eventually, people start to accept it, and everyone forgets the initial resistance. “We start to tell everybody, ‘Yeah I knew that thing was going to be great from the start,’” Bowman said.

To Bowman, Joint Information Environment — the ability to deliver data to the Defense Department’s personnel wherever and whenever the data is needed — is in the early stages; the “it’s just a fad, it’s going to go away” phase.

But the phone, and the robust secure mobile network it foreshadows, means JIE is not far off. It started as a system for secure phone calls, “then one day, somebody said, ‘Hey, this would be pretty cool if we could do data,’” Bowman said. “What we did was partner with DISA and [National Security Agency]. DISA and NSA were able to take commercial technology and commercial cell providers and came up with a way to do 3G and 4G secure phone calls.”

Which soon mean the secure network could also “do data” and email — “not easily, but we’ll get there,” he said, adding the Joint Chiefs of Staff expects to be 80 percent thin client by April 2014. “We need to capitalize on what’s out there already. We don’t need niche systems. We need to be prepared to collaborate all along the way.”

US intellectual property rights see major improvements

Apple and Samsung may be sparring over intellectual property rights to cellphone technology, but according to the Office of Management and Budget, the U.S. has made significant progress in intellectual property right protection in recent years.

OMB today released the administration’s 2013 Joint Strategic Plan for Intellectual Property Enforcement, which provides an outline for the next three years of work in the area, and develops the work already being done by the administration.

In the past three years since the last joint strategic plan was released, the administration has improved drastically upon law enforcement of intellectual property rights, and legislation protecting them.

Since fiscal year 2009, Department of Homeland Security arrests in intellectual property cases have increased by 159 percent, and convictions are up by 109 percent. FBI health and safety-focused investigations have spiked 308 percent, while FBI health and safety arrests are up 286 percent. New trade secret cases also grew by 39 percent.

Congress also enacted seven of the administration’s legislative recommendations, many of which increase penalties for offenders and require stricter standards for reporting counterfeited items.

“We will focus on infringement that has a significant impact on the economy, the global economic competitiveness of the United States, the security of our nation, and the health and safety of the American public,” Victoria Espinel, U.S. intellectual property enforcement coordinator, said in a June 20 statement.

In fact, intellectual property-intensive industries accounted for 34.8 percent of U.S. GDP, and 60 percent of exports in 2010, according to a study by the Commerce Department.

The 2013 joint strategic plan acknowledges the challenges evolving technology poses in protecting intellectual property rights, but also discusses how technology can be used to the administration’s advantage.

“We envision new technologies able to screen trucks and shipping containers at our borders faster, more efficiently and more comprehensively than is possible at present,” the framework states. “We hope to see increased engagement between technology experts and the U.S. government.”

The 2013 plan will build on the existing foundation laid out in the 2010 plan, but also includes new ideas focused on energizing the international community in this effort, and conducting a series reviews and evaluations of existing measures.

FedWire: Mobile User Experience Wikithon, DARPA’s Spectrum Challenge and FOIA backlog

2013_04_fedwire2001FedWire is FedScoop’s afternoon roundup of news and notes from the federal IT community. Send your links and videos to tips@fedscoop.com.

Mobile User Experience Wikithon.

Competitors picked for DARPA’s Spectrum Challenge.

Sequestration continues to drain key capabilities from U.S. Air Force.

NSF and USAID announce global research collaboration awardees.

NTEU opposes commission that would review the performance and transformation of federal agencies.

FOIA backlog decreased in 2012 — by 1 percent.

We the Geeks: Building a 21st-century resume.

How to be an information systems technician in the Navy:

A ‘perfect storm’ of challenges hits Pentagon’s financial employees

Defense Department financial workers just aren’t enjoying their jobs any more, according to a recent survey of more than 1,000 employees. And it’s no surprise: They’re still tinkering with 2013 budgets because of the sequester, while working on the 2014 budget and preparing for audit readiness, simultaneously.

“And then we turn around and furlough them, freeze their pay and don’t hire anyone to help with the workload,” said Lou Crenshaw, recently retired principal at Grant Thornton, an accounting and advisory organization.

For two-thirds of those interviewed, it’s the largest confluence of challenges they’ve ever faced. “I think it’s a perfect storm,” Crenshaw said.

In the 11th annual survey of DOD financial executives and managers conducted by the American Society of Military Comptrollers and Grant Thornton LLP — titled “Navigating Through Uncertainty” — the most striking result, Crenshaw said, was the faltering job satisfaction among employees.

In the previous 10 years, senior executives had almost uniformly responded they loved their job. Last year, 86 percent said they “enjoyed their job a lot.”

“This time, it wasn’t quite so rosy,” Crenshaw said.

Only 53 percent echoed the same sentiment. And going down the chain of command, it got worse. Among managers, only 21 percent enjoy their job “a lot,” although 42 percent did say they “enjoy it most of the time.”

Causing this strain were three concerns: fiscal uncertainty, low morale and audit readiness. While 34 percent of managers and 29 percent of executives had “confidence” in their organization’s ability to hit the 2015 auditability deadline, only 3 percent of executives and 14 percent of managers had “high confidence.” And a robust 45 percent of executives have “very little confidence” or “no confidence.”

Crenshaw believes the military services might be setting the bar too high for audit readiness. It would take two more years, he said, to get to a place where each division could be audited and “pass with flying colors.” It should be more about getting each branch to the point where an audit could lead to useful reforms, a comment he saw echoed in the survey.

“The surprising comment made from the field was that many people thought, ‘Let’s stop dancing around the bush and getting ready for audit, and just do it,’” Crenshaw said, adding the Marine Corps had already started this process and was working on it with Grant Thornton. “I personally find that refreshing.”

Stress has also come from new information technology systems, which respondents said were actually adding, not reducing, the overall workload. So much effort is being spent on implementing new systems, Crenshaw said, that employees are reaping few benefits.

But hope is potentially on the horizon. As audits begin, new IT systems are fully installed and budgets fall into place, some of the strains could be alleviated. Military commanders in the field are increasingly recognizing that audit readiness means combat readiness, and having everyone on board as the audit process begins will be a big boost to morale, Crenshaw said.

“We’re beginning to get some certainty,” he added.

Forget fingerprints: Future biometrics ‘await just beyond the horizon’

Futuristic-sounding technology such as iris or voice recognition are not that far away, according to Steven Martinez, executive assistant director at the science and technology branch at the FBI.

Martinez spoke June 19 before the House Committee on Oversight and Government Reform about the effectiveness of using biometric technology in government credentials, in particular the use of fingerprints.

“While fingerprints may be considered the most common and widely used biometric modality, other biometrics await just beyond the horizon and the FBI is actively researching their accuracy, reliability and potential suitability in the lawful and constitutional performance of our mission,” he said.

FBI employees and contractors currently use identification cards with a frontal face image and a personal identification number. The cards don’t have a fingerprint for on-site identification purposes, but have the capability of storing one. The FBI also has the ability to use and implement fingerprint-based identity verification, should the need arise, according to Martinez.

The nature of fingerprint identification technology has come a long way since trained fingerprint examiners toiled in laboratories checking fingerprints manually. Today, there are more than 18,000 local, state, tribal, federal and international partners that electronically submit identification requests to the FBI’s Integrated Automated Fingerprint Identification System.

Beyond fingerprint identification, the FBI is also evaluating other biometric technology. Palm print identification, iris recognition and speaker recognition are relatively young biometric technologies that have been researched and tested in recent years. Computer-based facial recognition has made several advancements in the last decade, however, the standards for approving these types of technology continue to rise, leading to a need for further development.

Growing demand for more advanced identification technology led the FBI to create the Next Generation Identification program. The program has produced significant results, with drastic improvements in the existing IAFIS system. Specifically, the program has improved the accuracy and timeliness of responses, storage capacity and the interoperability with other systems, such as the biometric matching systems between the departments of Defense and Homeland Security.

NGI has been developed and implemented in increments with the third part completed in May. A fourth increment will be delivered in June 2014, and will have to do with the Interstate Photo System, and the Rap Back service expected to provide an ongoing status notification of any change in criminal history reported to the FBI after someone’s initial criminal history check.

According to Martinez, the FBI’s work in this area is an effort to improve local biometric abilities. The bureau “will be looking at the potential of emerging biometric technology to allow federal and local law enforcement partners to increase their identity management capabilities,” he said.

New center to demystify data for legislators

In the next few weeks, both congressional lawmakers and the public will have a new online resource that aims to demystify data, FedScoop has learned.

The Information Technology and Innovation Foundation is launching the ITIF Center for Data Innovation, with the goal to make data more accessible. The online center will strive to be the main destination for lawmakers searching for information on data, a topic many in Congress tend to shy away from because of its complexity.

“Our goal is to help people understand data, give people up-to-date news on how data is being used, and connect it to policy,” Daniel Castro, senior policy analyst at ITIF, told FedScoop. “There are so many areas in the economy where data can be used to improve it – areas that have yet to be tapped into — and we want to showcase that information.”

The Center for Data Innovation will feature a “Data Innovation 101” for policymakers, and look at which policies are driving data innovation domestically and internationally. The website will also have a library of resources on data innovation for policymakers. In addition, the center will serve as a resource for ITIF reports and blogs on the effect of data-driven innovation on economy and society.

To accompany the web portal, ITIF is also launching a weekly newsletter that will connect leaders in business and government with the latest information on big data, open data, data analytics, and data visualization.

“We want to separate out the marketing hype from the important trends and educate policymakers about the benefits and opportunities of data-driven innovation,” Castro said. “One way we will do this is by telling the stories of how data innovation is changing communities and industries around the world, and help policymakers understand how this transformation impacts the problems and solutions that they are working on.”

One of the first projects at the center will be sending new hire, Travis Korte, to participate in the Millennial Train Project. Korte’s project will highlight how data is changing communities across the U.S., creating connections between likeminded individuals involved in data innovation.

In January, ITIF hosted the first Data Innovation Day in D.C., which facilitated discussion of how to use data to improve society. This event proved to be the catalyst in creating the Center for Data Innovation, according to Castro.

ITIF will launch the Center for Data Innovation “in the next few weeks,” Castro said.