Monday, April 25, 2016

Security Clearance Reform: Some Movement Forward

   
In 2015 the White House ordered the Security Clearance Performance Accountability Council (PAC), to undertake a ninety-day review of the reforms to the Federal background investigative process, assess ways of improving the security of information networks and systems, and determine improvements that could be made to the way the Government conducts background investigations for suitability, security, and credentialing.

The PAC is an interagency body created by George W. Bush in his 2008 Executive Order 13467 and chaired by the Deputy Director for Management, OMB. It comprises the Director of OPM, serving as the Suitability Executive Agent, and the Director of National Intelligence, serving as the Security Executive Agent as well as representatives of DOD, Treasury, DHS, State, DOJ, DOE, and the FBI. When created in 2008, the PAC was charged with ensuring the alignment of suitability and security investigative and adjudicative processes, the implementation of a standard set of procedures and methods, and the development of IT capabilities to facilitate the process.

In January the PAC announced the conclusions of the ninety-day review. See also: https://www.whitehouse.gov/blog/2016/01/22/way-forward-federal-background-investigations

The PAC recommended two major changes to advance the goals articulated in EO 13467 and address the growing threat of cyber security attacks. First, the Administration announced the creation of a new unit, called the National Background Investigations Bureau (NBIB), which would absorb the Federal Investigative Service (FIS) and take on its mission of performing background investigations for most federal agencies. The Administration explains that, although the NBIB will report to the OPM director (as did FIS), DOD will now take on responsibility for the design, security and operation of the background investigations IT system for NBIB. Further, the head of NBIB will be presidentially-appointed and a member of the PAC, giving this important office a voice in major decisions affecting cross-agency security clearance policy.

The second major change assigns to DOD the role of ensuring that computer technology is best used in the facilitating of security clearance investigations and adjudications, sharing of information among agencies, and securing all information from external attacks. OPM describes establishing NBIB as a priority for FY16 and FY17 and notes that it will “transfer responsibility for the IT infrastructure management for NBIB to the Department of Defense.” Id.

In February, the House Oversight Committee made clear it had some skepticism of the recommendations from the ninety-day PAC study.

Most concerning, it seemed from hearing questions, is the division of responsibility between DOD and OPM. Nevertheless, OPM recently named a transition team to head up the creation of NBIB out of the old Federal Investigative Service.

It may be noteworthy that the Deputy Manager, Christy Wilder, comes to the project from DNI’s Office of Legislative Affairs. Perhaps she will bring her experience there to persuading lawmakers of the value of the new structure.

Meanwhile, the 2016 Q1 report of the cross-agency group working to implement the PAC goals, registers that efforts to Improve Oversight and Quality of Background Investigations and Adjudications have missed a number of key milestones. An effort to “work with agencies to develop adjudicative quality standards, critically examine the existing process, assess the adequacy of oversight mechanisms in place, and share best practices” (2016Q1, p. 20) appears stalled while a survey tool is developed to poll the agencies. The development of tools, procedures and standards to improve oversight and quality of investigations and adjudications has been sidelined, in favor of other priorities. Id., p. 21.

The executive branch seems to take seriously the need to improve the security clearance process, to standardize the investigations, and to regularize the adjudication across agencies. It recognizes the benefits that IT may bring to the process but also the need to protect data from cyber threats digitally stored and transmitted. Nevertheless, what the reports of the ninety-day study group and the 2016 Q1 report tell us more than anything is that change comes slowly, and nowhere more so than to interagency efforts, like the present improvement of the security clearance process.


This blog was written by Mary Kuntz.





No comments: