ClearanceJobs Blog

What's It Going to Take? (Our Inability To Catch Security Risks)

datesnotrecalled 2017-06-06 03:19:17 UTC #1

Just my own personal views and not one of anyone else or any organization's, private or public. Would love to stir some professional discussion.

Every few months I see a story in the news media or a DOJ press release about individuals who were charged with espionage or engaged in activities detrimental to our interests.

Just in the past year:

"An FBI translator with a top-secret security clearance traveled to Syria in 2014 and married a key ISIS operative she had been assigned to investigate..."

"A veteran State Department employee has been charged with making false statements to the FBI about gifts she had received from Chinese intelligence agents... [she concealed] her contacts with the intelligence agents and [failed] to report gifts she had received from them, including an iPhone, a laptop and international travel.

"A former FBI employee in New York was sentenced to two years in prison on Friday after admitting that he illegally acted at the direction of a Chinese official to gather sensitive information."

"A 25-year-old federal contractor is facing charges she leaked a classified National Security Agency document to a news outlet in May."

Obviously these are some of the more extreme circumstances. What's frightening is these are only the people that got caught. As far as I can tell, all agencies work within the same general guidelines with respect to fieldwork. What did initial or reinvestigations reveal? I'd like to think not much at all, because one would reasonably assume there would have been suspicious indicators. But assuming there were indicators in plain sight, would we have successfully detected and reported them given our current SOP's?

(Keeping OPSEC in mind here with your responses):
What has truly changed in the field over the past few decades for the better? When are we going to get more aggressive? Should we? When will we be granted true discretion? Why are we still acting like it's a pre-9/11 world as well as pre-world wide web? The world has changed, and so have our threats.

It's impossible to predict future actions for seemingly normal individuals. It's also unreasonable to think we'll catch every threat. But when will we finally wake up and ask ourselves: do we have the resources we need to accomplish the mission to the best of our ability? That, I believe, is the fundamental question we fail to ask. It saddens me all the talk in the beltway is about IT infrastructure and automated processes. While important, the guy doing the legwork is ignored.

Speaking of the mission, what is it? Are we now leaning toward CI/CT? Recent SOP's and guidance would suggest so. If so, why under the OPM umbrella? Is it jointly CI/CT and overall suitability? If so, is that truly feasible for a human resources agency? Is it simply just overall suitability? I doubt it, because we're getting and sharing guidance with the ODNI.

On another note, we now have unprecedented wait times for clearances. I've always been of the notion that we need to--while unfair to applicants, very much appropriate--take our time with these investigations, but we're now at a point where the majority of the FTE's belong to contractors who historically, within the past several years, have low-balled pay when compared to the GS scale and skill level. They have the misfortune of playing with a different set of rules than their federal compatriots. These folks--patriots--are leaving the BI industry behind or hopping from contractor to contractor; they are retired special agents and detectives, military veterans, and average citizens, young and old, who had a sense of duty and purpose. This cannot be sustained. I roll my eyes every time I see someone mention NBIB intends on hiring 400 new FI's. It's child's play. That's a fraction of FTE's at the major contractors when they're fully staffed.

I think it's safe to say that culture encourages the possibility of a major security incident because of a major, perhaps unintended oversight. It will be because there's a constant revolving door of new, inexperienced FI's, reviewers, or adjudicators who won't be mentored by seasoned vets and who build bad habits, or simply lack proper training. This goes back to my earlier question of obtaining and utilizing the appropriate resources.

What resources do you believe we need most to accomplish the mission (whatever it is)? I've always thought responses for requests for even the most basic information from some organizations can be troubling. That ought to be dealt with.
Most importantly, what's it going to take to consider some serious reform in the field?

RZzzz 2017-06-06 09:47:54 UTC #2

The whole process needs to be overhauled. It's inherently a flawed operation made even more flawed relative to the ever-changing world in which it still uses its old system to operate. Also, having a hodgepodge network of fed employees, retirees doing piecemeal or intermittent work, or young college grads willing to work for <$17/hour makes the whole enterprise uneven and shoddy at best. There is a real resistance to federalize the process. TSA has 40k employees. The Pentagon building itself about the same. General Dynamics has 99k. Raytheon has 61k. DoD has arpund 800k federal civilian employees and about the same number of contractor employees. I could go on giving the very high numbers of federal and contractor employees at various agencies but I think you get a feel for the huge numbers. Now, all of their BIs are handled by a small governmental agency with a small fraction of that number of employees and which is heavily buttressed by a mishmash of private sector employees and contractors with assorted levels of experience-- though increasingly trending toward complete novice. And of this private sector bunch the turnover rate is probably somewhere about the level of beach resort concession stands at the end of the summer.

I've got no major solutions. But first thing I would do is federalize the whole process immediately. They federalized airport screeners. The one thing that should be federalized-- BI's-- is done by people not sworn in and hold no security clearance. Crazy. Also, hand NBIB to DoD. Then go from there.

oldestinv 2017-07-23 17:39:24 UTC #3

Ahhh the irony

A political decision to privatize in 1996 despite a lot of concerns. Just enough to ruin my CSRS retirement. Now nothing but failure after failure to determine who poses a risk to national security

Me, I’m going to make a Subject contact to obtain the date of last contact with his verifier and landlord for a 5 month residence because that will certainly be relevant and make OPM look superior

I have truly lost confidence in goverment intervention in anything

Who_knew 2017-08-12 20:11:09 UTC #4

As I recall the reason that much of this system is privatized is because OPM was well under water in 1996. As was DSS in 2004 when they were forced out of the business. Federalization alone is probably not the answer.

Remove OPM as a player
Force ALL agencies to use the same service. No exceptions.
Adjudication must not be done by the agency that owns the Subject.