What's It Going to Take? (Our Inability To Catch Security Risks)


#1

Just my own personal views and not one of anyone else or any organization's, private or public. Would love to stir some professional discussion.


Every few months I see a story in the news media or a DOJ press release about individuals who were charged with espionage or engaged in activities detrimental to our interests.

Just in the past year:

"An FBI translator with a top-secret security clearance traveled to Syria in 2014 and married a key ISIS operative she had been assigned to investigate..."

"A veteran State Department employee has been charged with making false statements to the FBI about gifts she had received from Chinese intelligence agents... [she concealed] her contacts with the intelligence agents and [failed] to report gifts she had received from them, including an iPhone, a laptop and international travel.

"A former FBI employee in New York was sentenced to two years in prison on Friday after admitting that he illegally acted at the direction of a Chinese official to gather sensitive information."

"A 25-year-old federal contractor is facing charges she leaked a classified National Security Agency document to a news outlet in May."

Obviously these are some of the more extreme circumstances. What's frightening is these are only the people that got caught. As far as I can tell, all agencies work within the same general guidelines with respect to fieldwork. What did initial or reinvestigations reveal? I'd like to think not much at all, because one would reasonably assume there would have been suspicious indicators. But assuming there were indicators in plain sight, would we have successfully detected and reported them given our current SOP's?

(Keeping OPSEC in mind here with your responses):
What has truly changed in the field over the past few decades for the better? When are we going to get more aggressive? Should we? When will we be granted true discretion? Why are we still acting like it's a pre-9/11 world as well as pre-world wide web? The world has changed, and so have our threats.

It's impossible to predict future actions for seemingly normal individuals. It's also unreasonable to think we'll catch every threat. But when will we finally wake up and ask ourselves: do we have the resources we need to accomplish the mission to the best of our ability? That, I believe, is the fundamental question we fail to ask. It saddens me all the talk in the beltway is about IT infrastructure and automated processes. While important, the guy doing the legwork is ignored.

Speaking of the mission, what is it? Are we now leaning toward CI/CT? Recent SOP's and guidance would suggest so. If so, why under the OPM umbrella? Is it jointly CI/CT and overall suitability? If so, is that truly feasible for a human resources agency? Is it simply just overall suitability? I doubt it, because we're getting and sharing guidance with the ODNI.

On another note, we now have unprecedented wait times for clearances. I've always been of the notion that we need to--while unfair to applicants, very much appropriate--take our time with these investigations, but we're now at a point where the majority of the FTE's belong to contractors who historically, within the past several years, have low-balled pay when compared to the GS scale and skill level. They have the misfortune of playing with a different set of rules than their federal compatriots. These folks--patriots--are leaving the BI industry behind or hopping from contractor to contractor; they are retired special agents and detectives, military veterans, and average citizens, young and old, who had a sense of duty and purpose. This cannot be sustained. I roll my eyes every time I see someone mention NBIB intends on hiring 400 new FI's. It's child's play. That's a fraction of FTE's at the major contractors when they're fully staffed.

I think it's safe to say that culture encourages the possibility of a major security incident because of a major, perhaps unintended oversight. It will be because there's a constant revolving door of new, inexperienced FI's, reviewers, or adjudicators who won't be mentored by seasoned vets and who build bad habits, or simply lack proper training. This goes back to my earlier question of obtaining and utilizing the appropriate resources.


What resources do you believe we need most to accomplish the mission (whatever it is)? I've always thought responses for requests for even the most basic information from some organizations can be troubling. That ought to be dealt with.
Most importantly, what's it going to take to consider some serious reform in the field?


#2

The whole process needs to be overhauled. It's inherently a flawed operation made even more flawed relative to the ever-changing world in which it still uses its old system to operate. Also, having a hodgepodge network of fed employees, retirees doing piecemeal or intermittent work, or young college grads willing to work for <$17/hour makes the whole enterprise uneven and shoddy at best. There is a real resistance to federalize the process. TSA has 40k employees. The Pentagon building itself about the same. General Dynamics has 99k. Raytheon has 61k. DoD has arpund 800k federal civilian employees and about the same number of contractor employees. I could go on giving the very high numbers of federal and contractor employees at various agencies but I think you get a feel for the huge numbers. Now, all of their BIs are handled by a small governmental agency with a small fraction of that number of employees and which is heavily buttressed by a mishmash of private sector employees and contractors with assorted levels of experience-- though increasingly trending toward complete novice. And of this private sector bunch the turnover rate is probably somewhere about the level of beach resort concession stands at the end of the summer.

I've got no major solutions. But first thing I would do is federalize the whole process immediately. They federalized airport screeners. The one thing that should be federalized-- BI's-- is done by people not sworn in and hold no security clearance. Crazy. Also, hand NBIB to DoD. Then go from there.


#3

Ahhh the irony

A political decision to privatize in 1996 despite a lot of concerns. Just enough to ruin my CSRS retirement. Now nothing but failure after failure to determine who poses a risk to national security

Me, I’m going to make a Subject contact to obtain the date of last contact with his verifier and landlord for a 5 month residence because that will certainly be relevant and make OPM look superior

I have truly lost confidence in goverment intervention in anything


#4

As I recall the reason that much of this system is privatized is because OPM was well under water in 1996. As was DSS in 2004 when they were forced out of the business. Federalization alone is probably not the answer.

  1. Remove OPM as a player

  2. Force ALL agencies to use the same service. No exceptions.

  3. Adjudication must not be done by the agency that owns the Subject.


#6

I’m not an investigator . . . My only experience is as an applicant . . . The problem that I have with this statement is that is appears to assume that the long delays are do to the actual investigative work being done. However, I just waited 17 months for a clearance and I can tell you that I don’t believe that there was more than a few days to, at most, a few weeks worth of work actually done.

Yes, I realize that this implies that there is a great need for more manpower. But, reform could also greatly shorten the wait times AND likely provide better filtering of applicants. In too many cases that I have read about, mine included, a short, proper, interview would have told those making the decisions that the applicant was not risk to national security. At the same time, very little investigative work would have been required to show that those described above posed a risk.

Anyone who sits down and talks to me, about anything, for 30 minutes, will realize that I pose no risk to national security. That I believe strongly in the mission assigned to those guarding our nation and there is no amount of money that would tempt me to betray our nation or put those who defend it at greater risk.

But, it took me, because of a few financial issues caused by underemployment and the 2007-8 financial crisis, took me 17 months to get my clearance.

I am VERY interested in what everyone has to say!


#7

The comment was more so directed at the culture of case closure and metrics. Within some work environments there can be a push to close out cases. The M.O. might be: work the case at the minimum required threshold as soon as possible, though that’s not always the case. Mileage may vary.

Clean Tier 5 case? One investigator? Can probably, realistically get knocked out in a few days. Actual field work and report submission won’t take long.
Bad Tier 5 case? Ambiguous goings-on at the workplace? DUI’s? Financial issues? Several regions involved? Now the actual field work shouldn’t take too long, but factor in the push to close out cases and other cases on an FI’s radar that have priority over that one. Let’s not forget that deadline… but what if there’s something you feel you need to look into despite already meeting your required threshold? Is that case getting the attention it needs? Is there something possibly missing that would be an adjudicative factor? A good team leader and a good FI will say to work the case until they feel they’ve got nothing left to dig around for–forget the deadline. A bad team leader and FI will say “I did my job, onward” (at least that’s my opinion). I have always been blessed with great leadership that understands problem cases in problem regions, though I’ve heard of others’ stories that had me question their leadership’s judgment.

I don’t think applicant interviews really allow you to fully understand someone, hence the other checks and fieldwork. A good FI will be able to get someone talking candidly, but frankly, I have no reason to 100% believe anything that comes out of a subject or source’s mouth until its corroborated in one way or another. You can appear to be the sanest, most patriotic person in the world… then when I talk to your old neighbors I’ll find out the police went over to your residence regularly because you used to beat your spouse. Or when I speak to your old college roommate it turns out you got citations for public intoxication. Oh and that stuff wasn’t reported on the SF86 or during the interview.
Those are exaggerated examples and opinions but I hope you see what I mean.

It’s important to recognize we need to be careful balancing the interests of national security with the applicant’s interest. Even in a backlog.
Uncontrolled financial problems within the past few years? Lack of responsibility and judgment, maybe even susceptible to influence or coercion. Extensive foreign ties and interests in a questionable country? Susceptible to foreign affection or influence, maybe even questions of loyalty.

What I’m trying to say is (with respect to your comments about risk) that although someone says they’re the most patriotic and responsible person in the world, there’s no reason to believe their narrative. If that is indeed the case, that will be developed as the investigation runs its course. Their actions will speak louder than words. And even if someone were to make an argument about why their situation may not be a factor in any adverse decision, the interests of national security need to be met, and such proven.


#8

Right . . . And that neighbor may tell you about police visits while he is really upset that the rotting tree I never cut down fell on top of his daughter’s car. The college roommate? I’m now married to his old girlfriend.

I’m not downplaying the rest of the investigation . . . But, remember . . . while many applicants are being held up, many jobs are being done by less qualified workers who’s clearance was “easier” possibly because they were younger and, in theory, had less to be looked at.

Foreign travel isn’t so special anymore. You don’t have to leave the country to fall under the influence of foreign powers. I’m not just talking about Facebook and the internet . . . Our work places are teeming with foreign nationals from many different countries as are our schools and neighborhoods. I’m not even sure that someone with foreign travel should need to be looked any more closely than someone who has not. If I were trying to gain influence over a cleared worker, I would seek out someone who had NEVER travelled.

This doesn’t mean that the investigation should be shut off, but if there are areas that you can’t properly investigate, why investigate them poorly?

But, in any case, my real issue is the backlog and the delay, coupled with the number of cleared individuals who have been turned. The fact that my investigation took 17 months instead of six, cost me ten of thousands of dollars, and untold stress on my marriage. All the while, your list of failures shows me that these costs do not appear to have been offset by increased safety for our country.


#9

And as I said I wouldn’t necessarily weigh one person’s testimony as immensely significant without some corroboration, with some exceptions. We all understand people badmouth others. On the other hand, we understand people talk up others.

I’m not going to speak to the quality of workers in industry because I have no experience in that realm. Less qualified (I’m assuming you mean as it relates to work experience and not security risks) individuals filling roles would sound like an industry problem, though, yes, to an extent affected by background investigations. But your point makes sense.

Regular travel isn’t a concern. Interactions with foreigners is commonplace. That’s a given. That’s not what I’m getting at. You’re missing my point of susceptibility to coercion or foreign influence (this is very much theoretical in nature, but I’m sure someone can direct you toward examples that showcase links between foreign interests/preference to questions of loyalty) and indicators of such. Anyone who has ever received a CI/insider threat briefing or worked in anything security related should have an basic understanding of the threat.

The backlog is its own separate issue. There are only so many personnel that can work hundreds of thousands of cases. Two common solutions to that: (a) increase personnel (b) responsibly reduce fieldwork

I don’t think you would be wrong to assume the financial costs (of the work) haven’t been offset by increased safety. It’s also possible that it is immeasurable. A change in policy would allow for analysis. And I would very much like the government to acknowledge and prevent these failures in security. However, those cleared individuals you speak of and the ones I mentioned in the original post were all at one point deemed non-risks. The challenge is trying to predict future risky or questionable behavior. For people with interesting histories it can be black and white… but for “clean” folks, that’s a much more difficult thing to determine.


#10

We are on the same plane but, maybe coming at this from different angles . . .

Yes, the quality of the workers IS an industry problem, but you have to remember that this entire process is in place to support both the government’s need for workers AND industry’s need. In both cases, work often goes the individual who is already cleared rather than the quality worker who is waiting in the backlog. Industry can’t always wait 18 months to do their hiring.

I absolutely understand the your point on susceptibility! From the Rosenbergs and Alger Hiss to current issues. I’m not new to all of this. But, to predict FUTURE susceptibility, you are talking about psychological exams and even then, are you going to exclude applicants because they MAY do something in the future?

The backlog isn’t really a separate issue at all. They are linked closely.

In the cases that you listed, I am familiar enough to recognize some and can only say that there were clear signs that these individuals were a risk. Perhaps not always at the time of their investigation but clearly BEFORE they did significant damage. That is not a failure of the investigative community but one of workers at various agencies failing to report what they see.

When I had my last cleared job, in 2012, I had a coworker who would poke me about the car that I drove. It WAS a very nice BMW 740i. A very expensive car and he would comment on it every day (never directly to our FSO or anything) and it got on my nerves. I took him aside and told him that the car was 15 years old when I bought from my uncle, who also had not bought it new. I paid $4K and the car needed about $1500 worth of work.

The point is that he was talking like I might be living beyond my means but never actually did anything about it. Perhaps if I had also installed a $60,000 pool and sent my kids to private school I would have been facing an investigator.

Things like this have been missed time and again and resulted in damage to our national security. I really don’t think that there is much of anything, at the entry to the clearance process that can stop this. It’s more a matter of policing the ranks of active workers.


#11

Yes, I think we both have the same fundamental agreements but are looking at it from our own personal experiences.

Significant damage is usually carried out by those already within the ranks. I’d like to see how much continuous evaluation and predictive analysis mitigate risk. It’s interesting to think what a legal standard for denying an applicant based on predictive analysis would be and what sort of precedents that would establish, or if that could even be pulled off.

And as you say, others’ failure to report is a problem.


#12

@datesnotrecalled discussed common, daily, issues in the field investigator’s day. We do get clean cases - I’ve started the ESI and completed an entire case (T5, T5R, and T4s) in one day. This is how the case flow should work.

The norm is I get the case, the Subject delays the subject interview for (fill in the blank reason). Then we spend too many hours reconstructing the security questionnaire because they carelessly went through the form. BTW - military T5Rs are just as bad as the new T5s in carelessness.

You worry about the mean neighbor or coworker? They are pretty rare. Normally, I have to press to get the derogatory information found else where. When I develop an issue, it is my responsibility to get enough information - through records/people - to give the adjudicator the chance to figure out if you are a risk.

Last note before I hop off the box. I am sorry your case took so long. It happens - often anymore. We have to ensure you are not a risk when you are given the green light. We have real clearance holders that spy against us - recently in fact. I am concerned about the continuous evaluation process because it still requires supervisors, contractors, and institutions to report derogatory information to the various databases. We are already aware contractors, federal agencies, and the military don’t report events that would raise a security concern in the current process.


#13

See . . . I don’t think that tighter screening before granting clearances will eliminate much of the spying or passing of information to media that we have seen in recent years. After all, situations, personal, political, financial, etc. change over time. Continuous evaluation will allow some of this to be picked up but, more importantly, clearance holders will be reminded more often that they are being watched. As noted earlier, there in all of the cases of which I am aware, there were signs that should have been picked up by coworkers, supervisors and others long before things got as bad as they ended up.


#14

We can do a post-mortem and find all the warning signs from a Snowden or a Manning or any of the other recent high-profile security violations, and use that info to build some kind of personality profile…

But how many other people fit the same profile and never commit massive security violations ending up in very damaging leaks? You could call it ‘espionage’ but I’m not sure if it fits the legal definition, even if the end result is the same.