Overdue Overhaul: Security Clearance Reform in a Decade of Leakers, Spies and Insider Threats
When the Coast Guard accused one of its own in February of planning wide-scale domestic terrorist attacks from his work computer, it could be seen as the latest in a lengthy list of high-profile failures of the U.S. government’s security clearance and vetting process.
However, in the most recent case, a Coast Guard “insider threat” program detected Lt. Christopher Hasson’s deadly plans before he acted on them. It was a victory for government efforts to implement programs aimed at detecting suspect behavior by those who have already received a government security clearance, which grants trusted employees and contractors access to classified government secrets that could cause serious or exceptionally grave damage to the United States if divulged.
The government stepped up such detection efforts after a series of deadly attacks and major security breaches by government employees or contractors. In 2009, Nidal Hasan was an Army major when he fatally shot 13 people and injured more than 30 others at Fort Hood in Texas. Chelsea Manning was an Army sergeant in 2010, and Edward Snowden was a National Security Agency subcontractor in 2013 when they leaked vast amounts of classified information. Aaron Alexis was a defense contractor when he fatally shot 12 people and injured three more in the Washington Navy Yard.
Yet the U.S. government’s security clearance and vetting process had granted each of these individuals a clearance before they acted. This is the same security clearance process that in 2018 and 2019 was placed on the Government Accountability Office’s “high risk list” of programs that are highly vulnerable to fraud, waste, abuse and mismanagement, or that need broad reform. The security clearance process was placed on the list partly because of a substantial backlog in background investigations—the high was 715,000, in 2018—and inefficiencies in the overall security clearance process. In a recent RAND report, my colleagues and I also identified shortfalls in the security clearance system and recommended the U.S. government intensify efforts to put more robust vetting rules in place for security clearances, including investing in models to more reliably predict trustworthiness.
Some in Congress have signaled the need for reform. In December, Sen. Mark Warner, vice chairman of the Senate Select Committee on Intelligence, introduced legislation that would revamp the security clearance process by requiring plans for faster progress in reducing the background investigation backlog, modernizing vetting processes and making them consistent across agencies to enhance reciprocity, strengthening oversight and streamlining redundancies. The proposed legislation promotes the concept of clearance in person, which would allow security clearances to be transferred with a person if they are employed by another agency or private company, rather than starting from zero with each workplace change. This legislation follows a requirement in the 2018 fiscal year National Defense Authorization Act to transfer responsibility for Department of Defense background investigations from the Office of Personnel Management’s National Background Investigation Bureau to the Department of Defense.
The authorization act requirement would transfer about 80 percent of the National Background Investigation Bureau’s workload to the DoD. But the Trump administration plans to transfer the entire bureau background investigation mission to the DoD in phases, rather than have two executive branch entities conducting the same mission. For several months administration officials have been promising that reform is on its way, and an executive order is expected to be issued that would execute the transfer.
The most significant overhaul of the security clearance process in 50 years appears to finally be at hand. At the end of February, the director of the National Counterintelligence and Security Center and the deputy director of the Office of Personnel Management – working through the interagency Security, Suitability, and Credentialing Performance Accountability Council – announced that the Trusted Workforce 2.0 framework would be implemented soon, once White House review of the framework is complete.
Trusted Workforce 2.0 is intended to improve the government’s personnel vetting and security clearance processes. Media reporting indicates that this improvement will be based on six primary pillars: more nimble policymaking and clear policy for implementation; ensuring personnel vetting is tailored, reciprocal between agencies, and includes continuous vetting (which will tie into insider threat programs) rather than laborious periodic reinvestigations; aligning and streamlining security, suitability and credentialing processes; reducing the number of investigative levels, or tiers, from five to three (Trusted, Secret and Top Secret); expanding the spectrum of investigative methods, including the use of digital interview channels; and implementing a trusted information provider program to improve efficiency by allowing investigators to leverage certain information that has already been collected by designated government and private sources.
With the legislative and executive branches seemingly on the same page regarding the need for changes to the security clearance and vetting system, the long overdue reform appears to be finally within reach.
Sina Beaghley is acting Associate Director of the Cyber and Intelligence Policy Center at RAND. Previously, she served as the Director for Intelligence and Information Security Issues on the National Security Council staff and a member of the White House Disclosures Task Force.