CIO Briefing

Administration Calls for Program to Continously Probe Personnel

In September 2013, Aaron Alexis opened fire in Washington's Navy Yard, killing 12 people and injuring eight others.

In September 2013, Aaron Alexis opened fire in Washington's Navy Yard, killing 12 people and injuring eight others. // Jacquelyn Martin/AP

A governmentwide effort that will require additional funding is underway to connect the computer systems used for issuing security clearances and identification cards, in response to the Navy Yard shootings that killed a dozen people. 

According to an interagency report released on Tuesday, various strategy and budget documents for the effort are due within six months. 

The overhaul is intended to accelerate a transition to "continuous evaluation,” in which software routinely checks databases and social media for negative information on personnel in sensitive positions. Gunman Aaron Alexis reportedly had a card that allowed him access to the Navy Yard, despite a history of psychological problems and a disciplinary record. 

The report recommended that the information technology strategy must, among other things, provide real-time access to official records on background checks, government licenses and police records. The program also must let employees continuously update their electronic security forms, and it must incorporate "new data sources, to include social media." 

The 29-page report contained one sentence addressing the privacy of tracked individuals: "Any such strategy must ensure system include capabilities to safeguard individual privacy and civil liberties, consistent with the needs of national security and workplace safety," it said. 

Within 180 days, an interagency council must develop and approve a "reform IT strategy" that includes medium and long term plans and a clear 2016 budget proposal. 

Numerous surveillance trials are underway at, for example, the Pentagon and the Office of the Director of National Intelligence, to achieve continuous evaluation. The "pilots assess automated data checks from multiple sources (e.g., credit checks, social media, personnel records, and self-reporting records) that may reveal relevant information, prompting further investigation and enabling agencies to prioritize their efforts on those who appear to have the highest risk," officials said. 

The military has been testing a program, called the Automated Continuous Evaluation System, that has sampled 3,370 Army service members, civilian employees, and contractors. The system discovered that about 22 percent had derogatory records that no one reported, and 3 percent had "serious derogatory information (e.g. financial issues, domestic abuse, drug abuse) that resulted in a revocation or suspension of a security clearance," officials aid. 

A Surveillance System Powered by Big Data

Tuesday’s report recommends speeding activation of a governmentwide surveillance system for tracking employees at all security levels. The current timetable -- which a footnote describes as 'notional' -- calls for full activation in 2016. 

"As automation and other capabilities increase, we recommend driving toward a CE system that would, to the greatest extent possible, notify appropriate security officials of noteworthy events or incidents in near-real time," officials said. Continous evaluation "would access relevant data sources, in greater volume and with more frequency than our current system."  

Procedural and fiscal issues could complicate deployment, however. 

The report found that enabling real-time checks "is resource intensive, and poses genuine technical and procedural challenges" and that today "there is no governmentwide capability, plan or design present in the investigative community to operate a data-driven architecture to collect, store and share relevant information." 

Yet some former intelligence officials say the technology already is in place, just not configured to tap all relevant data streams. The government for years has continuously, electronically surveilled the behavior of personnel in sensitive security positions, said Dale Meyerrose, the first chief information officer of the intelligence community, under the DNI.

"It’s not new technology -- it’s a matter of making it more encompassing, making it more scalable, making it faster” at searching for signs of changes in behavior, he said. "A lot of it is the same infrastructure, the same sensors, the same networking technology. You just put in the software code new rules [detailing which databases to scour], new processes, new applications."

An Obama administration 2015 budget sent to Congress this month directs the Office of Management and Budget, as well as the Homeland Security, Justice and Treasury departments to dedicate agency funding for key databases that will support continuous evaluation. Administration officials, in Tuesday's report, said they "are working to develop a cost estimate implementing [continuous evaluation]."

Lawmakers have long pressed the government to tighten the procedures for disbursing security clearances, as well as IDs for accessing federal facilities and networks.  A House Oversight and Government Reform Committee staff report released last month noted that Alexis used "a valid Common Access Card" military ID to enter the Navy Yard. 

Clarification: This story has been updated to clarify that the current timetable, which calls for full activation by 2016, is 'notional.'

Threatwatch Alert

Credential-stealing malware / Cyber espionage / Insider attack / Unauthorized use of user privileges / Unauthorized use of employer’s data

Ex-wife Of Former Cop Allegedly Used Mobile Spyware in ID Fraud Scheme

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// October 21
X CLOSE Don't show again

Like us on Facebook