Lawmakers Want Updates on Pentagon’s Security Clearance Overhaul

House lawmakers want quarterly updates as the Defense Department builds a new state-of-the-art system to store sensitive background investigation forms on national security employees and contractors.

That’s one of the requirements written into the House version of the Defense Authorization Act, the massive annual bill setting Pentagon policy for the coming year. The House Armed Services Committee is currently writing its version of the bill, and its Emerging Threats and Capabilities subcommittee approved the security clearance proposals today.

Lawmakers want the quarterly briefings to begin in December and a fully functional system -- to replace hacked digital files at the Office of Personnel Management -- operating by September 2019.

In addition, the bill requires the Pentagon, OPM and the director of national intelligence to issue a “governance charter” clearly explaining each agency’s “respective roles, responsibilities and obligations … with respect to the development and implementation of the system,” the statement noted.

In January, the Obama administration announced plans to overhaul the security clearance process, putting DOD in charge of building a new system to store sensitive documents and creating a new bureau within OPM to conduct background checks.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

That came after OPM, last summer, disclosed its computer systems had been ransacked by hackers -- purportedly Chinese cyberspies -- who made off with sensitive data on more than 21.5 million current and former federal employees, contractors and retirees.

But members of Congress are concerned splitting the background check process into two different agencies could lead to bureaucratic power struggles between OPM and DOD and limit accountability.

DOD Chief Information Officer Terry Halvorsen stressed to lawmakers that, so far, OPM and the Pentagon have worked together on the project. But ultimately, he said, DOD is responsible for the technical aspects of the new system.

“I don't expect any problems to come up,” Halvorsen said during a February House hearing. “If they do, I'll take them directly to the secretary of defense."

In addition to regular updates on system development, the House defense bill calls on DOD to limit connections with older legacy systems and incorporate continuous monitoring of network

At the February House hearing, Halvorsen promised an “integrated layer” of cyberdefenses to protect the system. Previously, officials have mentioned end-to-end encryption of the data and even airgapping -- removing some systems from the Internet altogether -- some of the system as protection methods.