In 2020, after Congress handed all security clearance investigations work over to the Defense Department, the once enormous backlog of pending investigations finally reached a “steady state” of 200,000, down from a peak pileup of more than 720,000.
But as the Defense Counterintelligence and Security Agency makes progress on an issue the National Security Commission on Artificial Intelligence pinpointed as in need of “substantial reform,” problems around the status of both the legacy and new IT systems that deal with background investigations as well as with reciprocity, or the ability of one agency to accept an individual’s security clearance granted by another agency, remain.
During a Wednesday House Committee on Oversight and Reform government operations subcommittee roundtable hosted by Rep. Gerry Connolly, D-Va., chairman of the subcommittee, William Lietzau, DCSA director, reported progress on multiple fronts. Within the last year, the agency established a building block for its Trusted Workforce 2.0 continuous vetting program called Trusted Workforce 1.25, which has allowed for continuous vetting of some 3 million security clearances.
DCSA also re-baselined the National Background Investigation Service—the IT system under development that will support Trusted Workforce 2.0 policies—and is “providing characteristics that can be used right now,” according to Lietzau.
Lietzau acknowledged that there’s still work left to be done, though, and GAO’s Brian Mazanec, who directs the defense capabilities and management team, suggested some of these reported successes may require a closer look. For starters, Mazanec indicated GAO would take a look at whether the 200,000 “steady state” number is actually a good one.
“We're currently looking at this issue as part of our ongoing work and we may report on our views as to whether or not a sufficient analysis has been conducted to determine the appropriate goal for the investigation inventory … especially as the enterprise implements these new requirements under Trusted Workforce 2.0,” Mazanec said.
And Mazanec also said that even after the NBIS program was re-baselined, GAO found that the program’s integrated master schedule was not reliable and that DOD and the Office of Personnel Management, which previously housed the bureau charged with managing the clearance process following the 2015 OPM hack, have not finished work to secure the legacy IT systems that will remain in use until NBIS is fully online.
“We think that this may affect the ability of DCSA to deliver NBIS on schedule as needed,” Mazanec said of schedule issues, adding that securing legacy systems is “as important as ever” in light of the SolarWinds and other recent, high-profile cyber incidents.
On top of that is the issue of reciprocity, which industry representatives said was much improved within DOD, but less so across the federal government on the whole. Not only did industry speakers maintain that reciprocity issues continue to throw up hurdles to getting positions filled, but SAIC’s Jennie Brackens also said she wasn’t sure how continuous vetting programs would alleviate the issue without a top-down policy clarification on what’s acceptable when it comes to reciprocity.
“We need to have that mutual understanding across the agencies of what is acceptable under the continuous vetting program,” Brackens said.
Marianna Martineau, DCSA’s assistant director for adjudications, said that because NBIS is a common platform, connecting data across departments and agencies will alleviate reciprocity issues because agencies will all have access to the same information regarding things like exceptions or waivers that can contribute to reciprocity delays.
“We don't have to order investigations, we don't have to wait for them to show up in a mail room and be scanned and uploaded and the entire electronic workflow that happens after that, and I do believe it will be a time saver,” Martineau said.