Insider Threat Program Advances, Slowly

The Department of Defense recently demonstrated the “Continuous Evaluation” of approximately 100,000 cleared military, civilian and contractor personnel, in order to validate their eligibility for access to classified information on an ongoing basis.

Continuous Evaluation (CE) refers to the automated monitoring of government and commercial databases for signs of criminal behavior, irregular financial activity, or other “triggers” that could lead to suspension of a security clearance. CE is a central feature of the emerging Insider Threat program that is intended to deter and detect espionage, terrorism, unauthorized disclosures of classified information, and other offenses by security-cleared personnel.

According to a new quarterly report on the Insider Threat program, the Department of Defense is on track to expand its Continuous Evaluation capability to 225,000 persons by the end of 2015, to 500,000 persons by the end of 2016, and to 1 million persons during 2017. (There are approximately 4.5 million cleared personnel in government and industry.) See Insider Threat and Security Clearance Reform, Quarterly Report, FY 2015, Quarter 2, June 2015.

But progress has been uneven. The Office of the Director of National Intelligence missed a December 2014 milestone for Continuous Evaluation of the most sensitive Top Secret and TS/SCI (Top Secret/Sensitive Compartment Information) clearance holders in government and industry. The revised goal is “to have CE completed on a portion of the TS and TS/SCI population in the Executive Branch by the end of FY 16,” the new quarterly report said.

The Insider Threat problem is a difficult one particularly since the fraction of employees who are spies, terrorists, or leakers is minuscule. Nor does this tiny contingent have a simple, readily identifiable profile. (Convicted spy Aldrich Ames and fugitive unauthorized-discloser Edward Snowden, for example, seem to have few traits in common, although both apparently passed their polygraph examinations without difficulty.)

Therefore, even though Continuous Evaluation is years away from full implementation, security policy officials are already looking beyond it for other options.

Last week, the Intelligence Advanced Research Projects Agency (IARPA) invited researchers to submit proposals for its Scientific advances to Continuous Insider Threat Detection (SCITE) Program.

The SCITE Program seeks “a new class of insider threat indicators, called active indicators, where indicative responses are evoked from potential insider threats,” according to the June 18 Broad Agency Announcement issued by the IARPA “Office for Anticipating Surprise.”

“Current practice and research is heavily focused on passive indicators that monitor existing data sources for indicative behaviors,” IARPA said.

By contrast, “Active indicators introduce stimuli into a user’s environment that are designed to evoke responses that are far more characteristic of malicious users than normal users. For example, a stimulus that suggests that certain file-searching behaviors may be noticed is likely to be ignored by a normal user engaged in work-related searches, but may cause a malicious user engaged in espionage to cease certain activities.”

Security-Cleared Population Declined by 12% Last Year

The number of persons holding security clearances for access to classified information decreased by more than 635,000 (or 12.3 percent) last year, according to a new report to Congress from the Office of the Director of National Intelligence.

It was the first reported drop in the total security-cleared population since the government began systematically collecting statistics on security clearances in 2010.

The majority of the reductions involved persons who had been cleared for access to classified information but did not in fact have such access. Still, at the end of FY 2014, there were 164,000 fewer individuals with access to classified information than at the beginning of the year, the ODNI report said. Most of the reductions occurred within the Department of Defense, which reported a 15% decrease in clearances (Secrecy News, March 26).

Altogether, there were 4.5 million cleared persons as of October 1, 2014, down from 5.1 million cleared persons a year earlier. Top Secret clearance holders, including government employees and contractors, numbered 1.4 million persons, down from 1.5 million the year before.

What makes the new reductions particularly interesting is that they were not simply a statistical blip or an artifact of changes in the budget. Rather, they were purposefully achieved through a “concerted effort” by agencies seeking to reduce the number of security clearances.

“These decreases were the result of efforts across the USG to review and validate whether an employee or contractor still requires access to classified information,” the ODNI report said.

The implication is that the national security bureaucracy, including the national security classification system, is susceptible to deliberate regulation and is not, as sometimes appears, an autonomous entity driven obscurely by its own internal dynamic. It follows that additional changes in the size and structure of the national security system may be achievable.

The new ODNI report also noted:

*    There was a 14.4% reduction in new and renewed security clearances.

*    The National Security Agency had the highest reported rate of security clearance denials (9.2%), while the FBI had the lowest reported rate (0.1%). The CIA reported a denial rate of 6.5% and a revocation rate of 0.6%.

The ODNI report cautioned, however, that different agency denial rates may not be comparable due to differences in reporting practices.

The unclassified annual report on security clearances was required by Congress in the FY 2010 Intelligence Authorization Act.

DoD Cut Security Clearances by 15% in Last Two Years

In a significant retrenchment of the national security bureaucracy, the Department of Defense has reduced the number of employees and contractors who hold security clearances in the past two years by more than 700,000 persons, a cut of 15% in the total security-cleared population in DoD. The previously undisclosed reductions were reported in data provided by DoD to the Office of the Director of National Intelligence.

This is the first documented drop in the overall number of security clearances since FY 2010, when the systematic collection of statistical data on clearances began, and it is probably the first major decline in the number of cleared personnel since 9/11.

Most of the new reductions involved persons who had been investigated and deemed “eligible” (or “cleared”) for access to classified information but who did not have or need such access in fact. But a sizable 117,000 persons who were “in access” (i.e. who actually did have access to classified information) were also dropped from the clearance rolls between FY 2013 and FY 2015, according to the new statistics.

A 2014 report from the Office of Management and Budget recommended reductions in the cleared population since the “growth in the number of clearance-holders increases costs and exposes classified national security information, often at very sensitive levels, to an increasingly large population.” A cut in clearances may also lead indirectly to reduced production of classified information.

In the first quarter of FY 2015, following the new reductions, there were 3.9 million DoD personnel (employees and contractors) with security clearances, down from 4.6 million in FY 2013, for a drop of 15.3%. The total number of clearance holders government-wide is about 0.5 million higher than the DoD figure.

The new data were disclosed last week in the latest quarterly report on implementation of the Insider Threat Program.

The data also indicated that the backlog of Top Secret/SCI clearance holders whose periodic reinvestigations were overdue (or “out of scope”) had been reduced by 63,000. However, there are still 356,000 TS/SCI clearance holders that remain “out of scope” and in need of an updated reinvestigation, according to the DoD data.

A new annual report to Congress on security clearances government-wide (including non-DoD agencies) “is in its final stages, but not yet ready for release,” said a spokesman for the Office of the Director of National Intelligence. It will be made available next month, he said. Last year’s annual report is here.

Security-Cleared Population Drops by 10%

The number of people who hold security clearances for access to classified information has been reduced by ten percent, the White House said in budget request documents released this week.

“The Administration achieved its objective to reduce the total number of security-cleared individuals by 10 percent,” according to the White House/OMB budget request (at p. 51).

The security-cleared population has grown steadily for several years, with 5.1 million people eligible for classified access, according to the latest data from October 2013.

Taking the new ten percent reduction into account, the total number of cleared individuals should now be around 4.6 million. The actual figure is not available for public release, said Eugene Barlow, a spokesman for the Office of the Director of National Intelligence. But he said it will be presented in April in the next annual report on security clearances, as required by the FY2010 intelligence authorization act.

The security clearance system naturally becomes harder to manage — and more expensive — as it becomes larger.

A 2014 report from the Office of Management and Budget said that periodic reinvestigations had not been performed as required for around 22 percent of the people that hold that hold Top Secret or TS/SCI clearances. “This backlog poses unacceptable risk, leaving the U.S. Government potentially uninformed as to behavior that poses a security or counterintelligence concern.”

Executive branch agencies spent $1.6 Billion on the security clearance system in 2012. A background investigation for a Top Secret clearance cost an average of $3,959 each, according to OMB.

The new ten percent reduction in clearances “will allow agencies to better deploy resources to priority activities, such as completing periodic investigations for the most sensitive populations,” the White House said.

In 2013, the Director of National Intelligence (who also serves as “Security Executive Agent”) wrote to executive branch agencies directing them to validate the clearance requirement for each currently cleared individual. This validation process produced the desired reduction in clearances. A copy of the DNI’s letter to agencies is not available for public release, Mr. Barlow of ODNI said.

Wanted: Director of the Federal Register (Top Secret)

The National Archives is seeking a new Director of the Federal Register program, a position that requires a Top Secret security clearance.

The Federal Register is sometimes described as the “daily newspaper” of the executive branch. Each weekday, it “provides citizens access to proposed and final regulations, rules, and other administrative actions of the Federal government,” according to an announcement in USA Jobs.

In addition to overseeing the Federal Register itself, the Director of the Federal Register program is responsible for administering the Code of Federal Regulations, the United States Government Manual, the Public Papers of the Presidents, and other foundational U.S. government documents.

So why does the Director need a Top Secret clearance? One reason is that he or she would play a role in continuity of government under conditions of national emergency, and would be responsible in particular for production of the so-called Emergency Federal Register.

“Over the past several years, Federal agencies have developed contingency plans to maintain operations in the case of a broad range of emergency circumstances,” according to a recent proposed rule that was published (naturally) in the Federal Register on October 28. “The FRA [Federal Register Act] authorizes the President to activate the Emergency Federal Register (EFR) system in place of the daily Federal Register in certain limited circumstances…. The purpose of the EFR is to support the preservation of the rule of law and a constitutional form of government,” the proposed rule explained.

Up to now, as far as anyone can tell, the Emergency Federal Register “has never actually replaced the ‘real thing’,” said Harold C. Relyea, a specialist in U.S. government information policy.

The search for a new Director of the Federal Register is open through November 21.

DNI Issues Directive on Polygraph Policy

Polygraph testing is here to stay, judging from a new directive issued by Director of National Intelligence James Clapper. The directive governs the use of polygraph testing in vetting executive branch agency personnel for security clearances or determining their eligibility for “sensitive” positions.

The new Security Executive Agent Directive 2 on the use of the polygraph was obtained by Marisa Taylor of McClatchy News, who has done a series of in-depth news reports on polygraph testing over the past couple of years.

The directive does not seem to entail any major departures from current polygraph policy, but it has several noteworthy features.

Above all, it signals that polygraph testing is not going away. Despite significant skepticism among scientists about the validity of using the polygraph for employee screening, the directive envisions continued reliance on polygraph testing. It states that agencies may even “expand an existing polygraph program” or “establish a new program.”

The directive also represents the further consolidation of the authority of the DNI in his capacity as “Security Executive Agent.” The new directive applies to all executive branch agencies, not just those that are formally members of the U.S. intelligence community.

Finally, among all the possible occasions for use of polygraph testing, the directive singles out “espionage, sabotage, [and] unauthorized disclosure of classified information,” suggesting that these diverse offenses are of comparable significance and concern.

In another recent issuance, the Office of the Director of National Intelligence produced a Strategy and Schedule for Security Clearance Reciprocity in response to a congressional mandate. Reciprocity here refers to the mutual recognition by executive branch agencies of each other’s security clearance approvals, which has been a longstanding but elusive goal.

Congress Grapples with Classification Issues

A bill introduced in the House of Representatives by Rep. Bennie Thompson (D-MS) would direct the President to reduce the amount of classified information by 10%. It is one of several new congressional initiatives seeking to rectify perceived defects in the national security classification system.

Most prominently, the Senate Intelligence Committee is engaged in an ongoing dispute with the Administration over declassification of the Committee’s report on the CIA’s post-9/11 detention and interrogation program.

Sen. Dianne Feinstein, the Committee chair, said the Administration’s proposed redactions to the executive summary of the report were unacceptably broad.

“I have concluded the redactions eliminate or obscure key facts that support the report’s findings and conclusions,” she said on August 5. “Until these redactions are addressed to the committee’s satisfaction, the report will not be made public.”

With this contentious experience fresh in mind, one might have expected the Senate Intelligence Committee to have acquired special insight into the failings of the existing classification system and to have devised some well-considered remedial measures to address them.

But that does not appear to be the case.

In its new intelligence authorization bill for Fiscal Year 2015 (S. 2741, sec. 311), the Committee weakly requires the Director of National Intelligence to prepare a report “describing proposals to improve the declassification process throughout the intelligence community.”

Under current circumstances, this proposed reporting requirement seems like a failure of imagination and leadership, and probably a waste of everyone’s time. Perhaps it is just a placeholder for something more ambitious that is still to come.

By contrast, the bill introduced by Rep. Thompson in the House and by Sen. Ron Wyden in the Senate is prescriptive and solution-oriented in its treatment of the issue.

Among its several provisions, the new bill (HR 5240) would require the President “to establish a goal for the reduction of classified information by not less than 10 percent within five years through improved declassification and improved original and derivative classification decision-making,” according to a Fact Sheet on the bill, dubbed the CORRECT Act. (It is unclear how the 10 percent reduction in information would be measured, whether in pages or bytes or number of classification decisions or by some other standard.)

The Thompson/Wyden bill would also bolster and expand the Public Interest Declassification Board, assigning it the responsibility to evaluate the continuing validity of all current classification guidance. Though this provision may seem innocuous, it is a clear challenge to the autonomy that is currently enjoyed by executive branch agencies regarding what is to be classified. As such, it represents the kernel of a solution to the problem of overclassification.

The bill would further direct the Privacy and Civil Liberties Oversight Board to establish standards for the emerging insider threat program, and it would decisively break from current practice by authorizing the Merit System Protection Board to review agency denials or revocations of security clearances.

However, the deliberative effort that has gone into preparing the bill is not going to yield any near-term reward. In all likelihood, Rep. Thompson’s CORRECT Act will not even receive a hearing in the remainder of this expiring Congress.

Another modest but potentially useful legislative effort is an amendment to be introduced by Sen. Jeanne Shaheen that would enhance the authority and capacity of the National Declassification Center.

If the Senate Intelligence Committee wants a report on “improving declassification,” as the new intelligence authorization bill requires, then there is already a report with that very title that was prepared by the Public Interest Declassification Board in December 2007.

Several of the report’s recommendations have still not been acted on. Among them is a proposal that “formal procedures should be established for the declassification review of classified [congressional] committee reports and hearing transcripts.”

Because such records are produced and held by congressional committees, such as the Senate Intelligence Committee, they are not eligible for declassification unless and until the originating committee takes the initiative to have them reviewed and declassified. Yet this is rarely done, despite the importance of these materials.

“Frequently, closed sessions of congressional committees are the only occasion when executive branch policy in the national security area is explained, challenged (by members), and defended by administration representatives. The exchanges at these hearings, as well as the views of Congress (elaborated in classified committee reports), often affect the policy choices of the executive branch. Yet, because the records of the committees involved are classified and never subjected to declassification review, the public and historians are largely unaware of their existence,” the PIDB report said.

“Despite their historical significance, classified records created by the Congress are reviewed for declassification only on a hit-or-miss and relatively limited basis. As a result, the public is denied a valuable source of historically significant information,” the report said.

So, for example, not a single classified annex to the annual intelligence authorization bills produced by the congressional intelligence committees has ever been declassified.

Wanted: A Chef with a Top Secret Clearance

A secure U.S. government facility in Herndon, Virginia needs a master chef who holds or who can obtain a Top Secret security clearance.

The job opening was announced by Sodexo, the international food service company.

“Sodexo’s Government Services Division is seeking a strong Executive Chef to manage all the culinary operations at a high profile government dining account in Northern Virginia. The successful candidate must be able to obtain a TS/SCI clearance,” the announcement said.

Though it may seem ridiculous, the requirement for a chef with a Top Secret clearance exemplifies a significant policy problem, namely the use of the security clearance process as an employee screening tool.

To all appearances, a chef does not need a security clearance. Although the successful applicant “must become familiar with Sodexo recipes,” those recipes are not national security secrets, and a clearance should not needed to perform the job of Executive Chef.

Nevertheless, a clearance requirement has evidently been imposed because the “culinary operations” are to be conducted in a secure government facility that will place the chef in proximity to secrets, even if he or she does not actually come into possession of any.

This use of the national security clearance process has contributed to the skyrocketing growth in security-cleared personnel. As of October 2013, the number of persons eligible for access to classified information had grown to 5.1 million persons, including over 1.5 million with Top Secret clearances. According to an ODNI report, only 60% of those persons had access to classified information, suggesting that vastly more clearances are being requested and granted than are actually required.

A February 2014 report to the President from the Office of Management and Budget said the security clearance system had become too large and that it needed to be reduced.

“[The] growth in the number of clearance-holders increases costs and exposes classified national security information, often at very sensitive levels, to an increasingly large population,” said the OMB review.

Accordingly, the OMB recommended that the government “reduce [the] total population of 5.1M Secret and TS/SCI clearance holders to minimize risk of access to sensitive information and reduce cost.”

Eliminating the TS/SCI clearance requirement for access to the kitchens and dining rooms of government facilities might be a sensible place to start.

Food service at CIA headquarters, which has been managed by Sodexo, was the subject of some persnickety complaints from CIA employees that were recently disclosed through the Freedom of Information Act by MuckRock. (WaPo)

The Department of Defense revoked more than 19,000 existing security clearances from FY2009 through the first half of FY2013, DoD told Congress in a hearing record that was published earlier this month.

 

Security-Cleared Population Rises to 5.1 Million

The number of Americans who have been investigated and deemed eligible for access to classified information rose last year to a total of 5,150,379 as of October 2013. It was the fourth consecutive year of growth in the security-cleared population.

The new total includes civilian and military government employees (3.7 million) and contractor personnel (1 million), as well as indeterminate others (0.4 million). It represents an increase of 4.7% from the previous year’s total of 4.9 million. Of the 5.1 million persons who were found eligible for access to classified information, 60% had access in fact.

An Office of Management and Budget review said that the continuing growth of the security clearance system is problematic both for financial and security reasons.

“[The] growth in the number of clearance-holders increases costs and exposes classified national security information, often at very sensitive levels, to an increasingly large population,” said the OMB review, which was released last week.

Accordingly, the OMB review recommended that the government “reduce [the] total population of 5.1M Secret and TS/SCI clearance holders to minimize risk of access to sensitive information and reduce cost.”

The number of security clearances is supposed to be reported to Congress each year by the Office of the Director of National Intelligence. But ODNI said it has not yet filed its 2013 report. [Update: The report is available here.] However, the data were provided in the OMB review.

“Since 9/11, the number of clearances annual approved by DoD [the Department of Defense] has tripled, and continues to grow,” according to an independent review of the Washington Navy Yard Shooting in September 2013 that was also released last week.

“This growth magnifies the challenge of investigating clearance seekers, judging their applications, and periodically reviewing them after they are approved.”

“The continuing expansion of the cleared population has created a culture in which once-rare security clearances are now too often granted by default.” (Actually, security clearances have not been “rare” for quite a few decades.)

The independent review proposed that “DoD should seek to make a 10 percent cut in the number of positions that require access to material classified as Secret.”

“As soon as this reduction is attained, a follow-on review should determine whether further reductions can be realized.”

The independent review also identified “a growing culture of over-classification” as a related issue that “merit[s] additional focused study.” See Security From Within: Independent Review of the Washington Navy Yard Shooting, Department of Defense, November 2013 (released March 18, 2014).

Another review conducted by the Under Secretary of Defense for Intelligence concurred that there are too many people with security clearances. But it said that reducing the cleared population will not necessarily improve quality control or significantly reduce the burden on background investigators and adjudicators, because they are also responsible for a large number of “suitability” investigations in addition to security clearance investigations.

“The workload challenge will not be eliminated by reducing the number of security clearances because of the pending impacts of the alignment of suitability and security investigations and reinvestigations required by Executive Order 13467 and the 2012 Revised Federal Investigative Standards.”

“The net effect of the new standards will be to increase the Department’s investigative and adjudicative workload, regardless of the number of security clearances.” See Internal Review of the Washington Navy Yard Shooting, Report to the Secrecy of Defense, November 20, 2013.

Last week, the Department of Defense issued updated policy on the DoD Personnel Security Program (PSP), DoD Instruction 5200.02, March 21, 2014.

Among other things, the updated policy dictates that “All personnel in national security positions shall be subject to continuous evaluation,” referring to a process of collecting, reporting and evaluating security-relevant information about cleared individuals on an ongoing basis.

But this policy is aspirational rather than descriptive of current practice, which is limited to small-scale pilot projects to develop such a capacity. Full implementation of the “continuous evaluation” process is at least several years away, according to last week’s OMB report.

Secretary of Defense Chuck Hagel said last week that “We will consider reducing the number of personnel holding Secret security clearances by at least 10 percent, a recommendation in line with the October 2013 guidance from the Director of National Intelligence.”

Reducing the number of “personnel” that hold security clearances is a slightly different objective than reducing the number of “positions” that require access to classified information, as recommended by the Independent Review. It is not clear if the Secretary intended to make such a distinction.

In response to a request from Secrecy News, ODNI public affairs refused to provide a copy of the October 2013 DNI guidance. (Update: The DNI guidance was described further in this article from Politico.)

HPSCI Seeks “Continuous Evaluation” of Security-Cleared Employees

Recent unauthorized disclosures of classified information might have been prevented if U.S. intelligence agencies “continuously evaluated the backgrounds of employees and contractors,” according to the House Permanent Select Committee on Intelligence (HPSCI).

In its new report on the FY 2014 intelligence authorization bill, the Committee would require intelligence agencies to “continuously determine whether their employees and contractors are eligible for access to classified information” by using all available transactional records and social media.

“Continuous evaluation allows the IC to take advantage of lawfully available government and public information to detect warning signals that the current system of five-year periodic reinvestigation misses,” the HPSCI report said.

“That information might include: foreign travel; reports of foreign contacts financial disclosure information; checks of criminal, commercial marketing, and credit databases; and other appropriate publicly available information.”

The recently developed concept of continuous evaluation (CE) “allows for a review at any time of an individual with eligibility or access to classified information or in a sensitive position to ensure that that individual continues to meet the requirements for eligibility,” said Brian Prioletti of the ODNI National Counterintelligence Executive at a November 13 hearing of the House Homeland Security Committee.

“As envisioned in the reformed security clearance process, [continuous evaluation] includes automated record checks of commercial databases, government databases, and other information lawfully available,” Mr. Prioletti said. “Manual checks are inefficient and resource-intensive. The C.E. initiative currently under development will enable us to more reliably determine an individual’s eligibility to hold a security clearance or a sensitive position on an ongoing basis.”

“There are a number of ongoing pilot studies to assess the feasibility of selected automated record checks and the utility of publicly available electronic information to include social media sites in the personnel security process,” he added.

“While we fully recognize the value of publicly available electronic information and its relevancy from an adjudicative perspective, there are resource, privacy, and civil liberty concerns that must be addressed as we incorporate such checks into our security processes,” Mr. Prioletti acknowledged.

Up Next: Continuous Monitoring

“Continuous evaluation” itself is just an interim stage, said Gregory Marshall, chief security officer at the Department of Homeland Security.  It is a stepping stone to the desired end state of “continuous monitoring,” which involves more extensive collection directed at the individual subject. [Update: This is a non-standard use of the term “continuous monitoring,” which normally refers to monitoring of information systems, not persons.]

“This administration’s recent information-sharing and safeguarding initiative, also known as Insider Threat, seeks to complement background investigations and continuous evaluation with continuous monitoring,” Mr. Marshall said. “This program will incorporate and analyze data in near-real time from a much broader set of sources. Its focus is the protection of classified information but its applicability to suitability and contractor fitness is evident.”

Indeed, the “applicability” of this approach to all sorts of concerns is evident. If leaks of national security information are deemed to be a counterintelligence threat, why wouldn’t the full arsenal of surveillance tools, including the NSA’s PRISM, be employed against them?

An NSA memorandum reported in the Huffington Post today noted that “vulnerabilities of character” revealed through intelligence gathering can be effectively used to discredit individual “radicalizers.”  In one particularly horrifying case, it was found that a suspect “publishes articles without checking facts.” (“Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit ‘Radicalizers’,” by Glenn Greenwald, Ryan Gallagher, and Ryan Grim, November 26).

The Director of National Intelligence recently ordered a review to see whether the number of persons who hold security clearances — nearly 5 million persons — could be reduced. (“Obama Administration Looks to Scrub Security Clearance List” by Josh Gerstein, Politico, November 21).

That objective could be inadvertently advanced by efforts to ratchet up personnel security procedures. Facing continuous evaluation and the prospect of continuous monitoring, some individuals might decide to opt out of the security clearance system voluntarily.