Secrecy News

DoD Security-Cleared Population Drops Again

The number of people in the Department of Defense holding security clearances for access to classified information declined by 100,000 in the first six months of FY2015.

There are now 3.8 million DoD employees and contractors with security clearances, down from 3.9 million earlier in the year, and a steep 17.4% drop from 4.6 million two years ago.

Moreover, only 2.2 million of the 3.8 million cleared DoD personnel are actually “in access,” meaning that they have current access to classified information. So further significant reductions in clearances would seem to be readily achievable by shedding those who are not “in access.”

The total number of security-cleared persons government-wide is roughly 0.5 million higher than the number of DoD clearances, putting it at around 4.3 million, down from 5.1 million in 2013.

The new DoD security clearance numbers were presented in the latest quarterly report on Insider Threat and Security Clearance Reform, FY2015 Quarter 3, September 2015.

The reduction in security clearances is not simply a reflection of programmatic or budgetary changes. Rather, it has been defined as a policy goal in its own right. A bloated security bureaucracy is harder to manage, more expensive, and more susceptible to catastrophic security failures than a properly streamlined system would be.

So the Administration’s Insider Threat Program states that one of the objectives of the program is to “Reduce total population of […] Secret and TS/SCI clearance holders to minimize risk of access to sensitive information and reduce cost.”

Reducing security clearances would also go hand in hand with, and help to reinforce, a long-term reduction in national security classification. (Although not widely recognized, original classification activity — the creation of new secrets — across the government has dropped each year for the past four years to a historically low level, according to the Information Security Oversight Office.)

The current insider threat program was initiated in 2012 — after the major WikiLeaks releases but before the Snowden disclosures. Its purpose was “to counter the threat of those insiders who may use their authorized access to compromise classified information.” See National Insider Threat Policy, The White House, November 21, 2012.

Implementation of the program has been slow, however.

A December 2014 milestone to provide “continuous evaluation” of the most sensitive Top Secret-cleared population was missed, the latest quarterly report notes. (Continuous evaluation refers to the automated screening of relevant information streams from multiple sources and databases including law enforcement, counterintelligence, credit reporting, and perhaps others.) Continuous evaluation of all TS and TS/SCI cleared personnel is said to be on track for December 2016.

Last year, the Department of Defense demonstrated continuous evaluation on approximately 100,000 cleared personnel. DoD will expand this capability to 225,000 persons this year, to 500,000 next year, and to 1 million in 2017, the quarterly report said.

Last week, the U.S. Navy issued updated guidance on implementation of its own Insider Threat Program.

Among other things, the guidance calls for a “reduction of Navy privileged users” who have unusually broad access to IT systems and data “and, therefore, could pose a higher risk of insider threat.” See Navy Insider Threat Program, Opnavinst 5510.165A, October 1, 2015.