OPM, ODNI and other agencies are not meeting their own goals to improve the threat reduction process.
The Obama administration has blown past its own deadlines for reforming the security clearance process, falling short on changes ranging from standardizing investigations to rooting out internal threats.
The shortfalls -- released in the latest report posted to Performance.gov -- do not represent a lack of progress, according to the Office of the Director of National Intelligence, though federal agencies are falling further behind on goals that officials once thought were on track to be accomplished within the initial timeframes. The government is lagging on its plans to better work with state and local authorities to gather information on security clearance applicants, monitor its networks to identify potentially problematic users, deal with falsification and other proposed improvements.
As ODNI and other agencies tasked with supervising the reforms adjust deadlines while blowing past others, they have cited a variety of reasons for the missed targets, including a lack of resources for implementation, legislative interference and individual agencies dragging their feet. The lack of progress comes at a particularly vulnerable time, as the Office of Personnel Management prepares to stand up the new National Background Investigations Bureau. Both OPM and the Office of Management and Budget declined to comment for this story.
In the immediate aftermath of the 2013 Navy Yard shooting, Obama tasked the Office of Management and Budget, in conjunction with OPM; ODNI; the Homeland Security, Justice and Defense departments; and others with crafting a Suitability and Security Process Review. After 120 days, the panel came up with 13 recommendations, broken down into three main categories: increasing the availability of information to improve decision making, reducing the inherent risk in the current security clearance process and developing holistic, enterprise solutions to clearance operations.
The Performance.gov report generally tracks the progress made on the actionable items in those recommendations, which the review panel expected agencies to fully implement by 2017. The Performance Accountability Council, housed within OMB, has led the execution efforts. It has successfully put into place several changes, such as increasing the number of clearance holders under “continuous evaluation.” In many instances, however, the PAC has failed to issue the tools and standards to enable agencies to make improvements.
OPM and ODNI, for example, have not yet finalized a community handbook for background investigations based on Federal Investigative Standards. They were supposed to issue the handbook last October, but the agencies said they need a “dedicated resource group” to complete it.
“Additional work is required to create the community handbook to be used across the executive branch,” the agencies said. They maintained they are still on track to complete full implementation of FIS revisions by the end of 2016, as originally planned.
Joel Melstad, a spokesman for ODNI, said the FIS changes will ultimately have the joint effect of “reducing duplication and enhancing the quality of background investigations.”
Other proposals have been backlogged for longer than just a few months. ODNI had hoped to implement new reporting requirements for employees in national security positions to determine access to facilities, information and systems by July 2014, but has still not published the revised policy. Work on expanding that policy to the contractor population has subsequently not yet even started.
Also on the issue of better information gathering, the PAC was tasked with training and educating states and localities on their legal obligations in sharing data on individuals under background investigation by October 2015. While the PAC previously reported it was on track to meet that goal, it has since missed it. It was also supposed to create a liaison to coordinate with local governments in the same timeframe, but has failed to do so.
In its February 2014 report, the review panel set the goal for OPM, ODNI and the Defense Department to create and launch a tool to assess the quality standards of investigations within seven months. The agencies have still not completed the tool, and now label the milestone due date as “to be determined.” They had also hoped to create metrics for adjudications by October 2015, but the agencies said they still must “assess the adequacy of the current process.”
A major part of the security clearance reform process has been an emphasis on identifying insider threats, though a task force established to create the program has not yet gotten the ball rolling on that effort governmentwide. After missing a January 2015 deadline, the task force has not yet established senior leaders to manage the insider threat program or create an implementation plan. This has led to agencies falling even further behind on their schedules to be initially operational by the end of 2015, through steps such as notifying employees they would be monitored and training insider threat program personnel.
The task force said it is “at risk” of not being fully operational -- through monitoring employee activity on all networks, including unclassified, creating a centralized hub to assess data and responding to “anomalous activity” -- by the end of this year. Melstad, the ODNI spokesman, said the missed goals do not “indicate a lack of progress in individual departments’ and agencies’ ability to deter, detect and mitigate” threats. Agencies are making incremental progress, he said, but goals remain “missed” if programs are not established at all agencies across government.
Still, the lack of progress “demonstrates the growing reality that a fully implemented insider threat program across the entire executive branch will require more time than originally allotted,” Melstad conceded. He called the original targets “ambitious,” and said agencies are making improvements.
Some in Congress do not see those improvements as happening quickly enough, however.
“These delays are completely unacceptable,” Sen. Jon Tester, D-Mont., told Government Executive. “Congress came together and passed reforms to strengthen the security clearance process, and it’s long past time for the administration to implement these changes so we can better protect our nation, and reduce the insider threats facing our country.”
Other missed goals from 2015 include changing forms to include mental health questions and creating standards and training for investigators to respond to falsifications on such forms.
The PAC has made progress on some of its larger goals, including by eliminating 20 percent of its clearance holders to 3.7 million. Nearly 80 percent of those cuts have been through employees with clearances but without access to classified information. The most recent governmentwide data show 4.5 million people held security clearances at the end of fiscal 2014, down 12 percent from one year prior.
Still, the number of overdue reinvestigations jumped to its highest point since July 2014, despite the administration’s emphasis on reducing that backlog. The fastest 90 percent of initial investigations also took in the first quarter of fiscal 2016 nearly twice as long as the administration had hoped.
Tester wrote to OPM acting Director Beth Cobert in November to ask a series of questions on how the agency would reduce the backlog without jeopardizing security. That same month, he also wrote to leaders of the Senate Homeland Security and Governmental Affairs Committee to hold a hearing on the security clearance process.
In addition to the administration’s efforts, lawmakers have introduced a slew of security clearance reform bills -- some of which Obama has signed into law. Congress is currently weighing whether to grant the administration’s request for $95 million for new systems to house data from investigations.
The administration in its recent report admitted to a “series of vetting program failures” and said its fixes would “mitigate the inherent risks and vulnerabilities posed by personnel with trusted access to government information, facilities, systems and other personnel.”
Congress’ tepid response to the National Background Investigative Bureau and the larger security clearance overhaul announced in January, in conjunction with agencies' ongoing failures to meet reform deadlines, show the administration is still a long way from closing the gaps it has identified.
“While many needed reforms have already been implemented or considered,” Tester wrote in his November letter to the HSGAC, “there is clearly more work to be done improve the security clearance process and our national security.”