DoD to Design Security Clearance Systems

Privacy , Risk Management

Mixed Reviews for Plans to Shift Some Responsibilities Away from OPM DoD to Design Security Clearance Systems

The Obama administration's initiative to move much of the U.S. federal government's security clearance responsibilities to the Defense Department from the Office of Personnel Management is receiving mixed reviews from security experts and lawmakers.

See Also: Public, Private & Hybrid Cloud: Why Compliance (Done Right) is the Easy Part

On Jan. 22, the White House unveiled the creation of the National Background Investigation Bureau, which will absorb OPM's Federal Investigative Services. Although NBIB will be housed in OPM, the Defense Department will assume the responsibility for the design, development, security and operation of the background investigation IT systems for the NBIB.

"This approach will leverage DoD's significant national security, IT and cybersecurity expertise, incorporating security into the fundamental design of the systems, strengthening the security of the data environment and providing robust privacy protections," White House Office of Management and Budget Press Secretary Jamal Brown writes in a blog.

The move comes after completion of an administration study on how the government conducts security clearance reviews in the wake of last year's revelation that that Chinese hackers breached OPM computers, exposing the personal information of some 21.5 million individuals, many of whom held or sought security clearances (see OPM Breach: A Game Change in 2015).

Fixing Broken System

House Oversight Committee Chairman Jason Chaffetz, R-Utah, is among those who are critical of the new initiative. He contends creation of the NBIB is aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security-clearance process.

"Simply creating a new government entity doesn't solve the problem," Chaffetz says in a statement. "The administration needs to undertake meaningful reforms to protect citizens' most sensitive personal information. Protecting this information should be a core competency of OPM, the government's human resources agency."

But Evan Lesser, who closely monitors the government's security-clearance process as managing director of the professional network ClearanceJob.com, says the new bureau could help solve the problem surrounding security clearances.

"Creating a new government entity is actually a great way to review every part of the security clearance investigation process from the ground up," Lesser says. "A worst case scenario would be to change some of the key personnel and leave the OPM in charge. The new agency is much better positioned to fix the security clearance process rather than merely attempt to patch it up."

Better PII Protection

Rep. Adam Schiff, the California Democrat who serves as ranking member of the House Intelligence Committee, says OPM was never intended to be an intelligence or national security agency, and the move of some responsibilities to the Pentagon makes sense. "By entrusting the cybersecurity of this new bureau to the Pentagon, we will be better able to ensure that the personal information of those who work to secure all of us is protected," Schiff says in a statement, according to the news site Politico.

Still, federal security-clearance attorney Sean Bigley questions why any responsibility for conducting security clearances would be left with OPM. "Having DoD assume responsibility for the IT component is certainly a start, but IT security is only part of the issue," Bigley says. "Equally pressing is the quality of the actual investigations; the training, or lack thereof, for background investigators; the extent to which investigators' hands are needlessly tied by bureaucracy. ... This entire process needs to be moved out of OPM - and thus out of the human resources mindset - and into a true national security agency."

Besides the OPM hack, two OPM contractors that conducted security-clearance interviews have been breached, exposing the personal information of more than 70,000 government employees and contractors (see Second OPM Contractor Breached).

Presidential Appointee

According to the White House, NBIB's leader will be presidentially appointed and report to the OMB director. The director heads the interagency Performance Accountability Council, which oversees the government's relationship with contractors with the aim to ensure they securely align with government processes and goals.

NBIB will be a member of the council. Council members include the directors of national intelligence and OPM as well as DoD, FBI and departments of Energy, Homeland Security, Justice, State and Treasury.

ClearanceJobs.com's Lesser says a fresh approach to security-clearance IT security is a welcome step for the security-cleared workforce. "Trust in the OPM to maintain adequate levels of data security has been tarnished," he says, "and general consensus is that it is now time for another agency to pick up the pieces and bring a new perspective. "