Personnel Security, Insider Threats and Continuous Evaluation
This post is the first in a blog series on this topic.
I want to kick off this series by looking back at the Into Dangerous Hands story, which aired on November 8th during the CBS news program “60 Minutes”. In this segment, Scott Pelley reported on now-identified lapses in the process that grants U.S. Government security clearances, particularly profiling the cases of two people – Bradley Manning and Aaron Alexis – names synonymous with the now infamous WikiLeaks and the Navy Yard shootings, respectively. Pelley reported on how, in hindsight, the clearance process was understaffed and overworked due to a massive influx of new requests after the terrorist attacks on September 11, 2001. Vital information went unnoticed or unsolicited in the investigation of these three individuals. The segment strongly implied there are more individuals like these three out there yet to be found.
My intent in these posts is to focus on the opportunities to leverage data and analytics to help minimize the occurrence of these tragedies in the future.
First, on the process itself: (If you are already familiar with this, you can skip this paragraph and move on to the next.) A person who has a need to access classified information completes a form called the Standard Form 86 or SF-86. Depending on the level of clearance there will be other paperwork but generally this form asks you to document many facets of your life that will be evaluated to determine suitability to hold a clearance. The form is turned into the government where an investigator collects information and verifies the content provided, and wherein an adjudicator makes the final decision. The general rule of thumb for anyone completing this form is – don’t lie. A lie is far, far worse than being honest with your background. Depending on the level of clearance held, this process is repeated every five to ten years.
Here’s the problem: If you are an investigator with a large backlog of cases to work through, how do you adequately determine if someone is lying? Interviews can be done, records pulled, reports run, etc., all of which is very manual and time consuming. Investigators need to have access to better information, with stronger analytics to help minimize cases where someone is obviously not suitable to be granted their clearance initially.
There is also the incredibly important issue of continuous evaluation.
What if the investigation is thorough but the person ”goes bad” after they’ve had their clearance for a while? Normally, if something derogatory happens that would affect clearance status, the individual is supposed to report it. Again, it’s the same principle in filling out the SF-86 – just don’t lie. But there are cases where people were granted the clearance and they didn’t report something derogatory. Now it is an issue. Was it a mistake or is that person headed down the wrong path that makes him or her a threat? Authorities need to find out quickly so it can be acted upon before lives are endangered or security breached.
Let’s turn the process on its head and stop thinking of it as a defined timeline but rather event-driven. The first event in the process is the baseline which establishes essentially what the SF-86 is designed to gather. Then events are the things that happen after the baseline has been established. Events can be one-time occurrences like an arrest, a new line of credit, an account in collections, or a bankruptcy. Events can also be complex and require multiple conditions to be considered a notable event. For example, an event can be multiple lines of credit becoming delinquent in a very short period of time. This could be a predictor of financial distress and thus the person may be a higher risk of selling classified information. Another complex event could be new loans, new lines of credit, and a change in typical account payment behavior. This could be a predictor of unexpected wealth – which begs the question – where did it come from?
Does this sound like big brother is watching? Maybe to some, but if you’ve applied for a security clearance and you’ve signed the SF-86 you essentially have given permission to be deeply evaluated. This topic and others in this series are critical to national security. I’m looking at this challenge through the lens of my role at TransUnion—an information, risk and analytic solutions provider. We want to look at the Adjudicative Guidelines and talk about which ones can be supported with external data. We will talk about the laws that govern use of data and what it means for the population of security cleared persons. Continuous evaluation and the broader topic of insider threats and cyber security are sophisticated and must be analyzed in the context of today’s information age.
Please fill out the form below if you have comments, questions, topics you’d like to see covered in this series, or if you’d like to be contacted directly.
