Obama’s Security Clearance Overhaul Lands with a Thud Before Lawmakers

House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, R-Utah,Dec. 17, 2015, during a hearing on Capitol Hill in Washington.

J. Scott Applewhite/AP

AA Font size + Print

House Oversight and Government Reform Committee Chairman Rep. Jason Chaffetz, R-Utah,Dec. 17, 2015, during a hearing on Capitol Hill in Washington.

The plan, which tasks the Pentagon with safeguarding new investigations, appears to just be 'window dressing on a broken home.'

A bipartisan chorus of lawmakers on Thursday questioned the Obama administration’s creation of a new federal entity to conduct background investigations, criticizing the plan’s failure to make fundamental changes.

The phasing out of the Federal Investigative Service in favor of the new National Background Investigative Bureau appears to ignore some of the most fundamental problems with the security clearance system, members of the House Oversight and Government Reform Committee said at a hearing to examine the plan. Administration officials defended the overhaul, saying it does signal a significant change and that it will provide more security for sensitive data.

“We want to make sure we’re not just putting a coat of fresh paint on a house with a bad foundation,” said Rep. Steve Russell, R-Okla.

Rep. Ted Lieu, D-Calif., echoed that concern, though he praised the administration’s decision to task the Defense Department with creating and maintaining a new information technology system in which the personnel data will be stored. Previously, he said, the Office of Personnel Management employed an “irrational system” in which a “human resources agency protected the nation’s most sensitive data.”

Still, Lieu voiced apprehension that the new plan may end up being “window dressing on a broken home.” Instead, he added, the system needs “significant renovation.”

If we’re setting up a new house, I want to make sure it’s not a house of cards.
Rep. Steve Russell, R-Okla.

OPM acting Director Beth Cobert attempted to assuage those concerns, saying NBIB’s creation will modernize the security clearance process, leverage Defense’s cybersecurity expertise, allow the president to nominate a director to oversee the background investigation system and boost operational flexibility. Aside from those broad brush strokes and emphasizing the Pentagon’s new role, however, Cobert did not lay out specifics of exactly how NBIB will differ from FIS.

The changes come after the dual concerns over both the screening process itself—which came to light after Edward Snowden’s document release and Aaron Alexis’ shooting of employees at the Washington Navy Yard—and the protection of personal data collected during investigations—which were hacked last year and compromised 21.5 million files containing personal information. The Obama administration and Congress have already taken several steps to shore up the security clearance process, but NBIB’s creation reflects the most dramatic overhaul of vetting and cybersecurity procedures to date.

Rep. John Mica, R-Fla., openly laughed at the officials attempting to sell NBIB as an improvement over the existing system.

“Folks, hang on to your shorts on this one,” Mica said. “I think we’re headed for another disaster.”

We’ll be back here in 2017. I guaran-damn-tee it.
Rep. John Mica, R-Fla.

Mica instead suggested background investigations be moved from OPM’s purview entirely, saying the checks should be contracted out “one bite at a time.” FIS already relies on contractors for a majority of background investigation efforts, as NBIB will continue to do.

Several lawmakers criticized the administration for requesting additional Defense funding to build out the new IT system. Obama asked for $95 million in his fiscal 2017 budget blueprint, which Russell said was “weakening our country.”

“We should find another way to pay for this,” Russell said. He also speculated that by breaking up the security responsibilities among different agencies, sensitive data was becoming more vulnerable.

Committee Chairman Jason Chaffetz, R-Utah, agreed.

“To grab this out of the troops’ budget is probably the last way to do that,” he said.

Cobert said she expects NBIB to be up and running by October with minimal disruption to the continuity of service. OPM will launch a transition team by mid-March to stand up NBIB and oversee the phase-out of FIS.

At least some lawmakers appeared to remain concerned.

“If we’re setting up a new house,” Russell said, “I want to make sure it’s not a house of cards.”

Mica predicted the new structure would indeed collapse, forcing lawmakers to go back to the drawing board in a year’s time.

“We’ll be back here in 2017,” Mica said. “I guaran-damn-tee it.”

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.