The problem won't be easy to fix, but it could benefit from better employee monitoring and 'some very aggressive creative and sensitive education.'
The government’s failure thus far to fix long delays and dangerous imprecision in the government’s security clearance and vetting system is one of James Clapper’s greatest regrets from his time in office, the former Director of National Intelligence said Wednesday.
Clapper’s 6-year tenure included National Security Agency contractor Edward Snowden’s release of thousands of documents about government surveillance programs.
The government has experimented since the Snowden breach with continuous analysis systems that look for anomalies in how and when employees access sensitive information and with continuous evaluation programs that scour public records about employees, such as divorces, arrests, public social media and home sales and purchases. Those programs are not yet universal, however, and most continuous evaluation programs remain in pilot phase.
Standing up those programs won’t guarantee there isn’t another damaging leak of sensitive information from the intelligence community, Clapper said during the Gigamon Federal Cybersecurity Summit, but it will dramatically lower the chances.
“The clearance system we have is broken,” he said.
The government must also ensure that its updated vetting system for security clearances is capable of tracking employees and contractors as they move from company to company, from contract to contract, and in and out of the federal government, Clapper said.
Clapper is concerned, however, that continuous evaluation could turn off some prospective intelligence community employees, he said.
“They’re going to say: ‘This is just too much big brother. There’s too much invasiveness and intrusiveness in my life and so I don’t think I’m going to work here.’ I do worry about that,” he said.
The best answer, he said, isn’t to pare back those programs but “some very aggressive creative and sensitive education for the workforce.”
Read more: Want to Plug Intel Leaks? Let Technology Find the Next Insider Threat
See also: I Ran Intel at the Pentagon. Here’s My Advice on Insider Threats
Clapper applauded CIA Director Mike Pompeo’s recent speech calling out WikiLeaks for releasing leaked information about CIA hacking tools and for acting as a conduit to release information the U.S. intelligence community concluded Russian government agents stole from the servers of Democratic political organizations in order to destabilize the 2016 election.
He warned, however, that public and congressional concern over intelligence community leaks about the investigation into those breaches should not overshadow the Russian influence operation itself.
During a recent House Intelligence Committee hearing regarding that investigation with FBI Director James Comey, committee Republicans focused questions primarily on intelligence community leaks rather than the Russian operation.
“I get it about leaks are important and unmasking is important and all that,” Clapper said, “but to me, the major message here for we as a people, we as a country, is the Russians attempting to mess with one of the underlying foundational pillars of this country. And that, to me, is an assault on us and that’s what people need to understand.”
Also from Clapper’s address and a question and answer session:
Did the sanctions the U.S. imposed on North Korea in response to the Sony Pictures Entertainment attack make a difference? “I would characterize [them], at least for me, as only ceremonially satisfying.”
What about the sanctions President Barack Obama imposed on Russia for its election meddling? “I think the sanctions was a great first step. It was the right thing to do at the time.”
Should the Obama administration have done more?: “That’s a hypothetical theoretical.”
How about the 35 Russian diplomats Obama expelled from the U.S.?: “Believe me, all those diplomats were all known intelligence officers.” Clapper also touted the closing of two Russian properties on U.S. soil, saying one based on the eastern shore of Maryland was responsible for “major intelligence collection activity.”
Should the U.S have retaliated after the China-linked breach of sensitive security clearance information about more than 20 million current and former federal employees and their families from the Office of Personnel Management?: Clapper repeated his standard response in office when lawmakers made that assertion: “People who live in glass houses.”
On his upcoming testimony on the election influence operation before a Senate Judiciary Committee panel chaired by Sen. Lindsey Graham, R-S.C.: “I’m sure that will be a non-controversial, fun session.”
On life since retirement: He’s lost 15 pounds and is spending more time with family. It’s a “great time to be a former [official].”