Approximately 3.6 million military personnel, civilians, and Department of Defense contractors are now participating in an initial version of the continuous review. The Defense Counterintelligence and Security Agency intends to extend the system to other authorities and to add additional data sources to the program for automated file reviews.
The DoD milestone announced last week is a transition phase in the implementation of the government’s Trusted Workforce 2.0 model. The concept promises to streamline the government’s staff screening process through automated file reviews, simplified security standards and more information sharing between authorities.
Receiving all DoD clearance holders in a first version of the continuous review marks the “1.25” phase of the “2.0” initiative. According to the DCSA, the current system of continuous review is limited to “a risk-controlled approach with selected automated file reviews”.
But it still noticeably shifts the obligation to re-examine clearance certificate holders every five or ten years.
“Continuous file reviews mean that risks and concerns about the trustworthiness of a person, whose discovery could previously have taken years, can now be identified and addressed in real time,” DCSA Director Bill Lietzau said yesterday during a media roundtable at the Pentagon.
He said DCSA pulls data from both internal government databases and external sources to generate alerts about issues such as criminal activity. DCSA then determines whether the warning is valid and worth further investigation.
The next phase of the Trusted Workforce Initiative includes expanding the continuous review to seven categories of data: terrorism, international travel, financial activity, criminal activity, credit reports, public records, and agency-specific eligibility criteria.
DCSA is also working to register other agencies for continuous review. Lietzau said 30 non-DoD agencies either actively included their released employees in the new system or were registered for it.
He counted the Federal Aviation Administration, the General Services Administration, the Department of Health and Human Services, and the Department of Veterans Affairs among those enrolling for continuous review.
The “2.0” target will probably not be achieved before October 1, 2023. According to the DCSA, this will include a “maximum” number of automated file checks that will cover the entire federal workforce. It will also completely remove rather than postpone the requirement for regular re-examinations.
Beyond the initial seven categories of data, Lietzau said he expected more to go “online”. When asked specifically about social media checks, he said the DCSA is running several pilot programs to test the effectiveness of monitoring such content.
Some lawmakers have asked the DoD to include social media in background investigations to ensure the government does not give clearances to local violent extremists.
“Whether it’s an event-driven look at social media, whether it’s a regular, ongoing look at some social media, or if it’s a one-time look at social media when it’s examined, there are several ways you can do some of the social media can use media search functions that exist, ”said Lietzau. “We are just now analyzing what value we think this has.”
He added that it was up to policymakers to determine how issues such as freedom of speech and data protection should be addressed.
“Those are absolutely fitting questions. . . We’ll all solve that over time as we move forward step by step, ”said Lietzau.
In the meantime, DCSA is also in charge of the development of the IT backbone of the “Trusted Workforce 2.0” model, the National Background Investigation Services or NBIS.
“It is a large amount of data, and that is why we have to set up the IT systems and processes to be able to handle this data,” said Lietzau.
NBIS was originally designed to replace the Office of Personnel Management’s old background investigation database that was hacked in 2015, but progress on the new system has been delayed.
DCSA is still running the old OPM database, and NBIS has recently been “rebuilt based on Baseline” to adjust its development plan. The first way to process background investigations won’t be available until next summer, and the agency expects to continue operating older OPM systems through 2023.
Without a functioning IT system, many of the goals of a streamlined security review and background investigation could be difficult to achieve, said Charlie Sowell, SE&M Solutions chief executive officer and former member of the National Industrial Security Program Policy Advisory Committee.
“Without that, all of the great political ideas and functional skills are just a dream of the future,” he said.
The legislature is closely monitoring NBIS. The House of Representatives version of the Fiscal 2022 bill of defense approval would require a report from the Government Accountability Office on the progress, costs, and cybersecurity controls of the system.