There were a little over 4.5 million people who held Confidential, Secret or Top Secret security clearances at the end of September 2014, according to an April 2015 report from the Office of the Director of National Intelligence. Most of these clearance holders go to work every day and support their agency’s mission in service to the America public. Many also deal in the most sensitive issues of national and homeland security.
As a nation, we know these individuals have voluntarily subjected themselves to increased personal and professional scrutiny and have passed a rigorous security investigation to obtain their clearance.
Unfortunately, once an individual obtains a clearance, there is a five-year gap before he/she is reinvestigated. During that time,a lot of events can occur in a person’s life. Some may encounter serious financial problems, while others may struggle with substance abuse or endure personal traumas, such as divorce or the death of a loved one. Most individuals with clearances just go about their lives – trauma and all – and just deal with it.
Frankly, we aren’t really worried about these 4.5 million people; we’re worried about the one in 4.5 million that becomes the insider threat.
The “one” is the employee or contractor, who is easily blackmailed into trading national secrets, or someone who will sell their country out to the highest bidder in search of money or fame; or an individual, such as Washington Navy Yard shooter Aaron Alexis, who could snap and kill their colleagues, as Alexis did at the Washington Navy Yard on September 16, 2013.
The Office of Personnel Management (OPM) is responsible for 95 percent of federal background investigations, and they do an admirable job. But, finding the “one” is not easy – it is like looking for the proverbial needle in the haystack. The government is inherently at a disadvantage since it is extraordinarily difficult to anticipate and recognize threats before an insider’s malicious intentions translate into directly harmful actions. That’s where continuous evaluation comes in.
The concept of continuously evaluating security clearance holders was one of 13 recommendations set forth by the White House following the Washington Navy Yard shooting. But, with an existing backlog of reinvestigations, how can OPM continue to deal with the existing backlog and incorporate higher frequencies of the periodic review process? Will they hire more people? Unlikely. Will Congress approve more funding? Also unlikely.
Instead, the answer lies in a process called Adaptive Case Management (ACM). ACM relies on high performance analytics to manage a caseload by prioritizing risk. By evolving an intermittent reauthorization process into one smooth, risk-based continuous evaluation capability, the government can more effectively evaluate people, access controls and systems and better guard against insider threats.
These modernized case management capabilities fill in the government’s current knowledge gaps with risk factors such as abnormal financial transactions, frequent visits to foreign countries or drastic lifestyle changes.In addition to solving the problems presented by intermittent review processes, this also would enable a system to prioritize reauthorizations based on an informed understanding of potential risk. Instead of dealing with cases in the order they arrived, analytics point the agency towards the cases that present the most risk.
Effectively guarding against insider threats is a major undertaking, which is made very difficult by the sheer amount of data associated with each person. But, it is manageable through the application of analytics that enable agencies to prioritize risk through continuous evaluation.
With an approach that relies on ACM and high performance analytics, our government doesn’t have to worry about throwing more money or people at this problem; instead, we just need to work smarter. Detecting insider threats is a top priority for our government. It only makes sense to prioritize risk.
Glenn Edelschein is director of Strategic Initiatives at SAS Federal.
