Open Hearing: Security Clearance Reform

[Senate Hearing 115-394] [From the U.S. Government Publishing Office] S. Hrg. 115-394 OPEN HEARING: SECURITY CLEARANCE REFORM ======================================================================= HEARING BEFORE THE SELECT COMMITTEE ON INTELLIGENCE OF THE UNITED STATES SENATE ONE HUNDRED FIFTEENTH CONGRESS SECOND SESSION __________ WEDNESDAY, MARCH 7, 2018 __________ Printed for the use of the Select Committee on Intelligence [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.govinfo.gov _________ U.S. GOVERNMENT PUBLISHING OFFICE 28-948 PDF WASHINGTON : 2018 SELECT COMMITTEE ON INTELLIGENCE [Established by S. Res. 400, 94th Cong., 2d Sess.] RICHARD BURR, North Carolina, Chairman MARK R. WARNER, Virginia, Vice Chairman JAMES E. RISCH, Idaho DIANNE FEINSTEIN, California MARCO RUBIO, Florida RON WYDEN, Oregon SUSAN COLLINS, Maine MARTIN HEINRICH, New Mexico ROY BLUNT, Missouri ANGUS KING, Maine JAMES LANKFORD, Oklahoma JOE MANCHIN III, West Virginia TOM COTTON, Arkansas KAMALA HARRIS, California JOHN CORNYN, Texas MITCH McCONNELL, Kentucky, Ex Officio CHUCK SCHUMER, New York, Ex Officio JOHN McCAIN, Arizona, Ex Officio JACK REED, Rhode Island, Ex Officio ---------- Chris Joyner, Staff Director Michael Casey, Minority Staff Director Kelsey Stroud Bailey, Chief Clerk CONTENTS ---------- MARCH 7, 2018 OPENING STATEMENTS Burr, Hon. Richard, Chairman, a U.S. Senator from North Carolina. 1 Warner, Hon. Mark R., Vice Chairman, a U.S. Senator from Virginia 2 WITNESSES Panel 1 Farrell, Brenda, Director, DOD Strategic Human Capital Management, Government Accountability Office................... 4 Prepared statement........................................... 6 Phillips, Kevin, President and Chief Executive Officer, Mantech International Corporation...................................... 23 Prepared statement........................................... 25 Chappell, Jane, Vice President for Global Intelligence Solutions, Raytheon Corporation........................................... 32 Prepared statement........................................... 34 Berteau, David, President and Chief Executive Officer, Professional Services Council.................................. 44 Prepared statement........................................... 46 Panel 2 Dunbar, Brian, Assistant Director, Special Security Directorate, National Counter-Intelligence and Security Center, Office of the Director of National Intelligence.......................... 76 Prepared statement........................................... 79 Phalen, Jr., Charles S., Director, National Background Investigations Bureau, U.S. Office of Personnel Management..... 83 Prepared statement........................................... 85 Reid, Garry P., Director for Defense Intelligence (Intelligence and Security), Department of Defense........................... 90 Prepared statement........................................... 93 Payne, Daniel E., Director, Defense Security Service, Department of Defense..................................................... 97 Prepared statement........................................... 99 SUPPLEMENTAL MATERIAL Responses to Questions for the Record by: Ms. Farrell.................................................. 118 Mr. Phillips................................................. 121 Mr. Phalen................................................... 124 Mr. Dunbar................................................... 131 Mr. Reid and Mr. Payne....................................... 142 OPEN HEARING: SECURITY CLEARANCE REFORM ---------- WEDNESDAY, MARCH 7, 2018 U.S. Senate, Select Committee on Intelligence, Washington, DC. The Committee met, pursuant to notice, at 9:35 a.m. in Room SD-106, Dirksen Senate Office Building, Hon. Richard Burr (Chairman of the Committee) presiding. Present: Senators Burr, Warner, Risch, Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Feinstein, Wyden, Heinrich, King, Manchin, Harris, and Reed. OPENING STATEMENT OF HON. RICHARD BURR, CHAIRMAN, A U.S. SENATOR FROM NORTH CAROLINA Chairman Burr. Good morning. I'd like to thank our witnesses for appearing today to discuss our government's security clearance process and potential areas of reform. The intelligence community, Department of Defense, and defense industrial base trust cleared personnel with our Nation's most sensitive projects and most important secrets. Ensuring a modern, efficient, and secure clearance process is paramount and necessary to maintain our national security. The committee will first hear from industry representatives on their perspective on the process and how it affects their ability to support the U.S. Government. Our first panel includes: Mr. Kevin Phillips, President and CEO of ManTech; Ms. Jane Chappell, Vice President of Intelligence, Information, and Services at Raytheon; Mr. David Berteau, President of the Professional Services Council; and Ms. Brenda Farrell from the Government Accountability Office. Welcome to all of you. We appreciate your willingness to appear and, more importantly, thank you for the thousands of employees you represent, who work every day to support the whole of the U.S. Government. Many of our Nation's most sensitive programs and operations would not be possible without your work. I look forward to hearing from you on how your respective companies view the security clearance process and how it affects your operations, your hiring, your retention, and your competitiveness. I also hope you've come today prepared with ideas for reform where necessary. Our second panel will include representatives from the Executive Branch: Mr. Charlie Phalen, the Director of the National Background Investigation Bureau; Mr. Brian Dunbar, Assistant Director of National Counterintelligence and Security Center at the ODNI; Mr. Garry Reid, Director for Security and Intelligence at the Office of the Under Secretary of Defense for Intelligence; and Mr. Dan Payne, Director of Defense Security Service at the Department of Defense. They'll provide the government's perspective on this issue and will update us on their efforts to improve the efficiency and effectiveness of the current system. The purpose of this hearing is to explore the process for granting Secret and Top Secret clearances to both government and industry personnel, and to consider potential better ways forward. The government's approach to issuing national security clearances is largely unchanged since it was established in 1947, and the net result is a growing backlog of investigations, which now reaches 547,000, and inefficiencies that could result in our missing information necessary to thwart insider threats or workplace violence. We should also consider new technologies that could increase the efficiency and effectiveness of our vetting process while also providing greater real-time situational awareness of potential threats to sensitive information. Furthermore, the system of reciprocity, whereby a clearance granted by one agency is also recognized by another, simply does not work. We would all agree that the clearance process should be demanding on candidates and should effectively uncover potential issues before one is granted access to sensitive information. But clearly, the current system is not optimal and we must do better. I'm hopeful that today's discussion will have some good ideas and strategies that we can put into action to reform the process. Again, I want to thank each of our witnesses for your testimony today, and I will now turn to the Vice Chairman for any comments he might have. OPENING STATEMENT OF HON. MARK R. WARNER, VICE CHAIRMAN, A U.S. SENATOR FROM VIRGINIA Vice Chairman Warner. Thank you, Mr. Chairman, and welcome to our witnesses. I want to first thank the Chairman for holding this hearing, particularly in an unclassified setting. I believe that the way our government protects our secrets is a critical area for oversight of this committee. As the Chairman has already mentioned, in many ways the system that is in place, which was born in 1947--and I remind everybody, that's when classified cables were sent by typewriter and telex--really hasn't changed very much. I believe that the clearance process today is a duplicative, manually intensive process. It relies on shoe leather field investigations that would be familiar to fans of spy films. It was built for a time when there was a small industry component and government workers stayed in their agency for their entire career. The principal risk was that someone would share pages from classified reports with an identifiable foreign adversary. Today in many ways we worry more about insider threats, someone who can remove an external hard drive and provide petabytes of data online to an adversary or, for that matter, to a global audience. And industry--and much of that industry I'm proud to have in my State. And industry is a much larger partner. Workers are highly mobile across careers, sectors, and location. Technologies such as big data and AI can help assess people's trustworthiness in a far more efficient and dynamic way. But we've not taken advantage of these advances. Just last month, at an open hearing the Director of National intelligence, Director Coats, said that our security clearance process is, in his words, ``broken and needs to be reformed.'' In January of this year--and I again appreciate the GAO witness today--placed the security clearance process on its, quote, ``high-risk list'' of areas that the government needs broad-based transformation or reforms. The problems with our security clearance process are clear. The investigation inventory has more than doubled in the last three years, with, as the Chairman has mentioned, 700,000 people currently waiting on a background check. Despite recent headlines, the overwhelming majority of those waiting don't have unusually complex backgrounds or finances to untangle. Nevertheless, the cost to run a background check have nearly doubled. Timelines to process clearance are far in excess of standards set in law. These failures in our security clearance process impact individual individuals, companies, government agencies, and even our own military's readiness. Again, as I mentioned, in the Commonwealth of Virginia I hear again and again from contractors, particularly from cutting-edge technology companies, and government agencies that they cannot hire the people they need in a timely manner. I hear from individuals who must wait for months and sometimes even a year to start jobs that they were hired for. And I've heard from a lot of folks who ultimately had to take other jobs because the process took too long and they couldn't afford to wait. To compete globally, economically, and militarily, the status quo of continued delays and convoluted systems cannot continue. No doubt we face real threats to our security that we have to address. Insider threats like Ed Snowden and Harold Martin compromised vast amounts of sensitive data. And obviously the tragedy of the shootings at Washington Naval Yard and Fort Hood took innocent lives. The impacts of these lapses on national security are too big to think that incremental reforms will suffice. Again referring back to Dan Coats's testimony, we need a revolution to our system. I believe we can assess the trustworthiness of our cleared workforce in a dramatically faster and more effective manner than we do today. We have two great panels here that will help us, both from the government's perspective and from our national security partners in the private sector. I'd like again to thank you all for appearing. I hope that at our next meeting--and I hope some are listening downtown--that the OMB, which chairs the inter- agency efforts to address clearances, which declined to appear before us today, will actually participate in this process. I want to be a partner in rethinking our entire security clearance architecture. I want to work with you to devise a model that reflects a dynamic workforce and embraces the needs of both our government and industry partners. Thank you, Mr. Chairman. I look forward to this hearing. Chairman Burr. I thank the Vice Chairman. To members, when we have finished receiving testimony I'll recognize members based upon seniority for up to five minutes. With that, Ms. Farrell, I understand you're going to go first, and then we'll work right down to your left, my right, all the way down the line. The floor is yours. STATEMENT OF BRENDA FARRELL, DIRECTOR, DOD STRATEGIC HUMAN CAPITAL MANAGEMENT, GOVERNMENT ACCOUNTABILITY OFFICE Ms. Farrell. Thank you very much, Mr. Chairman. Chairman Burr, Vice Chairman Warner, and members of the committee: Thank you for the opportunity to be here today to discuss our recent work on the serious challenges associated with the personnel security clearance process. We designated the government-wide security clearance process as a high-risk area in January 2018 because it represents a significant management risk. A high- quality security clearance process is necessary to minimize the risk of unauthorized disclosures of classified information and to help ensure that information about individuals with criminal histories or other questionable behavior is identified and assessed. My written statement today summarizes some of the findings in our reports issued in November and December 2017 on this topic. Now I will briefly discuss my written statement that is provided in three parts. First, we found that the Executive Branch agencies have made progress reforming the clearance process, but key longstanding initiatives remain incomplete. For example, agencies still face challenges in implementing aspects of the 2012 Federal Investigative Standards that are criteria for conducting background investigations and in fully implementing a continuous evaluation program for clearance holders. Efforts to implement such a program go back ten years. We found that, while the ODNI has taken an initial step to implement continuous evaluation in a phased approach, it had not determined what the future phases will consist of or occur. We recommended that the DNI develop an implementation plan. Also, while agencies have taken steps to establish government-wide performance measures for the quality of investigations, the original milestone for completion was missed in fiscal year 2010. No revised milestone currently has been set for their completion. We recommended that the DNI establish a milestone for completion of such measures. Second, we found that the number of agencies meeting timeliness objectives for initial Secret and Top Secret clearances, as well as periodic reinvestigations, decreased from fiscal years 2012 through 2016. For example, while 73 percent of agencies did not meet timeliness objectives for initial clearances for most of fiscal year 2012, 98 percent of agencies did not meet these objectives in fiscal year 2016. Lack of timely processing for clearances has contributed to a significant backlog of background investigations at the agency that is currently responsible for conducting most of the government's background investigations, that is the National Background Investigations Bureau. The Bureau's documentation shows that the backlog of pending investigations increased from about 190,000 in August 2014 to more than 710,000 as of February 2018. We found that the Bureau did not have a plan for reducing the backlog. Finally, we found that potential effects of continuous evaluation on agencies are unknown because the future phases of the program and the effect on agency resources have not yet been determined. Agencies have identified increased resources as a risk to the program. For example, DOD officials told us that, with workload and funding issues, they see no alternative but to replace periodic reinvestigations for certain clearance holders with continuous evaluation. DOD believes that more frequent reinvestigations for certain clearance holders could cost $1.8 billion for fiscal year 2018 through 2022. However, the DNI's recently issued directive for continuous evaluation clarified that continuous evaluation is intended to supplement, but not replace, periodic reinvestigations. In summary, Mr. Chairman, several agencies have key roles and responsibilities in the multi-phase clearance process, including ODNI, OMB, DOD, and OPM. Also, the top leadership from these agencies comprises the Performance Accountability Council that is responsible for driving implementation of and overseeing the reform efforts government-wide. We look forward to working with them to discuss our plans for assessing their progress in addressing this high-risk area. Now is the time for strong top leadership to focus on implementing GAO's recommended actions to complete the reform efforts, improve timeliness, and reduce the backlog. Failure to do so increases the risk of damaging unauthorized disclosures of classified information. Mr. Chairman, that concludes my remarks. [The prepared statement of Ms. Farrell follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Ms. Farrell. Mr. Phillips, the floor is yours. STATEMENT OF KEVIN PHILLIPS, PRESIDENT AND CHIEF EXECUTIVE OFFICER, MANTECH INTERNATIONAL CORPORATION Mr. Phillips. Mr. Chairman, Vice Chairman, and members of the committee: My name is Kevin Phillips. I'm the President and CEO of ManTech International. ManTech has 7,800 employees who support national security and homeland security. I appreciate the opportunity to participate in this industry panel and ask that my written statement be entered as part of the hearing record. Senator Warner, including our initial outreach through NVTC, 15 companies and 6 industry associations have worked collectively over the last 6 to 9 months to increase the visibility and importance of this matter and to propose solutions to help improve the process. Put simply, the backlog of 700,000 security clearance cases is our industry's number one priority. Given the increasing challenges that we face in providing qualified, cleared talent to meet the mission demands, we consider it a national security issue and an all- of-government issue because it impacts every agency we support. Some quick facts. Since 2014, the time it takes to obtain a clearance has more than doubled in our industry. The average time it takes to get a TS-SCI clearance, a Top Secret clearance, is over a year. The time it takes to get a Secret clearance is eight months. Top professionals are in high demand across the Nation. They do not have time to wait over a year to get a job. And increasingly, they are unwilling to deal with the uncertainty associated with this process. As a result of this issue, the key support for weapons development, cyber security, analytics, maintenance and sustainment, space resilience support, as well as the use of transformational technologies across all of government, is being underserved. Since the end of 2014, we estimate that approximately 10,000 positions required from the contractor community in support of the intelligence community have gone unfilled due to these delays. We offer the following recommendations to help improve the backlog: first, enable reciprocity; allow for crossover clearances to be done routinely and automatically. Today 23 different agencies provide different processes and standards in order to determine who is trustworthy and suitable to be employed within their agency. One universally accepted and enforced standard across all of government is needed. Second, increase funding. The current backlog shows no signs of improvement. We need funding to increase processing capacity, to reduce the backlog we have today, while our government partners, who are working diligently to develop and implement a new system, work to develop the system of tomorrow. Third, prioritize existing cases. The amount of backlog of 700,000 cases has not gone down. The timelines have not improved, and we may be at a point where we have to prioritize within that backlog the cases that have the greatest mission impact or that may have the highest or pose the highest risks to national security based on the access to data. Fourth, adopt continuous evaluation, adopt new systems that can be used across all of government, and establish a framework for which government and industry can better share information about individuals holding positions of public trust that is derogatory, so that we can better protect the Nation against threats from insiders. Fifth, from a legislative standpoint we consider this a whole-of-government issue. Accordingly, we believe that a concerted focus from Congress is required and the oversight is needed. We support the reinstatement of the IRTPA timelines with incremental milestones. `ÌRTPA'' is the Intelligence Reform and Terrorism Prevention Act. Finally, we offer that mobility and portability for clearances among the contractor community are needed. We in industry fully understand the importance of a strong security clearance process. That said, slow security does not constitute good security. Time matters to mission. The industry is committed to take the actions needed to hire trustworthy individuals and to help protect the Nation from outside threats. We appreciate the committee's leadership and the focus on this important matter. Thank you. [The prepared statement of Mr. Phillips follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Mr. Phillips. Ms. Chappell. STATEMENT OF JANE CHAPPELL, VICE PRESIDENT FOR GLOBAL INTELLIGENCE SOLUTIONS, RAYTHEON CORPORATION Ms. Chappell. Chairman Burr, Vice Chairman Warner, members of the committee: I'm honored to represent Raytheon today before the Select Committee on Intelligence. Raytheon and our employees understand and take very seriously our obligation to protect the Nation's secrets. We submit to the same clearance process that governs our government and military partners and we take the same oath to protect the information established and entrusted to us. Every day our number one priority is honoring that oath while meeting the needs of our customers. As Vice President of Raytheon's Global Intelligence Solutions business unit, I navigate the disruptions that backlogs in the security clearance process cause on a daily basis, not just for Raytheon, but for our suppliers and our industry peers, but ultimately for the warfighters, intelligence officers, and homeland security officials who rely on our products and services to protect the United States. The magnitude of the backlog and the associated delays is well documented, and the metrics speak for themselves. But what metrics fail to capture are the real-world impacts of the backlog: new careers put on hold, top talent lost to non- defense industries, and programs that provide critical warfighter capabilities suffer delay and cost increases. The delays also come with a real-world price tag. Those new hires run up overhead costs while they wait for their clearances, resulting in significant program cost increases and inefficient use of taxpayer dollars. Reducing the current backlog will require immediate and aggressive interim steps, some of which are already being addressed. Raytheon supports the government's efforts to add resources and ease requirements for periodic reinvestigations. We also appreciate efforts to streamline the application process, automate and digitize information collection, provide for secure data storage, and improve the related processes. Beyond these actions, we recommend eliminating the first- in, first-out approach to the investigation workflow, focusing immediate resources on high-priority clearance and low-risk investigations. It's also critical that Congress and the Executive Branch implement fundamental reforms that streamline the clearance process and increase our Nation's security by leveraging advances in technology. This effort should be guided by what our industry calls ``the four ones.'' The first one is one application, which is a digital permanent record forming the basis of all clearance investigations, updated continuously and stored securely. The second is one investigation, which would implement continuous evaluation and the appropriate use of robust user activity monitoring tools to facilitate a dynamic ongoing assessment of individual risk while securing sensitive information on protected systems. The third one is one adjudication, which calls for streamlining and standardizing the adjudication system so the agency's clearance decision is respected by other departments and agencies. This would increase efficiency and promote reciprocity based on a consistent set of standards for access, suitability, and fitness. The fourth and final one is one clearance, that is recognized across the entire government that is transferable between departments, agencies, and contracts. We believe the implementation of these reforms will help eliminate the inefficiencies that hamstring the current clearance system while promoting more effective recruitment, retention, and utilization of government employees and contractors. And most critically, these reforms will help close the security gaps that threaten our Nation's secrets and personnel. The modern threat environment can no longer be addressed using outdated and infrequent security snapshots. But even the most well-intended reporting requirements, working groups, and legislative deadlines have not and will not overcome the fear of change or the comfort of the status quo. Strong, sustained leadership from both Congress and the White House will be crucial to the success of these efforts. Thank you for the opportunity to be here today and I look forward to answering your questions. [The prepared statement of Ms. Chappell follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Ms. Chappell. Mr. Berteau. STATEMENT OF DAVID BERTEAU, PRESIDENT AND CHIEF EXECUTIVE OFFICER, PROFESSIONAL SERVICES COUNCIL Mr. Berteau. Thank you, Mr. Chairman, Vice Chairman Warner, members of the committee. We really appreciate you having this hearing today. I would ask that my written statement be incorporated in the record in its entirety and I'll just make a few key points here. You heard the description of the problems and the process solutions, the four ones: one application, one investigation, one adjudication, and one clearance. It highlights, I think, the fact that this is really a whole-of-government problem. Just look at the panel that you have following us. You don't have a whole-of-government representation on there. As Vice Chairman Warner pointed out, the Office of Management and Budget plays a key role both in the Performance Accountability Council and in the fundamental process across the board. In the end, though, this is a set of processes that exercises judgment. It makes the decision of where to place trust. And in that decision is a calculus of how much risk are we willing to accept. If it's zero, then we'll never issue a clearance. So there's a whole level of dynamic that has to go on there, and the four ones helps get you there. What, though, can this committee and the Congress do? First is keep that whole-of-government requirement in mind. Second is, within that there's a funding process. So all of those 23 agencies that have separate authorities here have to provide funding to somebody who's going to do the work. Typically today that's the National Background Investigation Bureau. We can't find, from where we sit outside, a record of where that funding stands for those 23 agencies, because it's across all the appropriations accounts. OMB used to track that and report that, but that's no longer available to us. It may be available to you. It should be available to you. And I think it's important as we look at the fiscal year 2018 funding bill that we'll see end of this week, early next week, make sure that that funding is in there, because these systems will not operate without adequate resources. You can't buy your way out of it, though. There's got to be substantial process improvement as well. My fellow panelists have talked about that. But in the meantime, you have a requirement for part of this responsibility to be moved from the Office of Personnel Management, the National Background Investigations Bureau, over to the Defense Department, and you'll hear more about that in the second panel. While that movement's taking place--and the plan is it will take years--the system has to keep going as well. So there's got to be both funding for the ongoing work and funding for the new capabilities inside the Defense Department. So that makes it all the more important. My fellow panelists have mentioned reciprocity. This is a critical, critical issue. How can it be that you're cleared and acceptable for one part of the government at a certain level and you're not cleared and acceptable at another part? The records show 23 different agencies, but within those agencies there's lots of subcategories. DHS alone has more than a dozen separate individual reciprocity determiners who can say: You may be good enough for those guys, but you're not good enough for me. And they don't even have to tell us why, which makes it very hard for us to figure out how to get out of that. So industry can quantify its impact. You've already heard some of that. We all know there's an impact on the government as well. Somewhere in the government, something's not being done or not being done as well as it ought to be or not being done as fast as it ought to be. We don't have that kind of information out of the government, but you've got to believe that in fact somewhere a backlog of 700,000 is going to have an impact, because this is not just contractors; this is government civilian personnel, this is military personnel, this is new recruits. All of those have effects as well. So I think the single biggest thing is access to information about what's going on, what the results are. You've got a situation now where it used to be there was information made available to the public that we could rely on to prioritize our own resources. That's no longer there. We need you to help make that information not only visible to you in the committee--it might come to you in an FOUO kind of a status--but visible to the public and to those of us who have to operate within that system in order to do our job supporting the government. So with that, Mr. Chairman, I'll conclude my remarks and turn back to you. [The prepared statement of Mr. Berteau follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Mr. Berteau. The Chair would recognize himself, and then we'll go by seniority for up to five minutes. My question is very simple, and it's this. Let's make an assumption that funding is not an issue. Why does it take so damn long? Give me the three things that make this process be so long? Mr. Phillips. Let's start, sir, with we have from history a number of agencies who have their own processes set up and they have to go through those processes, and they're very manual. As mentioned before, the process was established during the Eisenhower administration. It's very manual. Investigators have to go in person and write notes, rather than use tablets. They have to go through the mail to send a request to get an education check. They physically have to visit a person, versus using social media or other access points to get things done, when today's technology allows for a much more rapid way of getting decisions done without, in our view, changing the trustworthiness of the individual. That can be done greatly and significantly. I think the second part is that people want to walk through the process and make sure in this environment that people are trustworthy, and the timeline is taking longer because the assurance is needed and it's impacting the mission. We want to make sure time is factored in to the decisions or we will not be able to defend the digital walls from outside threats. So I think it's the process and I think it's the need to have a more risk-based review against the mission requirements and the need to protect our Nation combined from insider threats. Thank you. Chairman Burr. Ms. Chappell. Ms. Chappell. I would echo his comments, but I would say it a little different. We are a Nation blessed with very high technology. We are just not using that technology in this process. We talked about people having to physically go and meet with people. I think that, while that gives us some level of assurance, I think the continuous evaluation gives us a whole other level of insurance, and we should use that technology to give us more confidence in the results as well as decrease the time lines. Chairman Burr. Basically, what you've told me is I put more effort into understanding who my interns are than potentially the process does for security clearances, because you go to the areas that you learn the most about them, which social media is right at the top of the list. I can't envision anybody coming into the office that you haven't thoroughly checked out everything that they've said online, which is to them a protected space. And we all know that it's a public space. I think what you've done is you've confirmed our biggest fear, that we're so obsessed with process and very little consumption of outcome. I think that's how you get a backlog. And you can let that continue to be the norm and nobody's outraged. What's the single change that you'd make to the security clearance process if you only were limited to one? Ms. Farrell. Ms. Farrell. I think prompt action. This needs to be, as some of the colleagues here have said, a high priority. We keep hearing the words ``top leadership.'' There was top leadership involvement when the DOD program was on the high-risk list from 2005 and 2011. We saw that top leadership driving efforts from OMB, DOD, the DNI. That's what we're going to be looking for as we measure their progress going forward to take actions to come off of the high-risk list: top leadership actions engaging with Congress to show that reducing the backlog is a top priority, as well as taking action to communicate that to the other members of the personnel strategic clearance community, as well as my colleagues on the panel here. But leadership is desperately needed in this area. Chairman Burr. Mr. Phillips. Mr. Phillips. Sir, immediately it's funding. But putting that aside, I think long-term it's one uniform standard and reciprocity. It's a big deal. Chairman Burr. Ms. Chappell. Ms. Chappell. I would say continuous evaluation monitoring, doing that on a continuous basis, which reduces the periodic investigations, which allows those people to spend more time reducing the current backlog. Chairman Burr. Mr. Berteau. Mr. Berteau. Do I get to use the three that they've already used and add a fourth one to it? Chairman Burr. Absolutely. Mr. Berteau. Because I do think reciprocity is the top priority in that process. But I think using technology, not just in continuous evaluation, but in the investigations process itself. I've had a clearance for nearly 40 years and the guy still shows up with a pencil and a piece of paper and makes sure that the questions I've entered into the form, which are in many cases the same answers I've given for almost 40 years, are still what I believe, and he writes it down with a pencil, and then he takes it off and puts it into a computer system that's not compatible with anybody else's computer system. Let's get the process down to where we're using 21st century technology. Chairman Burr. My thanks to all of you for your candid responses, and I say that with the full knowledge of knowing that this issue is a multi-committee jurisdictional issue on the Hill. So we've got just as much to fix up here. I think some of the things that you have expressed are the results of no coordination legislatively, and I think we're going to take that at heart as we move forward. Vice Chairman. Vice Chairman Warner. Thank you, Mr. Chairman. Again, thank the panel for their I think accurate description. I think it's really important that we all think about this, and I appreciate the GAO putting this on the national security high risk, because not only are we wasting taxpayer dollars by hiring individuals that then cannot do the work they're hired to do or, as some of the industry panels indicated, will then not take a job because of the clearance process--and I think we particularly lose on the government side, where people would come in and serve at a much perhaps lower salary than they would on the industry side, but because of the security clearance. And I really appreciate, Mr. Berteau, your comments about the use of technology. If you can give--we'll start with you and at least start through our industry colleagues--other specific examples on how, on a technology basis, we can improve this process that, again, candidly, hasn't been significantly updated since the 1950s? Mr. Berteau, do you want to start, and then we'll go down, specific technology examples? Mr. Berteau. I think that the entities that are involved in both the front-end, the scheduling process, the investigation process, and the adjudication process have all identified a number of places where they can bring that technology to bear. The greatest advantage I think we can take is to have integrated data across the government, so that in fact we've got access to everything everywhere. The intelligence community has made more progress here than much of the rest of the government has had. But they also have the advantage of scale. The scale is smaller in they've got the funding and resources and the motivation to do that. I think we could give you a list of specifics that you could consider as you go forward as well. Vice Chairman Warner. Ms. Chappell. Ms. Chappell. I would say, going back to my previous answer, that continuous evaluation. A lot of this data that we go personally ask these people, that are the same questions we've asked for 40 years, that data, a lot of that data is available in open source, that's available to anybody. It's a matter of public record. Vice Chairman Warner. Rather than having somebody send a letter to an educational institution---- Ms. Chappell. Correct. Vice Chairman Warner [continuing]. Or make personal visits. Could you drill down for a minute on continuous evaluation, at least for SECRET clearance level? It seems like it would make so much sense. Ms. Chappell. If you go down through and look for bankruptcy, if someone files for bankruptcy that's a matter of public record, for example. We can get that through just trolling the web. Vice Chairman Warner. Without an agent going to a courthouse---- Ms. Chappell. Without an agent having to physically travel and then go take that information down with pencil and paper, for example. Vice Chairman Warner. Thank you. Mr. Phillips. Sir, I'll give you two examples and one desired solution. We have--one of my fellow CEOs has a contract where he has people in the Green Zone doing DOD work and they cannot support in that same limited space, work for another department because they have to file an entire process to get a clearance in order to do that and it's totally separated. So right across the street, they can't go in and support, with a confined environment, for two agencies to do the same thing in a very difficult environment. Separately, we have a separate CEO who's got a contract that does work, that the information flows to both DOD and somewhere in DHS. That individual has to fill two applications and go through two investigations to do the same job. Industry quite often utilizes public systems that we share, that are cloud-based, multi-layer security, and we pay for it for ourselves. We control the data ourselves. But it is a uniform set of systems that are available. We can make that decision. I think establishing a uniform system that every agency that has funding can fund into and do its own processing would be very beneficial, because then those accesses would be available at the same security level for people to know what's happening and that crossover and that reciprocity could happen just like that. Vice Chairman Warner. I think, just before I get my last question in for Ms. Farrell, we need both reciprocity and portability. One of the things, and I think one of the reasons why ODNI Coats, this is so high on his priority, he lived this experience. Having sat on this committee for a number of years, being accessed to all types of information, the amount of--when he left the Senate and a few weeks later when he was then appointed head of ODNI, because there was that short-term gap, he had to go through a whole new security clearance process. That was pretty absurd. Ms. Farrell, one of the things that I'd like you to comment on is: What I've heard constantly is, typically from the government side, everybody knows it's a problem, but this, like much of G&A in terms of operations, gets pushed to the back of the line. How do we make sure that we as Congress can, with appropriate oversight, make sure that agencies don't take their security clearance budget and push it to the back of the line? Everyone acknowledges this is an issue and a problem, but these are dollars that don't ever seem to be prioritized because they are not sole to mission. Ms. Farrell. I think this is something that goes back to the top leadership, from the deputy director for management at OMB, who is the chair of the council that's driving the reform efforts and overseeing the reform efforts, and to send a message that this is a top priority, whether it's reducing the backlog or fully implementing CE, and resources will be provided and the agencies will follow suit. If I may comment on the technology, the continuous evaluation is an area that you've heard has great promise, that could help streamline the process, perhaps be more efficient. As I noted, the efforts to implement continuous evaluation go back to 2008, with full implementation expected in 2010, and that has not happened. We are encouraged by the DNI's recent directive expanding on what CE is. However, we still don't really know what continuous evaluation is going to comprise and when it's going to be implemented. I think that's going to be a huge step, for the DNI to develop a detailed implementation plan of when the phases are going to occur and the agencies' expectations to implement that. Vice Chairman Warner. Mr. Chairman, I'd simply say I think Ms. Farrell's comments are pretty clear. We've got to start at the top. I'm disappointed, and I know you are as well, that OMB did not take our invitation to actually participate, since they chair the inter-agency council to try to move forward on this. I think we need to get them back in at some point. Thank you, Mr. Chairman. Chairman Burr. Senator Collins. Senator Collins. Thank you, Mr. Chairman. All three of our private sector witnesses today have been understandably very critical of the unacceptable flaws in the government's clearance process and the lack of a system of continuous evaluation. Inadequate funding has been mentioned. I want to turn the question around. There have been three widely reported, serious breaches at the NSA and all three involved contract employees. It is evident that relying solely on a moment-in-time snapshot of an applicant's security profile to determine clearances and secure our information and facilities is simply not working. I've been a strong supporter of moving to continuous evaluation, particularly following the Navy Yard shooting. But my question for each of the three of you is: What responsibility do contractors have to identify and report changes in employee behavior that may indicate a vulnerability and should trigger a review of the security clearance? In at least one of the widely reported incidents involving NSA, the employees who worked with the individual were very aware of the issues that should have triggered a review of his clearance. So I understand the role that government has and that we need to do much better. But what is your role, particularly in light of those three serious breaches, all involving contract employees? Mr. Berteau, we'll start with you and then move across. Mr. Berteau. Thank you, Senator. Those are critical questions, obviously. I make three points there. Number one, I know you know this, but the process is the same, whether you're a government uniformed personnel or a government civilian or a contractor, in terms of the investigation and adjudication process. Senator Collins. I do know that. Mr. Berteau. And I think that the issues that we've been talking about today, some of the process fixes actually incorporate in them a number of the lessons learned from those very examples that you cite here, continuous evaluation being the key piece of it here. So I think that a number of the proposals, some of which are already being implemented, although, since we don't get visible insight into that, we don't know how far that implementation is--that's a question for your second panel--are designed to address those very same problems. But I think there's a third piece. In the examples that you cite, you're right, there are individuals inside who do this, but from the company's point of view these are people working inside a government facility, and we frequently don't get the information about, or our member companies don't get the information, about the employee that the government itself has. So there's got to be greater collaboration and cooperation between the government oversight mechanisms and the contractor oversight mechanisms. This is where personnel issues, privacy issues, security issues, and contract issues come together, and we've got to design it that way up front in the contract itself. I think we're very capable of doing that. We know how to do it. We just don't do it every time. Senator Collins. Ms. Chappell, what is Raytheon's responsibility? Ms. Chappell. We have a responsibility to train our employees. Yearly, we go through an employee training series that's mandated across all of our employees. In some cases where we have employees sit at government facilities, they take yet a second round of training that is required by the government customer as well. So that's two. The second thing we do is what we call `ùser activity monitoring.'' When you log on to a Raytheon system, it's very clear to you. It says right there on the screen that your activity is being monitored while you're on those systems. So we have a process where we use analytic-type of capabilities to look at what people are doing on the systems, to monitor their behavior, to look for things that are outside their normal patterns or their normal work scope. That data is then provided to our security operations center, and then if it triggers an alert we go through an investigation process. If someone comes through and says there's something going on with an employee, we trigger an investigation. Senator Collins. Mr. Phillips, very quickly: If ManTech has a group of employees working for the government on highly sensitive information and many of the employees of that group think that one of the employees has gone off the rails-- developed a drug problem, has financial problems--what specifically happens? Mr. Phillips. Specifically, ManTech has an insider threat program that identifies high-risk employees, and once those individuals, whether they hold a position of trust, we see a behavior that we need to track, it rolls into a process that's controlled through our senior security executive, coordinated with our human resources and legal department, and overseen by myself, with board updates every quarter to make sure that we are tracking those individuals that have been identified from an insider threat perspective. We report that information to the government. We also start monitoring their overall behavior, where appropriate, to make sure that that individual's behavior doesn't provide additional risk of harm to our employees or Federal employees or potentially increase the position of trust or breach of data to the government. Additionally, we spot-check people coming out of our own SCIFs for data. We want to make sure that as a partner we're doing everything we can. The only thing we suggest: We have to share information better about individuals who hold positions of public trust. Senator Collins. Thank you. Chairman Burr. Senator Feinstein. Senator Feinstein. Thanks very much, Mr. Chairman. I'd like to follow up on Senator Collins' questions to you, Mr. Phillips. Specifically, what changes have been made by your company in the wake of Snowden and Martin? Mr. Phillips. Ma'am, since then we've increased our insider threat process. We do more training---- Senator Feinstein. From what to what? If you could be specific here, that would be helpful. Mr. Phillips. Sure. I think all of government is moving towards mandating industry be a partner in this process. We already had a process in place, but what we're doing is we're making sure that every behavior--we physically go to our program managers and we tell them: If you or your employees see a behavior, we need to see it, we need to know. Senator Feinstein. Well, where did you miss with Snowden? Mr. Phillips. We did not--we did not have that event within our framework. The Snowden component or something like that specifically is the employee is on a Federal facility, and a company cannot access the government's data to see the behaviors. They have to be visually seen by the people around that individual. We need to better share information. Senator Feinstein. Isn't that an important point right there? Mr. Phillips. Yes, ma'am, it's very important. Senator Feinstein. Because these were big events, and it's very hard for us to know the background and how it happened. So could you go into that in a little bit more detail? Mr. Phillips. Anything that is on a secured government network or secured government facility is controlled by the government, regardless of whether it's a military, Federal employee, or contractor. The information flow around that is fairly limited, for security reasons, but also personnel reasons. The information-sharing program that we think is best long- term, aligning those who have positions of public trust and have agreed to that, with the appropriate protections of privacy, if they are on a network having classified information, how do we better collectively track the behaviors and actions of the individual so that we as a contract community can take the appropriate actions on that staff. Senator Feinstein. Well, as you know, both these employees were contract employees with NSA. How closely have you reviewed the procedures and have you made any recommendations to NSA? Mr. Phillips. Ma'am, the agency has gone through significant review and we as a contract community are adjusting to meet their required additional standards to be responsive to the risks that they may have seen within their review. Mr. Berteau. Senator---- Senator Feinstein. Well, maybe somebody can add to that, because that's a very general statement and it doesn't leave me really with any answer. Mr. Berteau. Senator, if I could sort of add a little bit to that, not necessarily the Snowden case or the Martin case, but we see time and again a situation where the government will tell a contractor, this person is no longer suitable, take them off the contract, but they won't tell us why. They won't tell us what behavior has occurred, what has motivated them to do that. So we're left trying to figure out what happened here, without the information from the government. Senator Feinstein. How often does that happen? Mr. Berteau. I don't have a count of how often, because there's no database to do it. But I hear about it more than once a year, and I probably don't hear about it a lot of times that it does happen. So you have individuals, and it may be that the company releases that individual, but the individual can go somewhere else. So that information-sharing that should occur here between the government and the contractors involved, cutting across the security domain and the personnel and human resources domain, has got to be improved. Senator Feinstein. Because of the 4,080,000 national security clearances, the contractors hold almost a million, 921,065 of those. That's a big constituency out there. Because it involves the defense companies, of which Raytheon is a California company that I'm very proud of, that's one of them, it seems to me that the private sector has an increased responsibility, too. Ms. Chappell, how do you view that? How does Raytheon specifically view an increased responsibility? Ms. Chappell. I think we have stepped up our training requirements around this area; more sensitivity to what has happened and making people aware. When it's on our own networks, we have control on what we monitor and where we see risk and how we escalate that and where we investigate. I think Mr. Berteau is very correct in that there needs to be better partnership. When our employees sit on government facilities and use government networks, there needs to be more information-sharing on what we can do jointly, because we don't have the ability to monitor those networks. So I think any insight we can get there is most helpful to us in making sure we adjudicate through our workforce. Senator Feinstein. Right. On pages 7 and 8--I'm looking for your written remarks and can't find them at the moment. But you make some good recommendations. Could you go into them for us, please? Ms. Chappell. On the written? Senator Feinstein. In the written, and let me find it. [Pause.] Ms. Chappell. Just one second, please. Senator Feinstein. Yes. I'm sorry, Mr. Chairman. I'm sorry. My hand slipped and I lost the---- Ms. Chappell. I think that was around the one application. Senator Feinstein. That's right, the fundamental reforms. And you began with the clearance backlog of 300,000 and the one application, and it runs through--now, this is more than a decade, as you point out, since they were first proposed. But to make immediate progress, you say ``Raytheon encourages the government to prioritize and set incremental milestones for implementing government-wide reciprocity, continuous evaluation, and information technology reforms.'' Can you be more specific about that? Ms. Chappell. On the one application, that is the one, standardized--one standardized, one digitized, so it's available, it can be shared across organizations. You don't have to fill that out more than once. One investigation, to make sure that, whether it's a DOD investigation, an Air Force, Army, or a CIA investigation, that that's the same investigation, that had the same standards, the same views on risk. Those can be shared across the different agencies. One adjudication of that, so instead of having different adjudications you have one set of adjudication processes, one set of risks that that adjudication is based on, so that then that clearance can be agreed to and can be recognized across the different agencies. Then clearly, just the one clearance, to make sure that that reciprocity moves across organizations. So I think they're pretty fundamental, pretty standard, pretty simple processes: one application; one clearance process; one adjudication, recognized by all. Senator Feinstein. Do you think that would make a difference with the 4 million and the 600,000 each year? Ms. Chappell. I think it would make a huge difference, because not only would it streamline the original investigation; you're not re-investigating the same people over and over, and the resources required to do the reinvestigations would be focused on the backlog. Senator Feinstein. Thank you. Thank you, Mr. Chairman. Chairman Burr. Mr. Berteau. Mr. Berteau. Mr. Chairman, if you would indulge me for just one added point. Senator Feinstein's line of questioning is really critical here. One thing I think is important to put on the record: The member companies for PSC and companies like Raytheon and ManTech are very limited in their ability to get information out of the government of the status of the investigation and adjudication that's going on with the people that they've submitted into the process. If Kevin Phillips or Jane Chappell calls the government agency that's doing that, what they will likely be told is: We can't tell you anything; go talk to your contracting officer representative, who then has a process they have to go through internally, not the speediest of processes, and they may or may not get you an answer back. We see cases where a decision has been made and not communicated to the company, in some cases for more than six months. So there is a lot that has to be done here in terms of improvement of the communication back and forth. I think the oversight role of this committee in encouraging that and getting visible results of that from the agencies involved would be very helpful. Senator Feinstein. Thank you very much. Would you be willing to write something up as to what both of you or three of you think would be the specifics and send it to the Chairman? Mr. Berteau. Absolutely. Ms. Chappell. Yes, ma'am. Senator Feinstein. Thank you. Thank you very much. Chairman Burr. Thank you, Senator. Senator Blunt. Senator Blunt. Thank you, Chairman. Ms. Farrell, in your testimony you talked about the 12 recommendations I think you made to the Director of National Intelligence. How many of those did they accept? Ms. Farrell. For the majority of those we directed to the DNI, they did not comment whether they agreed or disagreed. So we don't know if they're going to take action on those recommendations or not. Senator Blunt. I think I must have read your testimony wrong. I got the impression that they had concurred with some, but not all. Ms. Farrell. They did concur with some. Senator Blunt. What does that mean, they concurred with some, but didn't accept them? I'm getting a thesaurus out here to figure out what that means. Ms. Farrell. They concurred, for example, with taking steps to develop a continuation--continuous evaluation policy and implementation. But on other actions they disagreed; they thought that they had already had things in play and that no more action was necessary. Senator Blunt. Which of the 12 things you recommended do you think would have the most impact on achieving the goal we want to achieve here? Ms. Farrell. For today, I think it would be the implementation plan for continuous evaluation. But I also have to note that there's been a lot of discussion about reciprocity, and reciprocity is statutorily required by the Intelligence Reform and Terrorism Prevention Act of 2004. So by that Act, agencies are supposed to honor investigations that are conducted by an authorized provider, as well as adjudications from an authorized adjudicator. There's always certain exceptions, but reciprocity is in statute. It just hasn't had guidance so it could be implemented. Senator Blunt. And continuous evaluation, Ms. Chappell, how does that relate to--you're saying a lot of the same things: continuous evaluation; using open source data or data that's already been collected, rather than going through that process again. Do you want to talk about that just a little bit more? Ms. Chappell. What we're saying is, instead of waiting from day one when you're given your clearance to year five and having no investigation between that period, and then doing your periodic investigation with sending people out, traveling around the country, doing your investigation, all through that time period to continuously monitor data to see if there is any adverse data concerning that person and do you need to start-- is that person of higher risk and do you need to pay more attention to that person sooner, rather than wait the normal five to six years for that background investigation. Senator Blunt. If that person, like Senator Warner mentioned about Senator Coats and that brief space, when someone has moved on to another job and is coming back, do they have to go through the whole clearance process again? They have to re-submit again everywhere they ever lived? Ms. Chappell. Yes, sir. Senator Blunt. Don't we have all that somewhere if they've been cleared once? Ms. Chappell. Yes, sir. Mr. Berteau. Senator Blunt, I've lived in the same house for the last 29 years. I've had the same neighbors on each side of me for the last 29 years. Both are former government employees with suitability determinations and clearances as well. Every time I fill that form out, it's the exact same information as it was the time before, the time before that, and the time before that. It's already in their databases. They just make me do it again. Senator Blunt. Does anybody have a reason that would justify why you'd have to do this again, if the government's already collected all this? Mr. Berteau. There's an old saying--Eric Sevareid brought it out of World War II with him--called ``The chief cause of problems is solutions.'' And in almost every case, these elements of the process that are built in here was a fix to a previous problem. What we've never done is the kind of end-to- end analysis of what actual result are we trying to get out of this and how do we design a process that gets that result. I think what you'll hear from the second panel is some of the efforts both at the National Background Investigations Bureau has under way and that DOD is developing a plan for, would take advantage of some of that opportunity. It's just going to take a long time, and we'd like to see it speeded up. Senator Blunt. Mr. Berteau, one other question. Are small companies treated differently when it comes to getting their employees cleared? Mr. Berteau. Unfortunately, they go through the same process, and I think they have an added disadvantage. If a company has a substantial amount of work in the government, they may actually be able to make a job offer to a new employee and say: We've got something we can have you do while we're waiting the year or two years it takes to get this clearance through the process. It's very much harder for a smaller business, who doesn't have the business base or the overhead capacity to be able to do that. So you make a contingency offer. Well, if this is a critical skill--let's say it's a cyber security expert who's just come out of college--you're asking them: Put your career on hold for an indefinite period of time, don't get paid, go do something else while you're figuring out what to do here, and then maybe we'll get a clearance at some point in time and be able to hire you. This has two negative advantages. One, it's going to reduce the number of people who are going to want to do that. Secondly, they're going to have lost their technical edge, because the system is moving on, the cyber security world is moving along, while they're not working in it. So it has a double impact. When I mentioned the importance of balancing risk here, there's a risk that we often don't take into account. It's not just the risk of awarding a clearance to somebody who ends up doing something wrong. There's a risk to government missions and functions in every step of the way by not doing it in a timely way and not by having the best and brightest people on board to do that. That's got to be part of the calculus. Nobody documents that. Senator Blunt. Thank you. Thank you, Chairman. Chairman Burr. Senator Wyden. Senator Wyden. Thank you, Mr. Chairman. It's been a good panel. I'm just going to ask one question of this panel, and it's for you, Ms. Farrell. It seems to me one of the central issues here is there is a culture where over-secrecy is actually valued and there is no accountability for excessive secrecy. So we end up with four million people with security clearances. I've heard my colleagues talk about the backlog question and I know that that is very important to our companies. But I think to really get at the guts of this issue we've got to deal with this over-secrecy kind of question. I'd like to ask you: What in your view is the government doing that is most helpful in terms of reducing that four million number, which I think reflects that there are too many secrets out there and too many people are sitting on them. What's the government doing about that? Mr. Phillips. Senator, I'll start---- Senator Wyden. I'd like to start with the GAO on it. Ms. Farrell. Thank you. That's okay. We have in the past recommended that DOD and its components, the services, as well as the agencies, evaluate their positions that require clearances to make sure that the clearance is required in the first place, and then have procedures in place where they periodically reevaluate those positions to see if those clearances are still necessary. That would be a way to make sure that the requirement is correct. Most people think that clearances follow people. Clearances don't follow them. They follow the positions. Senator Wyden. I want to be respectful. I know of your recommendations. I'm curious as to whether you think the government is moving effectively and expeditiously on actually doing something about it, because this strikes me, this excessive number of security clearances--and your recommendations are always to have these efforts to reduce them--it's been the longest-running battle since the Trojan War. I've been on this committee--I think, with Senator Feinstein, we're the longest-serving members. And I've heard this again and again. So what is the government doing that is actually effective in your view about this? Not your recommendations, which I think are very good, but what's the government doing that is actually effective now in terms of reducing this number? Ms. Farrell. I think the answer is obviously: Not enough, because if they were doing enough in terms of leadership and prompt action, they wouldn't have the backlog that they have or the number of people that you're calling into question. Senator Wyden. Okay. I'm going to submit some questions to you in writing as well. Thank you, Mr. Chairman. I look forward to the second round. Chairman Burr. Senator Cornyn. Senator Cornyn. Thank you, Mr. Chairman. With the hack of OPM a couple of years ago, reportedly by a hostile foreign power, countless Americans have had their privacy violated and their personally identifiable information obtained by that foreign power. Do any of you have any observations or comments about what impact that sort of lack of security for that sensitive information, what impact that's had on the best and the brightest people who we would like to serve in these important positions? Ms. Chappell. I'll start with that, because my personal information was some of that information that was leaked. Not only my information, but the people who I had down as references, my family members also, their information was also compromised. So I think it's incredibly important that this data is secured and that it goes through the same cyber process that the programs that we support do. Senator Cornyn. Mr. Berteau, you were saying how you have to fill out the same information on repetitive applications for security clearances. I guess we know that foreign nations have that information, but the U.S. Government apparently doesn't keep it in a place where they can use it without having to ask you each time. Mr. Berteau. Senator, it is my understanding that actually a number of steps have been taken inside the Office of Personnel Management to provide greater security. It's a question I think for the second panel on the status of those steps. But we also have to recognize that we'll never be 100 percent secure on being able to do that. I think we have to be able to mitigate against that as well. I would also note that it's not just the central databases that come into play here. It's all the individual things inside each of the agencies as well. We probably are in a situation where we're going to have to be able to recognize and mitigate that as rapidly as possible. I'm probably a little less concerned about that particular, although I got a letter and my wife got a letter and my kids all got a letter as well. I had the responsibility inside DOD to actually oversee the mailing of those 22 million letters. We mailed out a million a week and it took the better part of half a year to notify everybody. I note that that mailing occurred about a year and a half after the breach. So we also need to be able to let people know in a more timely way that their data has been compromised. Senator Cornyn. I don't know anything about that episode that we can be proud of. It just seems to be it would be embarrassing, and obviously people are at risk as a result. Let me move on to ask about interim clearances, the role of interim clearances. What I don't understand is how can somebody get an--have a sufficient background investigation to get an interim clearance, and what limitations are put on that clearance that would not be available--or that would not apply to a complete clearance, so to speak? And how does that actually work in practice, the role of interim clearances and the background investigations that are conducted to approve those? Mr. Phillips. Senator, thanks for the question. ManTech is entering its fiftieth year of supporting national security this year, and we have forever had interim clearances being an integral part of moving people into supporting the Federal Government. As you know, the interim clearance process is a decision that's a government decision. It is not something we as contractors can decide. We have to inform the government and let them make those adjudications. We have not seen, as a company, issues with the process and how we do it. That said, one of the issues is, because of the time it takes to get a security clearance, that the interim security clearance timeline is now longer than it was three years ago. So part of our suggestion is we need to move that timeline back so the time people have interim security clearances is narrowed. The process itself is: The background investigation that is commercial is done on the individual from a company standpoint. The forms are reviewed in total about the employee to make sure that the potential applicant, to make sure that all information is available, so that that government employee or official can make a decision whether sufficient grounds to grant an interim clearance based on those facts, before the more manual investigation takes place. In our history as a company, less than one person per year has been identified in that sequence as not being supportable to doing security work in the future. Senator Cornyn. Thank you. Chairman Burr. Senator Heinrich. Senator Heinrich. Thank you, Mr. Chair. I want to follow up a little bit on those good questions from my colleague from Texas. For those of you in industry--and we'll start with you, Mr. Phillips--how often have you seen a TS-SCI interim clearance? Is that a common thing? Mr. Phillips. For our industry, it is not uncommon. But as an example, out of our, let's say, 150 people doing an interim status, a vast majority of them are SECRET for the type of work we perform. So I can't compare it to any other application or requirement. Senator Heinrich. Got you. Mr. Phillips. Those who are in an interim SECRET status have already received a SECRET clearance. So it's fairly narrow bandwidth. Senator Heinrich. Ms. Chappell. Ms. Chappell. From my personal knowledge, I don't know of interim clearances on a TS-SCI kind of clearance. Those are usually finalized. From an interim clearance, they're more on the SECRET side. Quite frankly, with the backlog of clearances that we have right now, I think the risk of not doing that and not being able to perform the mission is very high. Senator Heinrich. That's very helpful. Mr. Berteau. Senator, in my experience--I don't know if there's data collected on this, but in my experience it was more common in the past. It's a lot less common today, and it has been a lot less common over the last few years. I think it's one of those examples of as we've learned---- Senator Heinrich. For good reason. Mr. Berteau. For good reason, I agree. Senator Heinrich. For the risk that's inherent in that. Does the government track how many interim security clearances are issued by type, by agency, by personnel type? And is there a process in place to make sure that when that temporary access period has expired that there's a review to say, red flag, this has come to an end, we should look at this person again? Ms. Farrell. I take it you want me to answer that? Senator Heinrich. Yes, if you could. Ms. Farrell. That information might be at the agency level in their case management systems. But it was not at the levels that we looked at in our reviews when we worked with ODNI to collect data on the investigation time as well as adjudication and intake for specific agencies. Senator Heinrich. So obviously the whole of government, all the agencies aren't here right now. But that's something we should probably pay a lot of attention to. Ms. Farrell. Yes. Senator Heinrich. For any of you who want to offer your advice on this: It seems to me from some of the previous testimony that it sounds like continuous evaluation is really important, but it shouldn't necessarily supplant a periodic review; it should supplement a periodic review. Is that your view across the board, and any of you who want to offer your advice on that, I'd be curious. Mr. Phillips. Yes, sir, I'll start. Technology allows for continuous evaluation where ten years ago you really couldn't do it. So start with that. It's a very good thing to utilize and over time it will become a more and more important thing because it can be depended on, and in fact it will identify things, not five years from now, but along the way between now and five years. So we consider it a use of technology to the benefit of national security. Within that framework, depending on the level of trust on the CE process itself, the periodic re-investigation percentages can come down. I don't see it going away, but it can be like the IRS: We're going to audit you every once in a while, versus everybody 100 percent. Senator Heinrich. So the interim period between those periodic reviews might get longer based on a lower rate? Mr. Phillips. And there can be sample periodic reinvestigations to help inform and make sure the process is working. Ms. Chappell. I would just say it slightly different. I would say it focuses where the higher risk is and where you should focus periodic investigations on. Senator Heinrich. Ms. Farrell, I want to ask you one more question before I run out of time here. You testified that the National Background Investigation Bureau is trying to decrease the backlog, but it has huge challenges in actually achieving this. One of the stories I've seen that I'm intrigued by that seems to be working is NBIB is taking and deploying teams of investigative personnel to specific sites for a two-month period where they'll set up shop in a dedicated work space, and they try to crank through some of the most time-sensitive clearance investigations without the back-and-forth that we heard about in some of the testimony, the travel, the inefficiencies. This is happening right now at a couple of labs in the DOE labs in New Mexico. It seems like a rare good-news story of increasing efficiency. Do you agree with that, and is this a model that we should be potentially applying more broadly? Ms. Farrell. What we found during the review was that the Bureau did not have the capacity to carry out their investigative responsibilities and reduce the backlog. The Bureau looked at four scenarios of different workforces to try to tackle this backlog. They looked at just if things stay the same; they looked at very aggressive hiring of contractors. They decided that it was not feasible for the plan where they would put so much emphasis on the contractors; and the two plans that they did look at, the backlog still would not be reduced for several years. There hasn't been a selection, though, of which plan they're going to go with in order to reduce the backlog. So that is going to be key. You can't reduce the backlog if you don't have the workforce. Senator Heinrich. I don't disagree with you. I don't think you answered my question. But my time is over, so we're going to have to move along here. Chairman Burr. Senator King. Senator King. Mr. Berteau, first I want to congratulate you because you made the key point of this whole hearing for me. It's the opportunity cost that we should be talking about. It's the good people lost. That's what brings me here today, because I know too many stories of people who just gave up, who spoke Arabic, who had visited, lived in the Middle East, and because of that couldn't get their clearance. It was a kind of Catch- 22, and those are the very people that we want. So I think that's what we have to keep focusing on, is those immeasurable people lost, the opportunity cost that has made this such an important inquiry. Ms. Farrell, who's in charge? If John McCain were here, he'd be saying; Who can we fire? Why is this--this is a pure management problem, it seems to me. Ms. Farrell. This is a management problem, and I referred to the Performance Accountability Council because those are the principals that are in charge of implementing the reform efforts and overseeing---- Senator King. Who is on that council? Who are the people? Ms. Farrell. That's the deputy director for management at OMB. It's the director for national intelligence, who is also the security executive agent, which means that person sets the policy across---- Senator King. My problem with that is any time you have a council the term `àll of government'' has been used. I'm sick of that term. That means none of government. That's what people say when nobody's in charge. Is there one person who has the responsibility for fixing this problem, and who are they? Ms. Farrell. I would point to the chair of the Performance Accountability Council, because that person does have the authority to provide direction regarding the process and carry out those functions. Senator King. Is that person going to be here today, do you know? Ms. Farrell. I believe that person declined. Senator King. Well, that's kind of ridiculous, isn't it? So the one person in the government that's in charge of this issue, that's a very important issue, isn't here because--did they have to wash their hair? What's the deal? Ms. Farrell. I can't speak for OMB, sir. Senator King. Well, that's really--that's really disappointing. Okay. Again for you, Ms. Farrell: The private sector has moved on from the 1940s style of doing these things. The financial sector does it much more quickly. Have we tried to learn from them? Has there been any effort to study how the financial sector does this, for example? Ms. Farrell. I do believe that the Executive Branch agencies have reached out to the private sector. After the Navy Yard shootings, they did a 120-day review. They identified challenges within the process. There was a lot of coordination with government and non-government. Many of the recommendations that they had were recommendations that they had been working on, though, since the reform began back with the passage of the OFAC. Senator King. Well, I would hope that we could try to learn something from the private sector, because they appear to be doing this much more efficiently. Mr. Berteau, a technical question. The people who come to interview you to redo these security clearances, do they carry a clipboard? Mr. Berteau. I think they do, sir, and I think it's legal- sized, so that it has more room. Senator King. To me, the clipboard is the sign of not being in the 21st century. Mr. Berteau. I'm sorry to hear that. I actually own a couple of clipboards and I occasionally use them. [Laughter.] Senator King. I used to say it was the universal symbol of authority. But if you go into a hospital and they hand you a clipboard, they're seeking data from you that they already have somewhere else in their system. Mr. Berteau. That's certainly been my experience, yes, sir. Senator King. That's the point I'm trying to make. Mr. Berteau. And I think that's certainly within my experience. If I could add something on the ``who's in charge'' thing. I think you've hit a very key point here. There are divided responsibilities and some of those divided responsibilities actually spill over into the question that Senator Wyden raised about really focusing on--we've been focusing entirely on the supply side of this equation: How do we actually move people, put them in the process, and put them in a clearance? There's a demand side of this equation as well. Actually, operating under the authorities granted by this committee, a previous DNI did a substantial reduction in the number of billets that required a clearance. I don't remember the exact number. I think it was something around 700,000 that they eliminated the requirement for a clearance. If you could do one thing to reduce the backlog, getting rid of the demand would be the one thing. But what we've seen over time--and this is back to your question of who's in charge--is other responsibilities, responses to other incidents, the Navy Yard shooting, for example. When I was back in the Defense Department, what I saw was in fact you had to practically get a clearance to get a pass to get on the base, even though there would be nothing you would ever touch in the way of classified material once you got on. That's out of an abundance of caution of we don't want somebody to be able to come on the base with a gun and be able to kill our people. There are other ways to do that, I would submit, than expanding and lengthening the background investigation process, and continuous evaluation using 21st century technology is the key to that. The government has to do that. Senator King. I'm running out of time, but I want to ask one more question. Am I correct in taking from this panel that these security clearances are not transferable, they're not portable? You get one in one agency and if you go to another agency you have to start all over? Mr. Berteau. It varies. There are parts of the government where---- Senator King. That's a disappointing answer. Mr. Berteau. There are places where the portability is pretty robust, and it doesn't take very long, sometimes maybe only a day or two. There are others, Department of Homeland Security, for example, where I believe the average to move from one to another is almost 100 days, within the same Department, under the same Cabinet officer. Senator King. I'm sorry. They already--I can't believe what you just said. You mean a person within the Homeland Security Department who has a clearance, to move from one job in Homeland Security to another job in Homeland Security takes 100 days? Mr. Berteau. Yes, sir. And it could even mean that a contractor sitting at the same desk, moving to a different contract, has to go through a new process. Senator King. That's preposterous. Mr. Berteau. Yes. I think that's a very nuanced and subtle word to use for it, yes, sir. [Laughter.] Senator King. Thank you, Mr. Chairman. Chairman Burr. Senator Lankford. Senator Lankford. I want to be able to pick up where you just left off, because that was actually one of my key questions, was about the reciprocal agreements for clearances. What's holding that back that you have seen at this point of why the agencies don't trust each other enough to be able to handle clearances? Is this an issue of ``No, our people have to be able to do it; I don't trust your people'' or not a common set of standards? Mr. Berteau. It's probably a combination of a host of things. I think the three things that you could do about it: number one is force a set of common standards that are a starting point. Even within DHS, for example, there's only statutory standards for one part of DHS. It happens to be the Transportation Security Administration and that's a result of a different line of Congressional inquiry. Setting common standards and then reviewing and making sure that the deviations or the additions to those standards are minimized and they have to be approved by the top leadership. So there's a leadership question. That's the second piece that comes in. Senator Lankford. So what is currently not aligned right now on our standards? Mr. Berteau. I think it tends to be more in the civilian agency side than it does in the intel community and the Defense Department side. I think there the standards are a little clearer. But they're not clear to us. We as contractors often don't know what standards are going to be applied to the individuals. Senator Lankford. Can I push ``Pause'' in there real quick'' Ms. Farrell, what would be the--could we get a list from anyone to be able to say, where are we deviating in standards, civilian, defense, contractors, whatever it may be? Ms. Farrell. The standards should be the same. There's Federal investigative standards. They do not differ by category of the workforce. Federal adjudicative standards are also supposed to be uniformly applied. There are no--there's no data, there's no measures about the extent to which reciprocity works or does not work. This is something that we have recommended before, that there should be a baseline to determine whether or not reciprocity is working, and if it's not working then to be able to pinpoint the issues that are being discussed as to why it's not working. Many years ago, it was believed that reciprocity was not working because agencies did not trust the quality of the investigations that someone else had done. But we don't know what the issue is today. Senator Lankford. So when I meet with the chief human capital officers of the agencies, affectionately called ``CHICOs,'' those folks tell me that one of the key areas that slows down Federal hiring, which now is over 106 days on average across the Federal Government, is this reciprocity issue; that this issue is not only slowing down and creating a bigger backlog and, as you mentioned, Mr. Berteau, a demand issue, that we've got to be able to go through this again and again and again for the same person, and an incredible nuisance for the person that's actually going through it for the third time, but it's also decreasing our Federal hiring and the speed of actually getting good people on the job. So what I'm trying to drill down on: Is this an issue of agencies having a standard across all the Federal Government, but they add one more and because they've added one or two more than we've got to redo the whole thing, rather than trusting somebody else has already done it and we're going to just do this one additional check? What is it? Ms. Farrell. This is an issue of the DNI not issuing the policy on how reciprocity should be applied. Senator Lankford. So reciprocity is already required? Ms. Farrell. It's required by statute. Senator Lankford. So it's required, but you're saying it's just a matter of releasing a document from ODNI or from anyone else on how to actually apply what is current law? Ms. Farrell. Because current law does state ``with certain exceptions.'' So it's up to the DNI to know what those certain exceptions are, so that the agencies will be able to determine if an investigative can be accepted as well as an adjudication. Senator Lankford. Because at this point who is determining what the ``certain exceptions'' are? Ms. Farrell. The agencies. Senator Lankford. So they can determine `Ì don't trust them'' or `Ì don't know them'' or whatever it may be? Ms. Farrell. Correct. There's some guidance out there, but it's not clear. So the DNI is working on a reciprocity policy and we are waiting for that policy to be issued. Senator Lankford. What is the key information-gathering that is needed? You also mentioned this as well, about individuals getting onto a facility that may not need security clearances, because they're not going to touch documents, they're not going to see elements they shouldn't be able to see. What is the lower level that could be done faster, to make sure those individuals can get access and start to do their job, but not have to go through the full check? Mr. Berteau. The DNI does have the statutory authority and responsibility for the standards for security clearances. There's a second set of standards just for suitability or fitness to be in the job and for the credentials to be able to access the facilities. Those standards are governed by the Office of Personnel Management, not the DNI, and there frequently needs to be a little better mapping between these two. I think the greatest thing this committee could do is to require regular reporting of a lot more information about this. My experience as a government official is when I'm required to send you a report on how I'm doing, I'm going to pay a lot more attention to what I'm doing than if I'm not. Senator Lankford. Thank you. Chairman Burr. Do any members seek additional time? Senator Cornyn. Senator Cornyn. Can I just ask one more question, Mr. Chairman? Chairman Burr. Absolutely. Senator Cornyn. Who in the United States Government decides who is eligible for a security clearance? Ms. Farrell. That would be the--usually it's the agency of the employee that's applying for the clearance. The agency takes the investigative report and determines if someone is eligible or not. Senator Cornyn. Thank you. Mr. Berteau. Mr. Cornyn, sometimes there are easy decisions that are made at a lower level within the adjudication process, and sometimes there are harder calls that have to go higher up before a decision is made. This has to do both with the quality and characteristics of the individual case, but also the dynamic of the job and how fast it's needed and what needs to come into play here. It can actually be calibrated a little bit in terms of who comes into play here. That's also a very good question, I think, to ask the government representatives on the second panel. Chairman Burr. Vice Chair. Vice Chairman Warner. Again, thank you, Mr. Chairman, for holding this hearing. This has been something that I've been working on for some time. But I think getting more members engaged, because we are losing good people. But I go back to Ms. Chappell's comments: one, if we can use technology; and two, the closer we can get, at least at the SECRET level, on one standard, one form, one adjudication, and one clearance. Seems like it's kind of common sense, and you marry the technology with continuous evaluation and we could make real, real progress. The good news is there is no--ODNI Director Coats and I think a host of others realize this is a problem. I again thank the chair for holding this hearing. Chairman Burr. I thank the Vice Chair. I thank all the members and, more importantly, I thank those of you at the dais as witnesses today. Your testimony is invaluable to us. I walk away to some degree more optimistic than I came, because I think that the biggest issues that you've raised can be solved. And I think this is a question of can we put the right people in a room that understand when you talk about reciprocity, what is that? As I said to Senator King, we shouldn't be shocked. DHS is the comingling of about 37 different pieces that we moved from different areas of government and we put it under a new agency. Given that there was baptism by fire of the Secretary, it's not unrealistic to believe that they still operate like the core agencies they came out of. They just happen to be under a new banner. So I think these are all things that are doable, but we've got to have the right leadership in the room talking about real solutions. I think that it's the commitment of this committee that we will start and complete that process, and at the end of the day hopefully a year from now you will come back and tell us what great things have happened within government, and it will be because of your testimony today. With that, the first panel is dismissed and I would call up the second panel. [Pause.] I call into session the second panel. I'd like to welcome our witnesses for the second panel. We just heard from the industry on the challenges they face and some potential solutions moving forward. We now have an opportunity to hear from the Executive Branch, their perspectives and their ideas. I understand the daunting task and job before each of you, vetting more than four million cleared personnel and identifying threats before they materialize. It's not easy. But we can do better than we're doing today. As we continue our dialogue, I hope you'll speak freely, frankly, and think creatively, because this hearing is not only about identifying the problem, but it's about uncovering the solutions. I want to thank each of you for being here, and I just want to reiterate what I said at the end of the last panel. I actually am more optimistic right now than I was before we started, because I think we've been able to clearly understand the big muscle moves, and I think that putting the right people in the room might enable us to try to overcome some of the challenges and replace it with solutions that we would have full agreement are worth trying or that we feel will achieve a different outcome. I'm not going to turn to the Vice Chairman. I'm going to turn directly to Mr. Dunbar, who I understand will begin. Then the floor will go to Mr. Phalen and then Mr. Reid and Mr. Payne. Mr. Dunbar, the floor is yours. STATEMENT OF BRIAN DUNBAR, ASSISTANT DIRECTOR, SPECIAL SECURITY DIRECTORATE, NATIONAL COUNTER-INTELLIGENCE AND SECURITY CENTER, OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE Mr. Dunbar. Thank you, Chairman Burr, Vice Chairman Warner, and members of the committee. Thank you for the opportunity to appear before you today to discuss security clearances challenges and reforms. The Director of National Intelligence is designated as the security executive agent. In this role, the DNI is responsible for the development, implementation, and oversight of effective, efficient, and uniform policies and procedures governing the conduct of investigations, adjudications, and, if applicable, polygraph, for eligibility for access to classified information. The National Counterintelligence and Security Center has been designated as the lead support element to fulfill the DNI's SecEA responsibilities. We're responsible for the oversight of policies governing the conduct of investigations and adjudications for approximately four million national security cleared personnel. The security clearance process includes determining if an individual is suitable to receive a security clearance, conducting a background investigation, reviewing investigative results, determining if the individual is eligible for access to classified information or to hold a sensitive position, facilitating reciprocity, and periodically reviewing continued eligibility. We work closely with the agencies responsible for actually conducting the investigations and adjudications and managing other security programs associated with clearances. This ensures that our policies and practices are informed by those working to protect our personnel and sensitive information. We have collectively enjoyed some noteworthy progress in security reform, including the development and implementation of multiple security executive agent directives, examples of which I've outlined in my written statement for the record. However, as recently noted by DNI Coats in his annual threat assessment, today's security clearance process is in urgent need of substantive reform across the entire enterprise. We must quickly and with laser focus identify and undertake concrete and transformative action to reform the enterprise, while at the same time continuing to ensure a trusted workforce. Underpinning this reform effort must be a robust background investigation process, which enables Federal employees and contractor workforce partners to deliver on agency mission while also protecting our Nation's secrets. When the background investigation process fails or is delayed, mission delivery suffers, the national security is put at risk, and our ability to attract and retain the workforce of the 21st century is inhibited. Despite the hard work of dedicated, patriotic professionals who are working these issues daily, we have reached a time of critical mass which demands transformative change. Significant challenges for the background investigation program continue to adversely affect government operations. The current investigative backlog is approximately 500,000 cases and the average time for investigating and adjudicating clearance is three times longer than the Intelligence Reform and Terrorism Prevention Act standards. For the first quarter of 2018, our metrics indicate the fastest 90 percent of TOP SECRET background investigations government-wide took an average in excess of 300 days. This is four times longer than the IRTPA standards and goals. In addition, background investigation-related costs have risen by over 40 percent since FY 2014. The SecEA, the suitability executive agent, or SuitEA, all security organizations, and all impacted industry partners agree that this is unacceptable. I would like to take the opportunity to provide the committee with more detail regarding our upcoming Trusted Workforce 2.0 initiative. This initiative is designed to address the transformational overhaul I referenced earlier. It is an enterprise effort sponsored by the security executive agent and the suitability executive agent, in concert with our partner organizations, which will bring together key senior leadership, change agents, industry experts, and innovative thinkers to chart a bold path forward for the security, suitability, and credentialing enterprise. The participants, including all Performance Accountability Council principal organizations, are committed to critically reviewing and analyzing with a clean slate and forward-leaning approach how to accomplish the transformational overhaul which is required. As mentioned in my statement for the record, our Trusted Workforce 2.0 initiative kicks off next Monday and Tuesday, 12 and 13 March, at the Intelligence Community Campus, Bethesda. We look forward to conceptualizing, implementing, and ultimately accomplishing the revolutionary change required across the clearance enterprise. In addition, we look forward to updating the committee on our progress. The SecEA and SuitEA have committed to transformational overhaul in at least three areas: first, revamping the fundamental approach and policy framework. The current standards are built on decades of layered incremental changes and have not fundamentally changed since the 1950s. We accept the ambitious goal that by the end of 2018 we will identify and establish a new set of policy standards that transforms the U.S. Government's approach to vetting its workforce. Our objective must be to ensure a trusted workforce across government and industry who will appropriately protect vital national security information with which they are entrusted. Second, overhauling the enterprise business process. The current process is slow, arduous, overly reliant on manual field work, and does not leverage advancements in modern technology and the availability of data. Finally, we must modernize information technology. Existing information technology constrains our ability to transform fast enough. We must leverage today's technology to connect vital national security processing required and ensure we are well positioned to adopt tomorrow's advancing technology. After more than a decade of incremental policy change, there is still an unacceptable operational burden on government agencies making security and suitability determinations. We owe those dedicated professionals a high-performing process that meets the needs of our workforce and ultimately the American citizen. We are committed to full transparency in these efforts. Thank you for the opportunity to appear before the committee and I will be happy to respond to any questions. [The prepared statement of Mr. Dunbar follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Mr. Dunbar. STATEMENT OF CHARLES S. PHALEN, JR., DIRECTOR, NATIONAL BACKGROUND INVESTIGATIONS BUREAU, U.S. OFFICE OF PERSONNEL MANAGEMENT Mr. Phalen. Chairman Burr, Vice Chairman Warner, members-- -- Chairman Burr. Let me thank you, thank you in his absence. [Laughter.] Mr. Phalen. I'll bring my clipboard later. Members of the committee: My name is Charles S. Phalen, Jr. I am the Director of the National Background Investigations Bureau in the Office of Personnel Management, and I do appreciate the opportunity to appear before you today. NBIB currently conducts 95 percent of the investigations across the Federal Government. The results of this mostly singular supply chain are used by over 100 agencies to make their independent adjudicative decisions. Even those few agencies that have their own delegated or statutory authority to conduct investigations, such as agencies in the intelligence community, rely on our services in some capacity. I'd like to start by addressing our existing investigative inventory and put some context around the numbers, which have been the subject of much media attention. In 2017 we completed 2.5 million investigations across all our investigative types. As of today, our inventory is approximately 710,000 investigative products. These include simple record checks, suitability, credentialing investigations, and national security investigations. It's important to note that the top-end number I just mentioned is much greater than the number of individuals waiting for their first, their initial, security clearance to begin working with or on behalf of the Federal Government. Of that total inventory, about 164,000 are either simple record checks that move in or out of inventory daily or are investigations supporting credentialing or suitability determinations. The remaining inventory is for national security determinations or clearances. Approximately 337,000 of those are for initial investigations and about 209,000 are for periodic reinvestigations. Since we've stood up 17 months ago as NBIB, we have worked to increase our capacity and realize efficiencies. The stabilization of the top-end inventory over the past six months has been attained primarily because we have invested in the necessary infrastructure. We are approaching this challenge on three fronts: First, to recover from the 2014 loss of the USIS contract for investigative capacity, we have rebuilt both contractor and Federal workforce capacity. As of today, there are over 7,200 Federal and contract investigators working on behalf of NBIB. That's good. That's not enough. Second, our investigative capacity can be significantly enhanced through smarter use of our workforce's time. Through the implementation of our business process reengineering strategy, we have clearly defined the critical process improvements and technology shortfalls corrections needed to support those requirements, and our decisions have been enhanced through better data analytics. We have improved our field work logistics by centralizing and prioritizing cases, first with agencies, beginning about 18 months ago, and more currently we are beginning to start hubs with industry. We have increased efficiencies of conducting and reporting on our enhanced subject interviews and implemented more efficient collection methodologies by leveraging the powers of technology to discover and gather information, and to free the investigators' focus on those aspects of investigations where human interaction is still critical. Third, we are fully supportive of the upcoming executive agents trusted workforce initiatives. Our processes today are driven by the existing policies, some dating back seven decades, and we know from our experience that there is much to be gained through this strategic policy review effort, and we are fully behind it. Underpinning all of this is the planned transition to a new information technology system being developed by the Department of Defense. The National Background Investigation Services, NBIS, will ultimately serve as NBIB's IT system to support background investigations and will offer shared services to the end-to-end process for all government agencies and departments. NBIB, with the support of its inter-agency partners, has made and will continue to make improvements to the background investigations and vetting processes. As an example, for the past year we have offered our customer agencies a continuous evaluation product that meets today's guidance issued by the Director of National Intelligence for continuous evaluation. As we work to reduce this inventory, we will continue to explore innovative ways to meet our customer agencies' needs, leveraging their expertise as part of our decision making process, and remain transparent and accountable to all of our customers and to Congress. We recognize that solutions to reduce inventory and maintain the strength of the background investigation program includes people, resources, and technology, as well as partnerships with our stakeholder agencies and changes to the overall clearance investigative and adjudicative processes. Finally, as the Federal Government works to implement the transition of the Department of Defense-sponsored background investigations from NBIB to DOD, we will examine our workforce needs, our capacity, our budget, and work with our partners to minimize disruptions. We have a shared interest in reducing the inventory, taking steps to effectuate the smooth transition of operations, and we have a shared understanding of the importance of this entire process and its ultimate impact on national security. Thank you for the opportunity to be here today. I look forward to the next year and I look forward to answering any questions that you may have. [The prepared statement of Mr. Phalen follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Mr. Phalen. Mr. Reid. STATEMENT OF GARRY P. REID, DIRECTOR FOR DEFENSE INTELLIGENCE (INTELLIGENCE AND SECURITY), DEPARTMENT OF DEFENSE Mr. Reid. Thank you, Mr. Chairman, Mr. Vice Chairman, distinguished members of the committee: On behalf of Secretary of Defense Mattis, thank you very much for the opportunity to meet today to discuss a very important topic at hand. I have submitted my statement for the record and, sir, with your permission, I would just like to take a few minutes to amplify a couple points. First of all, the Department of Defense fully recognizes and appreciates the necessity for security clearance reform, and we're fully committed to doing our part to develop and implement new and innovative methods for establishing and sustaining a trusted workforce, in a manner which upholds the highest standards of protection for national security information, safeguarding our people, and always ensuring the highest degree of readiness to defend our Nation. With the support of Congress, multiple committees, and our close inter-agency partners represented here today from the Office of the DNI, the Office of Personnel Management, and the Office of Management and Budget, we have for the past some 18 months been developing plans to transition responsibility for background investigations for our portion of the workforce from Mr. Phalen's organization to the Defense Security Service led by Mr. Payne. The Chair and Vice Chair may recall, we met and briefed on this about 11 months ago internally, and we've been moving out steadily. Last August, Secretary Mattis approved our plan, which was referred to as the Section 951 plan and was tasked to us in the 2017 Authorization Act, to submit a plan for this transition. This past December, upon approval of the National Defense Authorization Act for 2018, this included direction to the Defense Department to implement the transition plan we submitted under previous tasking and to do so by October of 2020. We are well under way to meet this objective, in fact can project today that the initial phase of the plan--and there's some dependencies I'll talk about, but we are preparing ourselves to begin implementing this plan later this year, in the October time frame, concurrent with the next fiscal year, and there are some conditions I'll talk about. Our team, this inter-agency team represented here today, we are all working very hard every day to put the resources and the procedures in place to make this happen, and Mr. Payne will talk about some of that in detail. But more than just a straight transfer of the current mission and the current method to our department, and in line with the intent of the security executive agent, as just talked about with the 2.0 initiative, DOD is actively developing these alternative procedures for conducting background investigations, advantaging ourselves with all available technology and other things. Our fundamental concept is to build on the existing continuous evaluation program, which the security executive agent has already established, to build around that and supplement that with additional tools, such as risk rating tools, which analyze individual risks, analyze risk by position, and inform us of where to look and where to focus these processes. We have a process for automated records checks--some of this is in use today at NBIB--to build around that, to take the shell of continuous evaluation, enhance that with other tools that give us a full comprehensive picture on a contemporaneous basis of the risks that we are dealing with in individual risk, in human risk, associated with responsibilities, levels of responsibility, risk profiles, and a host of other data that are connected to other programs we have, such as insider threat, such as user monitoring, such as base access, facility access. We are in a position to aggregate that data to give us a much more comprehensive understanding of the risk than we currently have. That is the backbone of the automated process we're referring to. We have worked this with our colleagues here. We have shared it and briefed this to many of the industry leaders that you had in the previous panel and the organizations they represent. And there is full agreement of everyone I've briefed that this methodology is viable and sufficient and goes far beyond where we are today in updating our understanding of risk in the workforce to a more future- looking state. We will soon--I said there's a condition about when we'll start. We will soon be submitting to the DNI our proposal requesting approval to begin phasing in the use of this process for selected segments of our workforce, and we will do this in a very graduated manner so we can assess and evaluate the results, everyone involved can understand what's taking place and appreciate where we are and accept the results. At the same time, we have to build up a capacity to do this on scale. So this is a ramp. The plan we submitted is a ramped plan. It's a three-part plan, over three years. As I said, we are prepared, subject to the concurrence of the security executive agent, to formally commence this in October of this year. This will be a long-term process and it will be done in a graduated manner. We will build up our capacity and we will bring everyone along with this, industry, government, Congressional oversight, all of our reporting requirements, all of our accountability requirements. We have every ability and full intent and no latitude not to uphold and not to represent what we're doing. There's nothing below the waterline that folks won't understand. We're very cognizant of this reciprocity issue and how people need to appreciate what's happening so they have trust and confidence in the system, and we're prepared to do that. We're equally mindful, as we do this, that we must continue to rely on the National Background Investigations Bureau to process the some 500,000 DOD cases that are in their inventory. Those cases have gone into that system. We are enabling NBIB to do that now. We are the sponsor for the IT system. We will continue to do that and build those tools out, all of which will transfer, but they will continue to be available to all of government, and all investigative services providers in the Federal Government will have access to these tools and procedures that we are developing. In the later stages of our plan, later into next year, we will begin working with NBIB to understand and implement the resource transfers. The financial resources we put into NBIB are on a pay-as-you-go, on a revolving fund. But the human capital, the Federal and contractor workforce that supports NBIB now, as they ramp down to a smaller population--we are 75 percent of their business load roughly. So as we shift that, we're working with them right now and we have a commitment to provide a plan through the PAC principles of what our ramp-up plan is and what their ramp-down plan is, and obviously those need to be in harmony. We will continue to rely on them to work down the inventory and we will support and enable them to do so. I would just add here, they've done a tremendous job of dealing with a very difficult set of challenges with the inventory that Mr. Phalen inherited when he took that job, and we're very much appreciative of what they're doing. I can't underestimate the complexity of this endeavor. This is--as I said, it's about a $1.1 billion enterprise. We have a volume of 700,000 cases a year that they process for us. There are some 8 to 10,000 people that do this. And all of this will be in motion as we phase and implement this plan, keeping them whole and viable with a re-scoped mission and establishing our ability to do our mission, which would then be benefited by the fact that we have control of our own initiation process, the submissions piece, the investigations piece, and the adjudications, and then, very important going forward, the follow-up, the continuous vetting, continuous evaluation, foundations that I already discussed. We're working on this every day. We have great teamwork. We appreciate the support of Congress in this endeavor. Sir, thank you again and I look forward to your questions. [The prepared statement of Mr. Reid follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Mr. Reid. Mr. Payne. STATEMENT OF DANIEL E. PAYNE, DIRECTOR, DEFENSE SECURITY SERVICE, DEPARTMENT OF DEFENSE Mr. Payne. Mr. Chairman, Mr. Vice Chairman, members of the committee: Thank you very much for this opportunity to speak with you on this topic. You have my written statement. I'm not going to go into that. I'll try to keep my comments as brief as possible because I know you have a lot of questions. I will say that I am the individual who's going to be responsible for executing the mission in DOD for background investigations and begin to build that mission. As a result of that, Charlie and I have to work, Mr. Phalen and I, have to work very closely with each other and our teams have to work very closely with each other so that we do this in a manner that doesn't hinder NBIB's ability to work down the backlog while at the same time increasing our capacity to pick up these investigations. That being said, and in view of the previous panel that was here and the comments that came from the previous panel, I am responsible for industry security currently. While we do not do the background investigations ourselves--that's Mr. Phalen's organization that does that--we initiate the background investigations. I am the individual who grants interim security clearances and takes them away. I am also responsible for the execution of DOD's continuous evaluation program, which from my perspective has been greatly successful and is the way of the future. We have to go down this route if we are going to make the necessary changes to make this process better. In addition to that, the insider threat programs for DOD. I own the Defense Insider Threat Management and Analysis Center, which is where all of the insider threat concerns in DOD come to. We work with the individual agencies within DOD to resolve those particular issues. All of those things combined, as Mr. Reid outlined a few minutes ago, all of those things combined are things that we did not have back in 2004, 2005 when DOD had the initial mission for background investigations. We have them now. That's the way of the future. That is the way that we have to go. If we are going to make any progress in making this program faster and making this program more secure, we've got to look at a different methodology of doing this. It has to--we have to utilize continuous evaluation and automated processes, many of which Mr. Reid outlined in his statement. But in addition to that, we have to look at the standards. We have to change standards. If we are going to do this successfully, we have to change standards. That's going to result in some big decisions on our part, and those big decisions pertain to how much risk we are willing to accept. As Mr. Berteau in the previous panel stated, we're never going to be able to reduce the risk to zero unless we stop hiring. Obviously, we can't do that. There's always going to be risk involved in the investigative process. There's always going to be risk involved in the security clearance process. What we have to determine is how much risk we find acceptable. Thank you very much. [The prepared statement of Mr. Payne follows:] [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Chairman Burr. Thank you, Mr. Payne. Thank you to all of our witnesses. Again, we'll recognize members based upon seniority for up to five minutes. I recognize myself first. I'm going to tell you a story. The story starts about ten years ago. A 22-year-old graduates college, never even plans to work for government, gets offered a job, a civilian at DOD. Couldn't be more excited. Parents more excited than he was. Job, paycheck, things that you hope they're going to find. Then a process of 11 months of security clearance. It gets back to some things that were said in the first panel. I don't think that I'm an exception. That happened to be my son. Here's a kid that is incredibly excited to work for government, work where he did, ready to go. And after 11 months, he wonders whether he made the right decision. He didn't lose his skills, like some will do today if it's technological. But the question is, how much of that initial passion for working for government do you lose from the standpoint of retention down the road? Understand, I get it first-hand why we've got to accomplish what you've set out to do. It is unacceptable to this next generation, just the fact that things go so slowly. I say that with full knowledge, and I'm still talking about the Federal Government, and there are some things even Congress can't change. But the reality is that we can do much better. Mr. Reid, I thank you for your brief almost a year ago. The fact is the time line's about exactly where you told us it was going to be. We're excited to see the roll-out. Mr. Payne, a lot of pressure on your shoulders. I get that. But we can't go forward unless we do this. I know the commitment of Dan Coats and I don't think that that's going to change as long as he's there. I think now we're matching it with a desire by members of Congress to make sure we not only identify those things that need to be changed, but we accomplish the solution. So I think that we've got good partners. Mr. Reid, Mr. Payne, this is to you. Are there additional authorities that you need to accomplish this roll-out and eventually fully move the system to what you have designed? Mr. Reid. Senator, from an authorities standpoint, Section 925 of the current NDAA gives us--reinforces the Secretary's authority in the first instance to conduct background investigations, which was a plus. It also provides direction, not so much authority, for us to consolidate other elements within the Department, which also is very helpful. Chairman Burr. Let me ask it a different way. Mr. Reid. Yes, sir. Chairman Burr. Is there anything in Federal statute today-- -- Mr. Reid. No, sir. Chairman Burr [continuing]. That hinders your ability to change your review process the way you think it needs to be done? Mr. Reid. Not that I'm aware, not in statute. Now, we are wholly dependent on Director Coats and his leadership to approve, as I outlined, our alternative process. The Secretary cannot, Secretary Mattis, cannot do that unilaterally. We are beholden to the security executive agent and the suitability executive agent for the standards they set and the process they control. We don't have a problem with that process. We're eagerly looking forward to participating in the Trusted Workforce 2.0, because it comports to the plan that we've already set out to conduct. So I do not believe there's anything in Federal law that is an impediment to what we want to do, sir. Chairman Burr. Mr. Dunbar, I'd also ask you to go back and make sure from an ODNI standpoint that there's not some statute out there that is going to pop its ugly head up and say: Well, you know, this does make a lot of sense, what we're doing over here, but you can't do that until we change this statute. If we've got things to change, let us know now so that we can implement this on the timeline that's designed. Mr. Dunbar. Yes, Senator, absolutely. Chairman Burr. I should have said this at the first panel and I'll say it now. I'm not adverse to additional investigators. I'm not adverse to increasing funding. I am adverse in doing either of those things before we change the system. So until you change, it's hard to truly evaluate what the need is going to be, what the cost is going to be. I am hopeful--and I think, Mr. Reid, this is your intent-- that this takes the timeline for security approval and drives it down. Can you give us what your goal is from a standpoint of a timeline? If today--if 9 years ago it took 11 months, I can't imagine what it is today for that similar TS-SCI individual. What's your goal now? Mr. Reid. Yes, sir. The established goals for each level of clearance are attainable under our plan, but, better than that, under our plan--currently, for a SECRET reinvestigation, the guideline goal is 145 days. It's taking about twice that long. Under our plan, our vision is that that periodic reinvestigation as it's currently conducted does not exist, that a contemporaneous continuous vetting process would be implemented in place of that. Now, there will still be deliberate face-to-face sort of re-upping of employees. It's not autopilot. But the monitoring and the reporting, which we are already doing in our program now, will be the backbone. So the answer to that question is the goal is to eliminate the requirement currently existing for periodic reinvestigations at all levels. We have some work to do to get beyond the first level. Chairman Burr. What can I tell that next 22-year-old who wants to be a civilian DOD employee and is getting ready to go through the background check, 22 years old, out of school, never lived anywhere but school and home? How long is it going to take to process him for a clearance? Mr. Reid. Again, under the current process that ranges from 200 to 400 days. Under the future process, it's perfectly attainable to get down to, in the current guidelines, which are for TOP SECRET 150 days, but we feel it can go much lower with the automation and the tools that I described, sir. Chairman Burr. Vice Chair. Vice Chairman Warner. Thank you, Mr. Chairman. I think we've heard a lot of commonality from the first panel to the second panel in terms of goals. It's not a new problem. But I look at just the last, performance over the last couple years. We've had doubling of the backlog. From Mr. Phalen, while you say it's stabilized, I don't hear--and I'm going to come to you in a couple minutes--when are we going to actually get it down? We've had a doubling of the costs. We have everybody using the term ``continuous evaluation,'' yet we seem to not have commonality on that or how we're going to get there. We have the notion of increased technology. But again, I don't see a timeline presented. We see in certain areas, for example, the financial sector, where there are enormous security concerns, they have been able to implement tools like continuous evaluation using increased technology. I get the frustration on the DOD side that say, we've got to split this up. But we're talking about an effort to go with, if we accept some of the industry's interest in terms of one application, one investigation, one adjudication, and one clearance, it seems like we're going the opposite direction. So I'd like to hear either from Mr. Reid or Mr. Payne how we make sure, if we go through this process, we're not going to simply create more duplication, less portability, less reciprocity, than what we have right now, which again I'm the first to acknowledge is not working. Mr. Reid. Yes, sir. The application, the standards, are federally directed. There is one, there is one standard. What we are embarking on and preparing to implement is an alternative methodology to reach those standards. Now, in parallel, these guys talked about everyone getting together and looking at the standards. If they change, they'll change for everybody. We're not creating a new standard. We're not creating a new application. We are automating behind the application the process that we go through to collect the data that's relevant to form the basis of a background investigation, that becomes the basis of an adjudicative decision or determination. We are not changing the standard, sir. Vice Chairman Warner. Recognizing that you are the vast majority, how are you going to make sure the goal of reciprocity and portability takes place as you build this new system? Mr. Reid. In the very first instance, sir, that will be by adhering to the guidelines set by the executive agents in everything we implement. We do not have unilateral authority to change that process without the executive agents' concurrence. So we will align our process to their standard. Vice Chairman Warner. Respectfully, I know you're trying to head us in the right direction, but it sounds like a lot of process words rather than specific guidelines, timetables, and how we're going to get there. Let me just--and while I share the Chairman's concern about simply throwing money at it, but my understanding is there's an awful lot of agencies, they kind of build this into their G&A and they don't continue to prioritize funding, so that the funding that is even supposed to be there isn't getting there. So I don't think we ought to throw more dollars, but I do think we need to make sure that agencies make this a priority within their funding scheme. I hope DOD, which has gotten a very generous bump-up in the last budget--if you're going to take this on, it would be very disappointing, at least to this Senator, if we came back and said, ``Well, we didn't have the dough to do it.'' I'm going to go to Mr. Phalen. Mr. Phalen, stabilizing at 700,000 is not acceptable. It's just not acceptable. I'd like to know when we're going to start seeing those numbers driven down on the backlog. Also, Senator Heinrich raised issues on the earlier hearing about new techniques that some of the government labs were using in terms of, for example, hubbing interviews. Why is it taking so long to try to implement what seems to make common sense in terms of hubbing interviews. I've got an area like Norfolk, Virginia, where we've got huge numbers of people trying to--waiting for clearances. What can you talk--what can you say specifically about using these tools that seem to be working in DOE kind of across the breadth in other areas where there's concentration of Federal employees, like Norfolk in my area or Northern Virginia in my area? Start with how we're going to drive that 700,000 backlog down, not stabilize it, drive it down. Mr. Phalen. Starting one step even further behind that, when I first joined this organization 17 months ago, the capacity to conduct the work that we were required to do was insufficient to conduct that work, period. That's why, as you saw in the first few months after we stood up, that that inventory continued to rise as opposed to begin to stabilize. When we reach the point where we have the same capacity that we had in 2014 when this all fell apart, that's a way station along the way to reach that point of stabilization. It's not the endgame. In one sense, I'm proud we hit that stabilization, but I'm not proud that we have not brought that inventory down. Our goal is to bring it down. Last week I noted to a committee on the other side, the House side, that we are looking at potentially as much as 15 to 20 percent reduction by this time--not by this time--by the end of the calendar year. That's still not sufficient, but it will be--by itself, it will begin to drive that number down. It will probably take us a couple of years to get down to a level that is much more effective. Along the way, we are trying a number of things. We've talked about technology. We need to be able to get at information, collect information more reliably, more quickly, through technology, as opposed to shoe leather, as was mentioned in the previous session. The problem is getting to some of those sources right now, particularly law enforcement sources, is not as easy as one would hope, and we still have to put a lot of people on the street to find police records in relevant areas. But we're continuing to work on that closely with the police agencies at the State and local, Federal, tribal level, to continue to do that. You talked about hubbing. We started that with the Department of Energy as a surge rather than hubbing, about 17, 18 months ago in Los Alamos. It looked very promising. We have since that point, we have done a number of things that are both hubbing and surging. One is more concentrated than the other. Most recently, we finished one in Wright-Paterson Air Force Base in the Dayton area. We recognized an increased efficiency of somewhere in the low 40 percent positive note. In other words, what would normally be an hour's worth of work they were finishing in 36 minutes. That's a rough estimate. They were far more productive in that hubbing area. You mentioned the area around Tidewater. We are actually beginning a session in Tidewater on April 1st. We have pulled together all of our--all the Federal agencies that are down there, all the DOD agencies that are down there and pull together all of our assets, both staff and contract investigators, and we're going to focus on that area. But that is one of probably about eight or nine that I could mention just in the last year where we have actually done this and found very positive results. Certainly Dayton, San Antonio, out in Nevada, Tinker Air Force Base, Oklahoma City. I mentioned Tidewater. And one that I think is going to be very promising to us on two fronts. One is, we've been working with industry directly to find areas, not by company, but by geography and by program, to find those areas in the country where we can again focus our resources--places like Southern California, places again like Tidewater, like the Space Coast in Florida, where we can bring that together and work with industry to bring--to focus our energies down there. A second part of that is, to follow on to a comment that was made I believe by one of the early panelists, it's clear to me from both our current work and my last experiences in life that industry collects an awful lot of data before they put somebody in for a clearance, before they even decide to hire somebody. We need to find a way to leverage the work that they have already done, accept it, and build it into part of the process, and not having to go back and ask those same questions. That will by itself reduce a lot of time in collection and effort. That's sort of a high-level view. I hope that it gets to some of those points you mentioned, sir. Vice Chairman Warner. I'm curious you didn't mention National Capital Region as one of these areas that would be a recipient of a hubbing area, since it's the greatest concentration of the need for clearances. Mr. Phalen. Interestingly enough, l asked that question yesterday and spoke to the folks in charge of the activities in this area. We are in the Washington, D.C., area, for work that has to be done in the Washington area, we are actually pretty close to being up to speed in the Washington, D.C., area. It is other parts of the country where somebody's background may take them to other parts of the country where it is not as up to speed as it could be. Vice Chairman Warner. I'll be happy to send a lot of my friends in the contractor community to you on that fact. They don't believe that fact. Mr. Phalen. Understood. Chairman Burr. Senator Lankford. Senator Lankford. Thank you, Mr. Chairman. Mr. Reid, has DOD done its own background investigations and work before and then handed that back over to the whole of government? Mr. Reid. Yes, sir. Prior to 2005, we had responsibility for our background investigations at what's now the Defense Security Service. Senator Lankford. So what's the lesson learned there? So why is this time going to be better, because last time it was turned over and then now it's coming back? Give me the key lessons learned? Mr. Reid. Mr. Payne touched on one of those, sir. That is, having the comprehensive process in place to deal with the volume and the scale of investigative items. The continuous evaluation tools that we have now are different, the risk- grading and automated record checks; additional tools that we are developing to streamline the submission process within the Department. If you look at the current process and you look at past practice, there's a high percentage of drag in the system between submission and investigation, just to get the submission clean and get all the data. We have tools in place already to improve upon that. I talked about the streamlined background investigations and then the centrality and the positioning of our consolidated adjudications facility, which did not exist at that time either. So we have in place, or we will have in place when we move investigations back, all three pieces of this enterprise-- submissions, investigations, and adjudications--all under a single organization, with the authority and the resources and the mission focus. I would just say currently, sir, Deputy Secretary Shanahan, the number one reform agenda for him is this clearance reform. Secretary Mattis firmly, firmly, actively involved in pushing us to better solutions and to make this functionality not a back office thing that someone does in the Department, not an administrative thing, but the security focus that exists in the leadership team now--I can't say what it was in 2005--it could not be any higher today, and we have the pieces aligned to put this into action. Senator Lankford. So give me two goals that are the nickels and noses type goals here? Will this drive down costs? And will this speed up the process? Mr. Reid. Yes and yes. Senator Lankford. Give me a ballpark of what that means? Mr. Reid. In terms of speeding the process, again, current timelines, we're experiencing 150 or so days for a SECRET-level reinvestigation. We will eliminate that requirement completely. So there's a time improvement there. Current background investigation field activities, field work, our studies and our pilots and everything we put into place now, using aggregated data tools that I've talked about can get us 90 percent of everything we're getting now from the field investigation on the front end; and then the tools can focus on the last 10 percent. We will still have to go out and do some field work, but 90 percent of the field work can be handled through automated processes. So that will drive down the capacity needed to do those field investigations, and therefore drive down the cost per unit that we currently provide to OPM. Senator Lankford. You had said first-time approval is still at 150 days. That's still your assumption, first time, new person, new hire? Mr. Reid. That's the reinvestigation. But currently it's about the same for the initial SECRET, at the SECRET level. Senator Lankford. And you assume it's going to still stay, that 150 days? Mr. Reid. Pardon me, sir? Senator Lankford. You assume that it will still stay 150 days? Currently it's 150 days. You assume when you transition it over it will still be 150 days for a first-time hire, brand- new investigation? Mr. Reid. No, sir, no. That's the current standard. I don't know today how fast we'll be able to do a SECRET. My anticipation is it can be done in a matter of days. There's processes in place now to gain access to certain programs and facilities even here in the D.C. area, that run a series of automated checks that are very thorough, and it takes 20 minutes. I don't know that we're going to be at 20 minutes. And you always are going to have things you have to go check. Senator Lankford. Back to the Chairman's question when he talked about the 22-year-old, when he asked you specifically on that how long it's going to take, that's when you gave him the answer of 150 days. So I'm trying to be able to---- Mr. Reid. That's the current standard, sir. I apologize. Senator Lankford. All right. So you're thinking it's not going to be 150 days; it could be a couple of weeks? Mr. Reid. Absolutely. At the SECRET level, absolutely. No reason why that can't be. Senator Lankford. Mr. Payne, do you concur on that? Mr. Payne. I do. I think some of the things that we have in place right now, again as Mr. Reid outlined, using continuous evaluation--maybe I want to finesse that a little bit: continuous evaluation as opposed to continuous vetting. So continuous evaluation, the program set up by the DNI, is designed to look at the risks in between periods of reinvestigation. When we talk about--and they have seven data sources that they're requiring every agency to utilize when they do continuous evaluation. When I talk about continuous vetting, I'm looking at expanding that into other data sources, data sources within DOD, other data sources within the U.S. Government, other data sources within the public sector, that we can pull all those things together, many of which are required already for the SECRET-level reinvestigations, and do those on a continuous basis. If we're doing those things on a continuous basis, there is no need to do a reinvestigation on someone at the SECRET level unless you come up with derogatory information. So that's where the significant savings is going to be. Senator Lankford. Thank you. Thank you, Mr. Chairman. Chairman Burr. Senator King. Senator King. Thank you, Mr. Chairman. I've been surprised in this hearing that we haven't had to talk much about money. Mr. Phalen, do you have adequate--and Mr. Reid; are there adequate resources in terms of money and people? Is it just management and automation? Or are there shortfalls in terms of the number of people necessary to do these, to work down this backlog? Mr. Phalen. Under the current process, in our current operation, we operate in a working capital fund, a revolving fund. Agencies that wish to have an investigation done give us the money to have the investigation done. So from our standpoint, it is: Here's the money; do an investigation. So we're not short of funding to do these investigations on our end. I think a better question would be: Are the agencies that need to have an investigation conducted funded appropriately to identify the money to send to us to do the investigation? Senator King. Are there sufficient personnel? Are there people? Our economy is pretty tight. Are there people? Is there a shortage of qualified people to do this work? Mr. Phalen. The high-end folks to do the investigative work as a population are stressed at this point to hit beyond where we are, although we have encouraged our suppliers and ourselves to continue hiring. So today there are nearly adequate, but we still have much more work to do. And if we don't change today's processes, some of the things you've heard already, then we will still need to continue hiring beyond all that, and that puts even greater stress on the total number of people we have to do it. Senator King. So that's an additional imperative to seek technological productivity? Mr. Phalen. Yes. It's to make the current people more productive and to reduce the need for having people in there, yes. Senator King. I think this could go to any of you. I'll address it to Mr. Reid. Is the portability that we've talked about part of this sort of revamped plan, Mr. Phalen, Mr. Reid, to consider that factor so that we don't have to redo these tests? Let me ask a specific question. We heard about DHS, where you might have to have a whole new investigation to go from one job to another in the same agency. Does that--please tell me that doesn't happen in the Department of Defense. Mr. Reid. No, sir, it does not. But we have single adjudication facility all under one roof. In DHS, the aggregation of independent agencies that were brought together in DHS, they're still operating it differently. But we have for years, had a single adjudication facility within the Department, and external to the Department because---- Senator King. So the clearances are portable within the Department of Defense? Mr. Reid. Absolutely, sir. Senator King. Is the portability issue in other agencies part of this reinvention that's going on? Mr. Reid. The interesting part is that it is mostly today a singular investigation. Any agency can use the investigation we do to conduct an adjudication. But it is up to that agency to do the adjudication. In the example you heard earlier within DHS, with the same set of facts they may decide to ask for more information, ask for a re-adjudication. Senator King. So portability isn't a part of the overall structure of the new system. It's an agency by agency decision whether they will accept, whether they will do reciprocity? Mr. Reid. I'd say it's less about structure and more about both empowering them and encouraging them to accept the decisions made by others in previous lives. So a decision made by one agency, for the second agency to accept that that first agency probably did a pretty good job and was honest about how they approached it to accept the results of that first investigation, and not--maybe another question, but not ask a lot more about it, not reinvestigate it, not--I'm sorry--not re-initiate an investigation. Senator King. Thank you. Mr. Reid, why is it that it's taking so long, has taken and apparently will take so long, to transition from the OPM to Department of Defense? You are talking about 2020, I think, and it started last year. Mr. Reid. The Defense Authorization Act requires us to implement the plan by October 2020. We intend to implement the plan in October of 2018. We're projecting a three-year, three- phase plan, starting at the SECRET---- Senator King. You're going to bring it in on time and under budget? Mr. Reid. Well, it says start by 2020. So we will start now. It didn't tell us how long to finish, but we submitted a three-year plan. So logically the expectation is we take three years. When we moved it out of DOD last time, it took more than five years. And it's more complicated. But the short answer to your question: We want to do it in a phased, deliberate, and graduated way. We have to keep our partner agency whole. They support a lot of other agencies in the government and they rely on us to do that. It will help them work down their inventory. Once we start processing new cases separately, that will drive down the new work that goes to Mr. Phalen of tens of thousands of cases a week that we are providing them now. We will turn off that spigot, help with the backlog, as we build up our own capacity and capability. Senator King. I'm out of time, but, Mr. Payne, very quickly: You used a phrase that struck me. You said: We have to change the standards. What did you mean when you said that? You mean lower the standards? Mr. Payne. I don't necessarily mean lower the standards, but we have to--the Federal investigative standards dictate what steps have to be taken to achieve a SECRET level security clearance or a TOP SECRET level security clearance. Again, as has been outlined, we---- Senator King. It's the steps that might have to be---- Mr. Payne. That's correct. Senator King [continuing]. Compressed, not necessarily---- Mr. Payne. Not the adjudicative standards necessarily, the investigative standards. Senator King. That's what I needed to know. Thank you very much. Thank you, Mr. Chairman. Chairman Burr. Senator Wyden. Senator Wyden. Thank you very much, Mr. Chairman. A question for you, Mr. Phalen. I've made a special focus of my work during this Russian inquiry the follow-the-money kinds of questions. I want to ask you a couple of questions relating to that. For you, I think, Mr. Phalen, the question is: Should someone who fails to disclose financial entanglements with a foreign adversary be eligible for a security clearance? That is a yes or no question. Mr. Phalen. I'm not sure I have a yes or no answer for you, sir. I believe it would play a prominent role in a decision as to whether that individual should be granted a clearance, and it is not an inconsequential question to ask. Senator Wyden. But how is it not an up or down, yes or no? We're talking about significant financial entanglements with a foreign adversary. Shouldn't somebody who fails to disclose it--I mean, it's one thing if it's disclosed and you have a debate and, like you say, it's balancing. But failure to disclose seems to me a different matter altogether. So I gather you don't think necessarily that somebody who fails to disclose a significant financial entanglement with a foreign adversary should be denied a security clearance? Mr. Phalen. That is not what I meant to say. Senator Wyden. Well, go ahead. Tell me what you mean to say? Mr. Phalen. Under the adjudicative standards--and I would defer also to Mr. Dunbar to reply to this as well. Under the adjudicative standards, there is nothing that says `Ìf you do this, you can't have a clearance.'' It says to the adjudicator to take into account all that you know about this individual, make a decision regarding their candor, regarding their entanglements, regarding their families, regarding crime, regarding all sorts of things, and make a decision. I would say that the scenario you outline would play a prominent thought to be considered during the adjudication. But there's nothing in today's standards that says any of those things by themselves are disqualifying. It would be a very important piece to consider. Senator Wyden. Do you believe it ought to be disqualifying? Mr. Phalen. I would have a hard time overcoming that. Senator Wyden. Great. Thank you. Okay. Mr. Dunbar, question for you. Jared Kushner's interim access to TOP SECRET-SCI information has raised a variety of questions. Under what circumstances should individuals with an interim clearance get that type of access? That's for you, Mr. Dunbar. Mr. Dunbar. Senator, as we've heard earlier today with the industry panel, interim clearances have been used throughout the government for some time, many years. There are two specific governing documents for interim clearances and the guidance that's out there now allows interim clearances at the SECRET level as well as the TOP SECRET level. There are situations called out in the guidelines which speak to urgency of circumstances, those types of ideas about how when someone might be granted an interim security clearance. I believe an example that would be applicable here is an incoming Administration, which has the need to on-board personnel and get them in positions as soon as possible in order that they can perform the duties of their function. In regard to Mr. Kushner's specific case, the DNI sets policy, standards, and requirements. As Mr. Phalen has stated, each individual adjudication--and this is contained in the Security Executive Agent No. 4--is treated based on the whole person concept, in which every particular piece of information, positive and negative, past, present, all of those things, are factored into the adjudication. As Mr. Phalen has stated, in my opinion the issues which you've raised, Senator, would be issues which would need to be thoroughly vetted in the course of the investigation. I have no reason to doubt that the Federal Bureau of Investigation would not investigate each and every issue very fulsomely. Senator Wyden. Let me ask one other question. During our open hearing, in fact I think it was Worldwide Threats, the Vice Chairman, to his credit, mentioned security clearance as being central to the question of protecting sources and methods. I asked FBI Director Wray, with respect to Rob Porter, how that decision was made. I mean, when did the FBI notify the White House? It was clear when you listen to Director Wray's answer, it did not resemble what John Kelly had actually been saying to the American people. So I'm still very concerned about who makes decisions at the White House. With regard to White House personnel, in your view, Mr. Dunbar, who would make the decision to grant an interim clearance holder access to TOP SECRET-SCI information? Mr. Dunbar. Senator, that decision would be made, in my understanding, by the White House Office of Personnel Security, based on an investigation conducted by the FBI. Senator Wyden. My time is up. I would only say, I'm not so sure as of now who actually makes that decision, because we've heard Mr. Kelly speak on it. I understand the point that was made by all of you who are testifying. I think it still remains to be seen who would make that decision to grant an interim clearance. I'm over my time. Thank you for the courtesy, Mr. Chairman. Chairman Burr. Before I turn to Senator Harris: Mr. Phalen, since you do most of these right now, is it unusual or is it acceptable that if an individual who's filed for a security clearance finds out they left something off their application-- are they offered the opportunity to update that for consideration? Mr. Phalen. Yes. Chairman Burr. So if somebody left it off, they could add it on and that would be considered in the whole of the evaluation? Mr. Phalen. Yes, it would be, at any time during the investigation. What we frequently find is two scenarios. Number one is: I just forgot when I was filling out the SF-86 to put that on there as an individual issue. And there are times when we will go in and conduct the investigation, have the face-to- face conversation. Chairman Burr. So that's actually happened more than the one instance that Senator Wyden referred to? Mr. Phalen. We find it happens with some regularity. Chairman Burr. Thank you. Senator Harris. Senator Harris. Thank you. Mr. Phalen, it's important I think for the public to understand why these background checks are so important to determining one's suitability to have access to classified information. Can you please explain to the American public why these background checks are so important to national security? Mr. Phalen. Yes. In taking a background check, in addition to both the investigative piece and then ultimately a decision by a government agency to grant that person access to information or have some level of public trust, we owe it to--I think we as a government owe it to the American people and to the American taxpayer to ensure that people who are working in the national security arena and in areas where there is a public trust, that we have done everything we can within reason, to determine that that person can--that trust can be placed into that person. I know in an earlier part of the conversation, earlier hearing, there was a conversation about should we reduce the number of people that have clearances? I think there's not so much a counter-argument to that, but when we have people across this particular environment and in the earlier panel where they have access daily to national security information, secrets that give this country an edge in war, in peace, and other sorts of things, and at the same time we have our industrial partners that we work with that are building all those tools that help us fight those wars or keep that peace. This is a very simple thing I've said in other venues: Do you want to have less trust in the guy who is turning bolts on an F-35 assembly line or more trust? My argument is we probably want more trust rather than less. Senator Harris. And in addition to the trust point, isn't it also the case that the Code of Federal Regulations lays out 13 criteria for determining suitability, not only to determine who we can trust, but also to expose what might be weaknesses in a person's background that make them susceptible to compromise and manipulation by foreign governments and adversaries. Mr. Dunbar. That is correct. This is a process that is both looking at history to ask if you have--do you already have a record of betraying that trust and, perhaps more importantly, both for initial investigations and for the continuous vetting or continuous evaluation portion, to say, ``What is changing in their lives and how do we predict whether they are going to go horribly bad before they get that far?'' Senator Harris. So there are 13 criteria, as I've mentioned. One is financial considerations. I'm going to assume that we have these 13 factors because we have imagined scenarios wherein each of them and certainly any combination of them could render someone susceptible to the kind of manipulation that we have discussed. So can you tell us what we imagine might be the exposure and the weakness of an applicant when we are concerned about their financial interests, and in particular those related to foreign financial considerations? Mr. Dunbar. In a nutshell, it would be an individual who has entangled themselves, whether it's foreign or not, in financial obligations that have put them in over their head. And oftentimes this causes people to make bad decisions, bad life decisions. In some of these cases, we've found from the history of espionage it causes them to decide, ``Well, I've got something valuable here; let me sell it to somebody.'' Senator Harris. How much information is an applicant required to give related to foreign financial considerations? Mr. Dunbar. They're required to identify foreign financial investigations, foreign financial obligations, foreign property. Senator Harris. Foreign loans? Mr. Dunbar. That would be a financial obligation, yes. Senator Harris. Of course. Mr. Dunbar. Yes. Senator Harris. When we talk about foreign influence and it is listed as a concern, what exactly does that mean in terms of foreign influence? What are we looking at? Mr. Dunbar. It would be, how am I or am I influenced by either a relationship I have with someone who is foreign, a relationship I have with an entity that is foreign? That could be a company. It could be a prior or co-existing citizenship I have with a foreign country. It could be a family member who is someone from a foreign country. And how much influence any of those things would have over my judgment as to whether I'm going to protect or not protect secrets and trust. Senator Harris. Given your extensive experience and knowledge in this area, can you tell us what are the things that individuals are most commonly blackmailed for? Mr. Dunbar. It is not--I'd have to go back and do some more research. The instances of blackmail by people committing espionage is not as substantial as the incidence of people who have simply made a bad decision based on financial or other entanglements. They just make a poor decision and decide that, my personal life is worth more than my country. Senator Harris. Then I have one final question, and this is for Mr. Payne. According to press reports last fall, you said, quote: `Ìf we don't do interim clearances, nothing gets done.'' You continued to say: `Ì've got murderers who have access to classified information. I have rapists, I have pedophiles, I have people involved in child porn. I have all these things at the interim clearance level, and I'm pulling their clearances on a weekly basis.'' This obviously causes and would cause anyone great concern, the problem of course being that the inference there is that interim clearances don't disclose very serious elements of someone's background. So can you please tell us--and we also know, according to press reports, that there are more than 100 staffers in the Executive Office of the President who are operating on interim clearances--what we are going to do about this? Mr. Payne. I will say that the length of time that someone stays in an interim capacity has to be limited as much as possible. Just to give you an example from DOD's standpoint, in my area of jurisdiction right now is industry, cleared industry. Last year we issued 80,000 interim clearances to industry. Currently there is about 58,000 people on interim clearances. If you look at the timeline that they have been involved or they have had their interim clearances, it ranges anywhere from six months to two years. But if you look at just the last year in terms of interim clearances, and I'll give you a couple of statistics here, 486 people from industry had their clearances denied last year, their main security clearance, their full security clearance. They were denied. Of those, 165 of those individuals had been granted interim clearances. Now, during the process of the investigation information was developed during the investigation that resulted in us pulling the interim clearances of 151 of those individuals, and the remainder were individuals who did things after they received their interim clearances. So the risk--you could see the risk that is involved with interim clearances and the need to reduce the amount of time that we have somebody in an interim capacity as much as possible. Senator Harris. I agree. Thank you. Chairman Burr. Vice Chair. Vice Chairman Warner. One, I appreciate the panel, and I appreciate your answers, and the first panel as well. This is a high, high priority issue, I think, for all of us; and it is remarkably non-partisan. We've got to get this improved. I will leave you with one--because it's been a long morning already, I will leave you all with one question for the record, because it was raised in the first panel, but we didn't get a chance to raise it today. I'd like to get a fulsome answer from each of you. I would argue that, particularly in an era of more and more open-source documents, we have to take a fresh look at the need to have over four million-plus people actually have to go through a clearance process of any type, and particularly the tremendous growth of TOP SECRET clearances versus simply SECRET. So I'd like to hear back in writing from all of you, what can we do and what would be your policy recommendations so that we could not have so many people actually have to funnel through on the demand side on a going-forward basis, where more and more information is going to be out? Thank you, Mr. Chairman. Thank you again for holding this in an open setting. Chairman Burr. I thank the Vice Chairman. I thank all of the members. This is one of those issues that the membership of this committee has been extremely engaged on. I want to thank those first, the first panel members who chose to stay and listen to the government witnesses. I'm always shocked at the number of people that have the opportunity to testify and stay and choose not to do that. So I really respect the ones that do take the time to do that. I thank all four of you for not only providing us your testimony today, but for the jobs you do. Mr. Payne, you've got a big job. Mr. Reid, you've led this charge. Mr. Phalen, you walked in. Not many people would take the job, and you have performed as well as one can do, and that's faced with losing 80 percent of your business down the road, knowing that. Mr. Dunbar, I'm not sure you knew that you'd signed up for this when Director Coats asked you to come in. But this is-- it's important. As we've chatted up here as other members have gotten an opportunity to question you, we're really confident that this might be a model that we're beginning to see that we can replicate and that the energy between you and Mr. Phalen, that exchange is going to happen, and that there's a real opportunity then for Director Coats to coalesce the rest of government towards this model. The one thing--one word that didn't come up in the second panel, might have come up once or twice, that came up frequently in the first one, was ``reciprocity,'' because there's nothing that either one of you are doing on both ends where it solves the problem of reciprocity within an agency or from agency to agency. I can tell you, we've got a security officer that got her security clearance at the State Department, but when she came to be security officer for us, the State Department said, ``We don't have accreditation with the CIA,'' so she had to physically go pick up her paperwork and take it to the agency to be recognized. You'd think in 2018 something like that wouldn't exist. It's bad enough that it does, but I think when we look at why are we doing this, it's really not to solve that problem; it's to make sure that the next generation of workers that are going to come through the pipeline actually want to do it and can do it, and they do it in a time frame that they're accustomed to. It always mystifies me that somebody is willing to share their entire life story, because they do. Right, Mr. Phalen? Everything's out there to be exposed, because they believe in what they're doing. I want to make sure the next generation has just as much passion about doing this. We wouldn't be quite as involved as a committee if it wasn't for the passion of the Vice Chairman. He has been relentless on this. I think it's safe to say that the committee--and I say this to you, Mr. Dunbar: I will take up with Director Coats--I will offer to Director Coats the committee being involved in the issue of reciprocity and how we bring agencies together to work through some of those things. It's not that the Director doesn't have the authority to do it. I think he's in full agreement with us. But sometimes having a Congressional piece involved in those provides the Director an additional stick that he might not have without us. So I'll make that offer to Dan, that we will be involved to that degree. Mr. Reid, I hope that your history with us, which is at least annual updates, if not faster, that you will continue those, and that this committee will have a real inside look into the success of the model you're setting up. Much of what we're able to accomplish from this point forward is because of the investment that you've made, not only today, but prior to this, and we're grateful for that. With this, this hearing is adjourned. [Whereupon, at 12:25 p.m., the hearing was adjourned.] Supplemental Material [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

Committee Leadership

Tom Cotton

Mark Warner

All Committee Members

Recent Legislation Activity

Hearings & Meetings

Reports & Publications

Committee Resources