DHS’s personnel vetting, clearance process still plagued by problems

Since 2023, ten individuals working for U.S. intelligence and other federal agencies who held either a Top Secret or Top Secret/Sensitive Compartmented Information security clearance were arrested or convicted of espionage. It’s unclear whether “continuous vetting” (CV) flagged these individuals for scrutiny, or whether it didn’t.

Continuous vetting is supposed to be the federal government’s process whereby there are regular reviews of a cleared individuals’ background to ensure that they continue to meet stringent security clearance requirements and should continue to hold positions of trust.

Automated record checks pull data from criminal, terrorism, and financial databases, as well as public records, at any time during an individual’s period of eligibility. When the U.S. Defense Counterintelligence and Security Agency (DCSA) receives an alert, it assesses whether the alert is valid and worthy of further investigation. DCSA investigators and adjudicators then gather facts and make clearance determinations. The CV process is supposed to help DCSA mitigate personnel security situations before they become larger problems, either by working with the cleared individual to mitigate potential issues, or, in some cases, the outright suspension or revocation of a person’s clearance.

DCSA is the U.S. government’s largest investigative service provider, providing vetting services for a total of 95 percent of the federal government. Last year, DCSA’s Personnel Vetting mission conducted 2.7 million investigations, 10,700 investigations per day, 668,000 adjudicative decisions, and the continuous vetting of over 3.8 million people in what’s known as the “trusted workforce” – those persons holding national security clearances.

But as Biometric Update has reported, the federal government’s vetting and security clearance process is problematic for a variety of reasons as the bugs plaguing the new government-wide system called Trusted Workforce 2.0 that’s being put in place to streamline the process continue to be stomped out.

Trusted Workforce 2.0 was launched in 2018 as a significant reform of the U.S. government’s personnel vetting system. It’s a whole-of-government approach to reform the personnel security process and establish a single vetting system. Continuous vetting, part of Trusted Workforce 2.0, aims to identify risks earlier.

Making matters worse, some argue, is the Fiscal Year 2024 National Defense Authorization Act’s repeal of the “requirement for Inspectors General to assess the effectiveness and fairness of their respective agency’s enhanced personnel security programs.”

Counterintelligence officials told Biometric Update that given the problems that exist in rolling out Trusted Workforce 2.0 – including security issues that could allow breaches into the IT systems as Biometric Update has reported – disallowing the Inspector Generals from probing the effectiveness of security vetting and clearance processes government-wide could let unforeseen – even systemic new problems – from being recognized and corrected.

The latest victim of the problem-plagued Trusted Workforce 2.0 roll out is the U.S. Department of Homeland Security (DHS), where its move to streamline its personnel vetting and security clearance processes as part of the new government-wide initiative, is being hampered by funding challenges and having to rely on the legacy IT systems that are still being used by DSCA because of the repeated delays in its standing up the new National Background Investigation Service’s (NBIS) IT systems that will manage federal security clearances.

The DHS Inspector General (IG) found that the department had made progress in implementing an “enhanced” personnel vetting program for approximately 260,000 employees and tens of thousands of contractors as part of its implementation of reforms pursuant to the governmentwide Trusted Workforce 2.0 initiative, but that there are problems.

The IG said that although DHS has taken actions to implement Trusted Workforce 2.0, its Office of the Chief Security Officer (OCSO) – which leads DHS’s implementation of the initiative – told him that its having to rely “on other federal agencies for IT systems [is] a challenge to full implementation.” These other systems have experienced considerable problems, as Biometric Update reported.

The IG said OCSO officials pointed out that DHS currently must rely on DCSA for its National Background Investigation Services’ mandatory shared services to meet its continuous vetting requirements, and that additional functionalities also are not yet fully available. The IG said “the officials emphasized that additional functionalities planned for these systems are fundamental to their ability to fully implement Trusted Workforce 2.0,” and “noted that DHS cannot fully transition to the system as a replacement for DHS’ legacy Integrated Security Management System because National Background Investigation Services does not have equivalent baseline and key functionalities that DHS currently depends on.”

DHS’s IG further pointed out that OCSO “relies on [the] Office of the Director of National Intelligence’s (ODNI) Continuous Evaluation System to conduct continuous vetting of its employees in the national security eligible population. The Continuous Evaluation System conducts automated record checks of security-relevant information over this population, and, according to ODNI, is ‘the cornerstone of security clearance transformation efforts within the Trusted Workforce 2.0 framework and the move toward government-wide continuous vetting.’”

However, OCSO officials told the IG, for DHS to fully implement Trusted Workforce 2.0 they must enroll employees outside of the national security eligible population into continuous vetting, including those in the “non-sensitive public trust” and “low risk” populations.”

And the problem with that is, OCSO officials told the IG, is “current services are only offered to the national security eligible population,” and that “according to the Security, Suitability, and Credentialing Performance Accountability Council, the DCSA was scheduled to offer the capability to enroll non-sensitive public trust positions into continuous vetting in October 2023, but this capability has been delayed.”

OCSO officials also cited funding as another challenge to full implementation of Trusted Workforce 2.0. For example, they stated that funding will be needed to replace DHS’s legacy Integrated Security Management System, which will reach the end of its product life cycle in Fiscal Year 2025.

The IG said “OCSO officials stated they are working with the department to secure funding for the modernization of the Integrated Security Management System, which is critical to DHS achieving full implementation of Trusted Workforce 2.0.”

The IG concluded by saying that during its evaluation of DHS’s progress in implanting Trusted Workforce 2.0, it “learned that federal agencies, including DHS, have until 2026 to complete” its roll out. The IG also noted that it was because of this, and because the December 2023 National Defense Authorization Act for FY 2024 repealed the requirement for Inspectors General to assess the effectiveness and fairness of their respective agency’s enhanced personnel security programs” that it conducted its evaluation of DHS’ progress toward implementing an enhanced personnel vetting program.

The IG also emphasized that its evaluation was only “a snapshot of progress DHS made as of June 2024,” and that it did not perform procedures to verify all actions that DHS officials said had been completed beyond those the IG highlighted in its report.

“And now it may be up to Congress, maybe even whistleblowers, to find out if there are serious security issues” with the new vetting and clearance granting IT systems that the U.S. government has bet on, remarked one senior counterintelligence official.

Article Topics

background checks  |  biometrics  |  DHS  |  identity management  |  national security  |  Office of the Director of National Intelligence (ODNI)  |  U.S. Government