Murphy's Law: The Top Secret Curse

Archives

May 31, 2011: The U.S. government doesn't know how many people have security clearances. Last December, Congress asked for this number, and was told the answer would be available in two months. Six months later, Congress is still waiting. There were unforeseen problems in getting an accurate count. This is but one of many security clearance problems caused by the war on terror. Taking a look at some of the other problems makes one realize that an accurate count of the security clearances out there is the least of the problems in this area.

It all began after September 11, 2001, when there was suddenly a need for a lot more security clearances, mainly because a lot of new technical specialists were needed to hunt down Islamic terrorist, and protect the United States against additional attacks.

But the problems were often more complex. For example, efforts to recruit needed computer security specialists quickly encountered two problems. First, there is a shortage of qualified people, and civilian firms could easily outbid the government. But even when you got people to hire, there was a second problem. The newly hired geeks needed a security clearance to work on most government computer problems. It takes time (months) to get a clearance, and many people failed the screening (they have a bad credit score, an old felony conviction, or creepy friends, etc.). One U.S. government study of how security clearances were granted, found that a quarter of those who got Top Secret clearances, had problems uncovered in their background checks. The most common problems were with criminal prosecutions, or even convictions, and contact with foreign organizations with terrorist or criminal ties. Then there are those with family members connected with criminal activities. Some government officials wanted those tainted clearances cancelled, but others pointed out that this was not really practical.

There has also been a growing need for more translators and, intelligence analysts (with knowledge of, or experience with, Middle Eastern and South Asian cultures), and computer experts in general. Many of the most expert translators, analysts and computer experts are immigrants. That alone provides plenty of potential heartburn for those approving clearances. Worse yet, many of the best computer security experts started out as hackers. Some got busted, which often triggered the move to the other side of the fence. The security clearance approvers were often under lots of pressure, frequently from people high in the government food chain, to bend the rules in the name of national security. One rule that does not get bent is the requirement that only U.S. citizens can get a clearance. That eliminates a large number of computer experts, many educated in the United States and working here.

There are other problems as well. Five years ago, after a reorganization of American intelligence agencies, and the creation of the post of Director of National Intelligence, it was quickly realized that all this effort had failed to eliminate a lot of friction between the various agencies. One of the more painful problems was with reciprocal recognition of security clearances between agencies. That is, if someone has a Top Secret clearance in the CIA, and moves over to work at the Department of Defense, that Top Secret clearance should be, well, a Top Secret clearance at the Department of Defense. But often, it isn't. For over a decade, the various intelligence agencies have been getting slower and slower in recognizing the validity of the clearance of the person coming in. It can take up to six months for such transfers to be approved. In the meantime, the transferred person cannot go near classified information. This wastes a lot of money, and delays essential projects.

There are several reasons for this need to double check security credentials, but the major one was the number of Soviet spies uncovered after the Soviet Union disintegrated in 1991. Some agencies were found to be more susceptible to Soviet penetration (basically because of sloppiness), and all of a sudden, a security clearance didn't mean the same thing everywhere. That's because, while all initial clearances are approved using basically the same background investigation techniques, as time goes on, the agency you work for is responsible for ensuring that you remain eligible for whatever clearance you have. The post-Cold War spy scandal (which uncovered people working for other countries as well, like China and Israel), made all agencies more aware of the need to keep an eye on their people, but particularly on new people who have been around for a while, but at some other agency.

All this is typical bureaucratic cover-your-ass behavior. Better to sit on something, than to take a chance, no matter how slight, of being embarrassed. While the media will never jump all over this sort of thing (too geeky and unexciting), people in the intel business (who are getting burned by the bureaucratic delays) got through to Congress, and heat was applied. That solved some of the problems, because advancement in the intel business is more a matter of avoiding failure, than in achieving success. Victories remain secret, but failures often become headlines.

There are a lot of security clearances out there, and the most quoted number is 2.5 million. Most holders of these clearances are civilian employees or contractor personnel. It costs over $10,000, and at least three months to get someone a "Secret" level clearance. That is actually an improvement, because two years ago, it took over six months. It takes more time, and more money, to get a Top Secret clearance, needed for most critical computer security jobs.

So while members of Congress are worried about counting clearances, people inside the agencies that use most of them are still trying to get new ones on a timely basis, or being certain that older ones are still valid.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close