By Zach Noble:
The Office of Personnel Management’s Federal Investigative Services, which currently handles some 95 percent of federal background investigations, will be absorbed by a new joint venture: the National Background Investigations Bureau. The Obama administration’s fiscal year 2017 budget request will include $95 million in dedicated IT development funding for the new agency.
The NBIB will report to OPM’s director, but the Defense Department will shoulder the entirety of the burden of the new bureau’s IT operations, from design all the way through security and operations.
The DOD CIO’s office will handle design, while the Defense Information Systems Agency will handle execution, officials said.
“We needed to balance the need for real change with keeping an enterprise wide mindset, leveraging the good work that OPM has already done,” said Michael Daniel, special assistant to the president and National Security Council cybersecurity coordinator. “Simply moving this organization would not necessarily make for real significant change.”
One of the leading Capitol Hill critics of OPM, however, was not impressed.
“Simply creating a new government entity doesn’t solve the problem,” said Rep. Jason Chaffez (R-Utah), the chairman of the House Oversight and Government Reform Committee. “Today’s announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process.”
But the move was welcomed by Rep. Ted Lieu (D-Calif.), who sits on the Oversight committee, and who has previously called for security clearance processing to be taken away from OPM. “I am encouraged by today’s announcement that the administration will be implementing much-needed changes to the way our government protects what has been described as the ‘crown jewels’ of intelligence: the background investigations of Americans with security clearances,” Lieu said.
And while the specific structure is a new development, changes have been in the works for some time.
Feds have been looking at ways to automate and improve security clearance investigations since at least 2011, and in the wake of last year’s massive OPM breach, the Obama administration pushed a 90-day review of the process.
In the near term, the interagency Performance Accountability Council charged with fulfilling the Obama administration’s goal of reforming the security clearance process and automating insider threat detection will set up a transition team to help FIS become NBIB.
The target date for the switchover was left unstated. Federal CIO Tony Scott said they’re aiming for a “seamless transition over time.”
“I don’t want to get into a specific timeline at this point,” added Daniel.
For the coming year, the slow roll will be funded by OPM. More funding will likely come through DOD next year. Scott didn’t elaborate on resources other than the planned $95 million budget request.
Scott emphasized adaptability and centralized responsibilities as key elements of NBIB plans.
On the contractor side of the equation, meanwhile, the situation is a bit vague.
The Office of Management and Budget, a lead player in the Performance Accountability Council, did not say whether a new line of business dedicated to automated investigations had been set up, or would be soon.
“We are working to put in place new contract vehicles when the current ones expire at the end of this year,” OPM Acting Director Beth Cobert said.
Cobert also pointed to the ongoing hiring of 400 new FIS investigators, who will help reduce the security clearance backlog and who will be rolled into the new NBIB.
In a Jan. 22 email to OPM staff, Cobert said the new agency “means that the individuals who work every day to perform the critical mission of conducting background investigations will be empowered with additional tools and increased support to do their vital work.”
“There will be changes,” Cobert wrote. “But the day-to-day work of background investigations, and the people who perform them, will continue within OPM.”
On the security side, details were similarly scarce, but DOD officials promised to deploy best practices to protect systems and personal information.
Richard Hale, DOD’s deputy CIO for cybersecurity, said part of the design approach may include storing information offline, and added that DOD would use encryption “everywhere that’s appropriate.”
Officials also noted that going forward, security clearance requirements would be stricter — part of the effort to combat insider threats. Regardless of access level, security clearance holders will be re-investigated every five years, and continuous evaluation programs are in the works to help keep tabs on clearance holders’ fitness.