Pentagon To Classify More Acquisition Info, Keep Closer Eye On Fed Employees

PENTAGON: Using a slate of new authorities, the Pentagon is looking to classify whole new categories of information surrounding acquisition and procurement, defense officials say. 

“We’re in an environment where competitors — other countries — are looking for not just classified information but to find [any] sensitive information they can find in industry,” a defense official, who requested anonymity to speak, told reporters at the Pentagon on Tuesday. “So our goal here is to help industry protect those things that we worry about.”

The move comes as the DoD takes over as the clearinghouse for security clearances across the federal government, which includes a wide-ranging effort to lock down networks and information shared with the defense industry in an effort to protect data from the prying eyes of Chinese and Russian hackers.

Most weapons and acquisition programs “start its life as an unclassified email,” the official added, “and so the question is, at what point along that development chain do we need to start looking at how we protect that?”

The idea boils down to going back and sucking up all the information DoD believes adversaries could use to their advantage, in effect creating a whole new batch of classified information in an attempt to mask the trail for how government programs are developed. 

The new effort comes as part of a massive reorganization ordered by Congress in 2017 that shifts oversight to DoD over 12,500 cleared companies and their employees.

Overall, around 8,000 people from the Defense Security Service, National Background Investigations Bureau and the Consolidated Adjudications Facility were absorbed into the Defense Counterintelligence and Security Agency.

“We have a fairly well-positioned and growing counterintelligence activity across the organizations,” the official said, adding that the shift to DoD has created “what is arguably the single largest security-focused agency in the federal government.”

Cyber hygiene and better network security has emerged  as a particular focus, particularly in the Navy, which has suffered a string of hacking incidents in which classified information has been exposed. China, Iran and Russia are “relentlessly hacking into our systems,” Navy Undersecretary Thomas Modly said recently. “They’re trying to come at us in every possible way that they can.” Last year, reports emerged of Chinese hackers burrowing into networks at US defense contractors, and making away with classified data on new weapons systems like a supersonic anti-ship missile and sensitive plans for submarines.

Pentagon officials and outside cyber experts have long worried about what they agree is the weakest link in the chain: suppliers working on weapons programs who don’t have the money or expertise to fully secure their own systems, providing adversaries with an open back door into more sensitive networks.

While locking down information is a major new push, the new authorities handed over to the DoD include the massive and unwieldy task of streamlining and centralizing the security clearance process.

The backlog of employees awaiting vetting currently sits at 302,000 cases, with a goal of reaching 200,000 by the end of 2019, the defense official said.

In April 2018, the government hit a high point of 725,000 delayed clearances, principal deputy undersecretary of defense for intelligence Kari Bingen said last month. Federal employees and defense contractors have been waiting over 200 days for a Secret clearance and around 500 days for a Top Secret clearance, according to the National Background Investigations Bureau.

The Defense Department and Office of Personnel Management (OPM) have  also begun using cloud computing, machine learning and artificial intelligence and combining it with the new approach kind of persistent monitoring — called Trusted Workforce 2.0 — to keep tabs on those who already have a clearance. In the past, interviews had to be conducted again and searches done of bank records etc. With the new approach, all the electronic sources (from Facebook and Instagram to your bank accounts) are regularly scoped and analyzed for possible alleged bad behavior.