The Office of Management and Budget and Office of Personnel Management are standing up a new agency to assume responsibility of the federal security clearance process.
The National Background Investigations Bureau (NBIB) will have a specific, presidentially appointed director and member of the Performance Accountability Council, who will report to OPM. The new agency will absorb the Federal Investigative Services (FIS), the organization that currently conducts about 95 percent of federal background checks.
“This entity will have a considerable amount of operational autonomy and will be elevated in profile, compared to the current existing structure,” Michael Daniel, special assistant to the President and cybersecurity coordinator of the National Cybersecurity Council, said during a Jan. 22 call with reporters.
The Defense Department will design, build, secure and operate NBIB’s IT and cybersecurity systems. DoD was the original owner of the federal security clearance process before OPM took on the responsibility in 2005.
Federal Chief Information Officer Tony Scott said OPM has already gotten a head start on some aspects of the new program, using funds from the fiscal 2016 budget Congress recently appropriated.
President Barack Obama will ask for $95 million in his fiscal 2017 budget proposal to build these new IT and cyber systems.
The new budget is expected to release within the next few weeks.
DoD said it is the right agency partner to build these systems, given its cyber defense expertise and past experience integrating commercial and government threat detection tools.
“The reworking of the clearance process gives us an opportunity to redesign the underlying information infrastructure in a way that takes advantage of our experience, technology and cyber defense capabilities,” said Marcel Lettre, undersecretary of defense for intelligence.
OMB and OPM are advertising the NBIB as a “government-wide service provider for security clearances.”
The new agency will be located in Washington, D.C.
Neither Daniel, nor Scott, would give a detailed timeline as to when the new agency will officially assume ownership of the clearance process. Rather, Scott said OPM and OMB will stand up the new agency and IT systems in an incremental way.
First, OPM will set up an inter-agency NBIB transition team to develop a plan and timeline to stand up the new agency.
“I don’t want to get into a specific timeline at this point, because that’s part of what the transition team is going to lay out, but rather than waiting for one big bang, we’re going to be institutionalizing these as they become available and as the policy changes are needed,” Daniel said. “Certainly, some of them will begin to occur in 2016.”
It is unclear whether the President will nominate a director to the new agency in this administration or the next.
Second, DoD will develop security measures and work with OPM to design the IT system requirements.
Specifically, the department’s Office of the Chief Information Officer will develop the program, and the Defense Information Systems Agency will operate the new IT system, according to Lettre.
The news comes from the results of a 90-day review of the federal security clearance process from the Suitability and Security Performance Accountability Council. The White House mandated the review in July, following multiple cyber breaches at the Office of Personnel Management.
Hints of the long-anticipated results of the Council’s review have been coming for some time now. A former counterintelligence official said in December the administration was poised to stand up a new agency to take ownership of the clearance process.
OPM has long struggled with the security clearance process. The agency’s inspector general cited a general lack of oversight of the contractors it used to conduct initial background investigations in June 2014. Congress has also been skeptical of OPM’s ability to secure federal employees and contractors’ personal information.
This is the second time the White House has tried to improve the security clearance process. After the attack on the Navy Yard by Aaron Alexis, an inter-agency review made recommendations and the White House accepted 13 of them.
Contractors have been especially critical of the lengthy clearance process, and the backlog of unprocessed applications has risen within the past few years.
The new agency and IT system will solve some of the root causes of the backlog according to OPM Acting Director Beth Cobert.
“The team and the inter-agency team are fully focused on this effort today,” she said. “We are working to put in place new contract vehicles when the current ones expire at the end of this year. We have an inter-agency meeting as recently as last week to look at the backlog, to look at what we can do collectively to address that.”
OPM is hiring 400 new background check investigators, which Cobert said will be strategically placed in locations with the highest demand. The first hiring phase began in September, and the training and onboarding process will continue throughout the year.
Daniel said the change represents the direction agencies will head in the future, as it learns more about cyber threat landscape and how the security clearance process might evolve over time.
“We needed to balance the need for real change with keeping an enterprise-wide mindset, leveraging the good work that OPM has already done, the experience it has already gained in this area, and also being mindful of not disrupting the existing processes, which have to keep going even as we make these changes,” Daniel said. “Simply moving the organization would not necessarily make for real significant change. What’s more important is the structural and governance changes, combined with the inter-agency support that we’ll be getting for the cybersecurity of this system.”
But not everyone sees it that way.
“Simply creating a new government entity doesn’t solve the problem,” Chairman of the House Oversight & Government Reform Committee Jason Chaffetz (R-Utah) said in a statement. “The administration needs to undertake meaningful reforms to protect citizens’ most sensitive personal information. Protecting this information should be a core competency of OPM, the government’s human resources agency. Today’s announcement seems aimed only at solving a perception problem rather than tackling the reforms needed to fix a broken security clearance process.”