LOCKHEED MARTIN, ORLANDO FLORIDA
On 13 May 1997 at 0900, a meeting, of the Security Policy Advisory Board was held at Lockheed Martin located on Underhill Road in Orlando, Florida. General Larry Welch, USAF (Ret.) presided with Board members Ms. Nina Stewart and Admiral Thomas Brooks, USN (Ret.) also present. Also in attendance were:
AGENDA ITEMS
1. Mr. Thompson opened the meeting and introduced General Welch who welcomed the participants. General Welch then provided a brief history of the Security Policy Board, to include its scope, purpose and creation at the suggestion of the Joint Security Commission. He then surrendered the floor to Mr. Thompson.
FINANCIAL DISCLOSURE
2. Mr. Thompson began his discussion of the Financial Disclosure issue with a review of the birth of the issue in the wake of the Aldrich Ames case and its evolution through the policy making mechanism. The creation of a financial disclosure form was mandated by EO 12968 and that objective was ultimately accomplished in a conference held at Glynco Ga. in October 1996. In November 1996 that form was presented to the Security Policy Forum which suggested the working group explore an alternative of an expanded financial element of a background investigation. To that end, the Financial Disclosure Working Group met on several additional occasions to craft a model for such an investigation. Their product included several additional questions to be asked of a source and/or a subject such as "Have there been any unusual demands placed on your/his/her income such as medical bills or tuition payments?" and "Have you noticed any significant changes in Subject's spending habits or lifestyle?" and "Other than his/her residence, does Subject own any other large assets here or overseas?"
3. The working group also recommended that three questions pertaining to gross family income, total assets and total liabilities be added to the SF 86. In this manner it is hoped the requirement for a financial disclosure form can be fulfilled and a basic notion of a subject's financial posture can be attained. The working group felt that a reasonable understanding of an individual's financial status was essential to the performance of an intelligent investigation and the use of the SF 86 was the least invasive method of making that determination. In order to minimize the invasiveness associated with such inquiries, the SF 86 requests ranges of values rather than specific amounts.
4. The working group also recommended that financial databases be explored for possible use as an investigative tool vice a screening device. Many existing databases, while expansive and useful, lack universal identifiers and, when routine queries are made, often produce a multitude of individuals with the same name. Mr. Thompson offered the example of a query having been made of a common name and producing 777 hits. In addition, many states do not participate in certain commercial database efforts leaving rather large gaps in coverage. These gaps are tolerable to the investigator but not so in a screening environment.
5. It was also recommended that additional training be provided to both adjudicators and investigators so that their gathering and handling of financial data will be both appropriate and relevant. The Financial Fraud Institute in Glynco Ga. has been contacted for its assistance in that matter. This recommendation now needs to be forwarded through the policy making mechanism.
6. In response to a question from the board, an estimate of 18 months to implement this policy was provided. The length of time is due, in part, to OMB review requirements pertinent to the Paperwork Reduction Act.
ADVISORY BOARD COMMENT
7. The board felt that an eighteen month implementation period is too lengthy and a wait of that duration will encourage a proliferation of individual financial disclosure forms. This will be both costly and wasteful. They also indicated that the form currently in use by the CIA is indefensibly intrusive. Consequently, the board encouraged that every effort be made to accomplish a speedy implementation of this working group recommendation--if indeed it is adopted.
INTRANET FOR SECURITY PROFESSIONALS
8. Mr. Matt Donlan, Defense Advanced Research Projects Agency, was then introduced and began a discussion of the Intranet for Security Professionals. He described the ISP as a device for real time electronic communication to be used via the internet. Calendars, threat dissemination, on line clearance information, training and education are but a few of the potential applications of this concept. Mr. Donlon envisions policy discussions, dissemination of threat information and availability of full text and audio seminars via the ISP. These applications would save untold amounts of money and man hours. It is noteworthy that in a recent discussion with officials involved with the Information Assurance Document, a comment was made that a million and a half dollars might have been saved had the ISP been available. The most mature tool, however, is the policy formulation instrument which is currently operational and utilized in the Chapter Eight endeavor. Issues currently confronting implementation are the linking to data owners and completion of a Concept of Operations.
9. The Board then made several queries. Mr. Donlon indicated that computers with multi-media capabilities and late edition browser are required. On line queries for clearance information can be a feature of the ISP and he is currently working with DIS and OPM to make this a reality. Because security constraints will be a function of the data owner's needs, NSA will need to certify the system's encryption capability.
ADVISORY BOARD COMMENT
10. The Board strongly endorsed this system with particular emphasis on the on line clearance/investigative data verification feature-- a Joint Security Commission recommendation that the Board considers long overdue. They stand ready to offer their support in the implementation phase.
PERSONNEL SECURITY RESEARCH
11 . Mr. John Crandell, Office of Personnel Management and Chair of the Personnel Security Committee was then introduced. Mr. Crandell began a discussion the research endeavor currently ongoing under the auspices of the Personnel Security Research Sub-Committee (RSC). He indicated some personnel security research has been completed in the past but several problems have existed. Individual agencies define issues differently and, consequently, past research has not always been germane to the entire government. What is needed is a well coordinated community wide research effort which should yield credible, relevant products. To that end, the Sub-Committee is composed of psychologists, personnel security specialists, research professionals and statisticians from various agencies throughout government. Their final products will be unclassified and available to everyone.
12. The RSC will oversee all research. It is envisioned that certain efforts will be completed by the government (definitions of terms) while others will be contracted out for study (background investigations). This will, of course, necessitate some funding and cost estimates will be developed. The RSC will provide periodic reports to the policy community as the process moves forward. As the endeavor proceeds it is envisioned that certain immediate gains will be attained while long term objectives will be realized at the conclusion of effort.
13. As results are tabulated they will be analyzed in relationship to existing practices and policies will be adjusted accordingly. Given the input of the entire community in the research process, the results are more likely to retain credibility and wide-spread acceptance.
14. High priority topics for future research include, but are not limited to: behaviors predictive of future trust and reliability, consistency of government adjudications, components of the background investigation, alternatives to interviews, Employee Assistance Programs and their relevance to personnel security, reinvestigation intervals and definitions of basic personnel security terms.
15. In addition to research matters, the RSC will refer to upper management certain issues for their input such as a definition of an acceptable degree of failure and the granting of a clearance as a right or a privilege--to name a few.
16. A participant volunteered that the initial process appears to be functioning appropriately but the reinvestigation effort is perhaps faulty. He noted that most spies have developed after their initial vetting. Mr. Crandell concurred with that assessment and speculated that future research will take cognizance of that fact and may well produce significant change in the process.
ADVISORY BOARD COMMENT
The Board enthusiastically endorses this effort but were concerned that this research not be used as an excuse to delay important decisions regarding investigatory standards.
ADVISORY BOARD OBSERVATIONS
17. General Larry Welch then presented the views of the Board on several critical matters. He began by noting that much has been accomplished in modernizing the government security apparatus and much remains to be done. He specified four objectives which the Board views as top priotities. Implementing reciprocity is crucial. He indicated that while almost all government agencies verbalize support for reciprocity, the actual implementation lags behind. We must fully implement this vital concept. Equally pressing is the implementation of a common database for maintenance of clearance information. Such a database would substantially streamline the system and would likely enhance efficiency to an extraordinary degree. There still exists an unconstrained demand for security clearances born partially of unrealistic and sometimes arbitrary application of security standards. As an example, the General offered the request for clearances for grass cutters on a military base. Such applications strain credibility. A possible partial solution is the use of fee for service in an attempt to discipline demand for clearances. Lastly, he indicated the security community MUST move to acceptable, defined standards for SAP clearances. There currently does not exist any known standards for SAPs and this situation is an invitation to arbitrariness. Each individual is entitled to fair and equitable treatment and it is difficult to fathom that outcome given the farrago of SAPs and the lack of any clear standards.
18. The General then asked for input from the public.
19. One participant noted that the business community is rapidly changing and evolving into an international entity. SAP standards must stay current with that, and all other trends. Another questioner asked when the Adjudicative Guidelines and Investigative Standards will be implemented. Mr. Jacobson replied that they have already been distributed and should reach the contractor community shortly. An observer noted that risk management is crucial to industry and we cannot move forward without it. He asked who determines exactly what risk management is and how it is applied. Mr. Jacobson answered that, ultimately, it is the President who must decide. It is noted that threat based security, while a valid and worthwhile concept, demands government policies which will fully implement the concept. Only then will the contractor community experience real progress in this crucial area. In discussing the granting and denial of clearances, another observer opined that industry has the luxury of placing an individual without a clearance in a position not requiring a clearance while some government agencies may not have that option.
20. As no additional discussion was forthcoming Mr. Thompson adjourned the meeting at 1130 hours.