Mr. Bill Isaacs, who is a member of the Security Policy Board staff and serves as the Responsible Federal Officer in support of the SPAB, opened the meeting at 1330hrs. He welcomed all in attendance and introduced the SPAB members.
Chairman Welch presented a comprehensive briefing of the findings and recommendations of the Joint Security Commission II. A copy of that briefing is attached.
Following Chairman Welch’s presentation was a period of open discussion of security issues.
The SPAB agreed that the backlog was indeed having an adverse effect on clearance reciprocity. They offered that compliance with the investigative standards was key to promoting reciprocity. They also stated that they thought actions currently underway at the Defense Security Service was movement in the right direction by the Defense Department in addressing its portion of the problem.
There exists today a plethora of government pilot programs for Civil Service training. What is needed is a device or mechanism that is easily understood and focuses on the needs of the computer security professional. The government must establish a partnership with academia and the private sector if it is to compete for scarce computer professional resources. In a related area, a member from the audience offered that a FY00 budget amendment for Cyber Corps implementation was being prepared. The SPAB response to this was that too many agencies are in charge of computer security policy coupled with significant interest from various entities of the Legislative Branch. With so many in charge no one is truly in charge. Critical networks transcend the classified and unclassified world in today’s environment. The SPAB suggested that government undertake an educational program explaining these “new needs.” They agreed that this issue is difficult, but the need dictates that we get started.
The SPAB agreed that there has not been appropriate accountability for policy implementation. The JSC II addressed this issue. Feedback is needed on implementation and any adherence to policy must be at all levels of the Executive Branch.
The SPAB stressed that the NISP is necessarily a deliberative process. Attestation has a time constraint and needs to be accomplished quickly. The state of security awareness in the Department of Defense needed something done in a dramatic fashion. The Deputy Secretary of Defense acted accordingly.
The SPAB will follow up on the implementation of the Chapter 8 to include the development of the training module. Also, they asked industry to respond in their comments on Chapter 8 if they felt the two documents (Chapter 8 and the DCID 6-3) were not de-conflicted.
Mr. Isaacs thanked the ASIS representative for hosting the meeting and adjourned the session at 1500hrs.