22 October 2019

With the Trusted Workforce 2.0, Pentagon becomes the provider of security authorizations for all American government employees

Liviu Ioniţă

Rebranding or there is a new structure in the American intelligence?Starting with October 1st, the beginning of the American fiscal year, the Defense Counterintelligence and Security Agency (DCSA) announces that it is ready to “become the largest counterintelligence and security agency in the federal government. DCSA will be the nation’s bulwark against active and persistent attack by our nation’s adversaries against our federal workforce, technology, and information”.

Image source: Mediafax

The Defense Counterintelligence and Security Agency, located in Quantico, Virginia, will be responsible with fund’s investigations and government’s employees’ security program.

Also starting October 1st, the National Background Investigation Bureau (NBIB) officially stops working, its operations and the more than 2900 employees being transferred to this new structure, which includes also the former Defense Security Service (DSS). Also, Charles Phalen Jr., the former NBIB chief (former vice-president for corporative security at Northrop Grumman Corporation/ a company dealing with airspace fields and the Defense technology, a person whose CV includes government positions, CIA and FBI) will take the (temporary) leadership of the new agency.

Security authorizations at the behest of the Pentagon

For years, the White House wanted to establish the investigative missions in government’s personnel verification process. The result: president Trump signed, on April 24th, the 13869 Executive Order, by which he changed the responsibility in terms of the fund investigations from the Office of Personnel Management (an independent agency of the federal government, which manages the civilian labor force) to the Defense Department.

Pentagon becomes and authority in terms of investigations and has the issuance portfolio of security authorizations

According to Joseph Kernan, the undersecretary of Defense for Intelligence, the merger established on October 1st advances national defense strategy objectives to enhance our security environment and maintain lethality by protecting critical defense information from theft or disclosure.

Among the responsibilities of the Defense Counterintelligence and Security Agency they will provide Pentagon’s security and its contractors in terms of a possible unauthorized access to the IT structure, given that the federal officials are more and more concerned with China’s efforts and its other enemies to get infiltrated in the govern through IT methods.

Therefore, only three years since its foundation, the National Background Investigation Bureau (NBIB), the main investigations services provider for the US government, a structure which is under the subordination of the United States Office of Personnel Management (OPM), has stopped working. Although the expertise field was the civil one, during its short functioning, the NBIB intelligence systems were created, built and operated by the Defense Department.

NBIB has been created after a security breach emerged within the United States Office of Personnel Management, in 2015.

The 2015 security breach has exposed personnel information about 21 million potential and existent federal employees and contractors. The intelligence attacks which have produced the intelligence theft (addresses, health history, financial history, other private details) were supposedly deployed by China, but the American officials did not specify any entity. It seems that the breach was all the more harmful that the OPM systems were electronically connected to other agencies and databases, and their own database was unsecured and unencrypted.

What happened then, but also the increase of the investigations number dedicated to security authorizations, pushed the democrats and the republicans, in the private and state sector, within the legislative and the executive level, to unanimously accept that the verification process and the security authorization issuance one has some shortcomings.

In fact, the old-fashioned procedures and systems, some created in the 40-50’s, based on manuscripts, documents sent via email, live research and interviews, manual processing have all led to delays when talking about getting the security authorizations and the shoddy investigations. This is what determined the inclusion of the security authorization process, by the Government Accountability Office (GAO), on the list of high risk areas, which need reform due to their vulnerabilities to infraction, fraud, abuse and faulty administration.

Continuous evaluation- a new revolutionary, yet controversial, concept

The first result of the Intelligence and Defense communities’ efforts to redefine the entire process dedicated to issuing security authorizations is that, in March, the Office of the Director of National Intelligence has launched the Trusted Workforce 2.0.

Which started as a pilot program for the Defence Department and the intelligence community agencies is seems to become, now, the key element for Trump’s Administration security verification, accreditation and authorization process review, by adopting many new policies and procedures, which will lead to changing the security authorization model, as well as the standards used for investigations.

The revolution the Trusted Workforce 2.0 is about to make, which will be based on Artificial Intelligence and machine learning mechanisms, will not only include the improvement of the verification process, but, especially, the transfer to the so-called continuous evaluation model.

Furthermore, the investigation levels, appropriate to the security authorizations to be issued, will be reduced from five- high risk public trust, moderated, secret risk public trust, high risk and top secret public trust- to three: Trusted, Secret and Top Secret.

So, this entire harsh process which involves initial investigations, followed by complex periodical reinvestigations, to 5-10 years, will be revisited, through the enlargement of the investigation methods, including the use of digital interviews channels, as well as the possibility to access and use the already existent information in different govern or private entities’ databases.

The framework of the new concept wants to create a program by which the agencies and organizations in the private sector, developing their own investigation activities, to offer access to what have been collected (for example, credit reports).

The machine learning, artificial intelligence algorithms and the behavioral science methods will make possible the data analysis and processing from different sources and the establishment of continuous verification and the identification of important security issues.

There will be monitored the suspects transactions, abroad trips or possible connections with terrorism, any elements that could offer the Defence Department a real-time close image of a person. For example, having real time information about an employee failing to pay with a credit card, the Pentagon and other employees would have to answer to questions like: which was the results of such actions? Was that person responsible or not for how she/he acted?

Social media will also be an important element of the investigations. Trusted Workforce 2.0 will have to verify the social networks. Text data, video and contextual ones, precise statistics models will be used to create models, behavioral tendencies and intentions.

And, if one a person is enlisted in the system, he/she will also get protection, being continuously verified and evaluated the possible risks and threats against him/her. At least, this is what MARK Nehmer, the technical chief within the former DSS, claims.

The program created by Pentagon involves the correlation of digital print of a person, its cyber activity, with other data the Defense Department has about that specific individual. These are data collected from the continuous verification, which is an effort for the surveillance of the life events of security, authorization holders, marriage or divorce, bank loans, fiscal declarations, arrests, trips abroad. Mark Nehmer thinks that the process is a window, not only to one individual’s past, but also his current spiritual mood… surveilling any behavioral micro-changes.

This is, obviously, raising questions on how far can someone go with such surveillance and how willing are the employees for their contractors to have access to their behavioral micro-changes, especially that there may emerge some negative personal consequences for what these changes show.

Some are optimists, just like Mark Nehmer, thinking that if the job is done correctly, the system can help preventing suicides, data protection, in general, the things that people do, when they are stressed.  Others (Griff Ferris, Big Brothers Watch, a British organization working in civil liberties and confidentiality field) are afraid that it may be created a worrying thing, the use of artificial intelligence to closely monitor any work move, as well as the personal life, to try to predict everything that employees will make in the future, being also the start of total surveillance.

However, those who initiated the continuous evaluation think that as long as you want a job that involves security authorization, you implicitly assume the transparency of your personal information.

Thus, you give your personal life in exchange of the huge privilege and power that one might get along with having classified information.

Translated by Andreea Soare