WASHINGTON: The Pentagon hopes that a newly announced $75 million, 24-month contract will clear up its chronically backlogged security clearance system. The plan: develop prototype software that uses artificial intelligence to analyze routine data instead of humans running laborious background checks, freeing investigators to concentrate on the genuinely critical cases.
How big is the mess? Hundreds of thousands of would-be federal employees and defense contractors wait an average of 221 days for a Secret clearance and 534 days for a Top Secret clearance, according to the National Background Investigations Bureau.
The clearance backlog makes a day in line at the DMV look fast. It’s a problem that costs the government millions of dollars and, in many ways, wastes the talent of countless individuals who give up and seek employment elsewhere.
“The bottom line is we need to get cleared people to work in their job faster; we’re not doing that job well,” said Terry Carpenter, the Program Executive Officer for the National Background Investigation Service, part of the Defense Information Systems Agency (DISA). “Whether you’re in an agency, the federal government, or an industry partner …. we need to make sure those companies and agencies can get those people to work because they have their clearance.”
The DoD’s Defense Security Service (DSS), which runs the clearance process, and DISA, which runs much of the military’s networks, jointly awarded the contract to Perspecta Enterprise Solutions of Herndon, VA, using the Other Transaction Authority process to bypass much of the traditional acquisition bureaucracy. Perspecta was formed in 2018 through the merger of the public sector business of DXC Technology, Vencore, and KeyPoint Government Solutions.
Over the next 24 months, Perspecta will create a prototype “architecture” that can be scaled up to a full-sized security-check system, with two main features:
- Data ingestion and analytics using techniques like machine learning and natural language processing, which are both subsets of artificial intelligence; and
- A “software factory” to develop new vetting capabilities as needed. This will employ a software methodology called DevSecOps (Development-Security-Operations) that quickly delivers functionality that is then constantly improved through user feedback, while injecting security into all interactive phases of development, so usable software is delivered in weeks instead of months or years. Software development will be guided by a framework known as SAFe, which is an online knowledge base made available by an organization called Scaled Agile. The “factory” will continually develop, test, secure, and deploy new software in a government-run cloud, using what’s called continuous authority to operate so its products can be used immediately, without a laborious certification process.
The new architecture is being designed to transform three mission areas in the clearance process: initiation, investigation, and adjudication.
Explained Carpenter: “There are several activities around the initiation part. [For example], you’re a new employee coming in or a transfer coming in from a different agency. The initiation process engages with the subject and collects their information in a standard form that feeds the process. Then there’s the investigation process. Under the old process, a full investigative package was prepared, which took a lot of time and labor. That was handed over for adjudication to an appropriate business function with the credentials to do the adjudication, and they would make the decision on that clearance.
“What we are looking at today is continuous vetting as a way to use data to minimize the amount of labor force that has to knock on doors to get information. The more we can get done with data, the more effective we are at delivering the capability of a clearance, the more confidence we have in it, and the less it costs.”
Data analytics will also facilitate continuous vetting throughout the work life of cleared individuals to address possible insider threats.
“With this data-driven model, we can get into a continuous evaluation model rather than the current model, which is periodic investigation that looks at somebody every 5 or 10 years,” said Patricia Stokes, director, Defense Vetting Service, DSS. “We can utilize technology available today to initiate processes and capabilities to (gather) information on a real-time basis (to determine) your need for access and your risk.”