The November 8, 2015 “Into Dangerous Hands” segment on 60 Minutes, detailing lapses in the U.S. security clearance process, has drawn strong reactions on social media over the past week, including from Sen. Jon Tester, D-Mont., who stated via Twitter, “I’m calling on Senate HSGAC [Homeland Security & Governmental Affairs Committee] to hold a hearing on [the] background investigation process.”
According to the report, serious flaws in background investigations led to several high profile internal threat actors slipping through the cracks, resulting in the loss of lives and threats to our national security.
In light of the recent Office of Personnel Management (OPM) breach, it’s brutally clear that better processes and tools must be put in place to rapidly assess new and existing personnel. Haystax’s threat analytics platform Carbon has been used by other agencies to quickly identify discrepancies between Standard Form 86 (used by government employees applying for security clearances) and other data sources to identify potential falsification or omissions.
OPM could use this kind of technology to quickly revalidate personnel backgrounds and also create risk profiles of personnel and evaluate them continually to help agencies defend against insider threats in the future.
60 Minutes also raised the issue of using publicly available electronic information, like social media. Certainly for positions that require a security clearance, it seems reasonable to monitor this kind of employee information. But overloaded agencies will struggle with yet another information source that they must review.
Haystax Carbon was built with this in mind – connecting directly to publicly available electronic information when it’s available to automatically identify potential risk issues.
First used by the U.S. Army as a risk rating tool for personnel with security clearances, Haystax Carbon has been successfully tested on populations as large as 100,000 and has performed well in several pilot studies of increasing complexity over the last three years. Within months, analysts could scale Carbon to calculate risk ratings for the more than 20 million personnel whose information was compromised as a result of the OPM breach.
With the pending USG 90-Day review of the impact of the OPM breach expected at any time, we’re sure to learn more. Regardless of the findings, it’s clear government leaders must act now to address the vulnerabilities inherent in its personnel evaluation process.