The Defense Counterintelligence and Security Agency has successfully enrolled all Defense Department service members, civilians and contractors with a security clearance — about 3.6 million people — in its current continuous vetting program.
Continuous vetting will eventually replace periodic reinvestigations, which are conducted every 10 years for employees with a secret clearance and five years for those with a top secret clearance. It will also include DOD personnel who do not have a clearance, according to Heather Green, assistant director of vetting risk operations for DCSA.
This brings the agency and the federal government one step closer to its trusted workforce, or TW 2.0, goal of providing continuous vetting for all of DOD, as well as other government personnel outside of the department, she said. TW 2.0 is expected to be incrementally implemented over the next few years.
Continuous vetting is now in the TW 1.25 stage, which means that DCSA receives automated records from government and commercial data sources based on federal investigative standards. The National Background Investigation Services, a component of DCSA, then leverages an automated system that scans the data for any alerts that might indicate potential issues or other suspicious or criminal activity, she said.
"We developed that in order to provide that initial version of continuous vetting, focusing on high-value data sources through automated record checks. Those continuous record checks that are turned on right now mean that issues of potential risk to an individual's trustworthiness that may have taken years to discover in the past are now identified and addressed in very near real-time data," Green said.
One example of TW 1.25's success: The DCSA team received an alert on July 31 that there was a fugitive arrest warrant for attempted murder, felony assault and other charges related to an incident that had occurred the previous day, Green said.
The team immediately validated the alert and then shared that information with the subject's security manager and law enforcement. That individual was apprehended and removed from security access, she said.
"If we had not had this individual enrolled in continuous vetting, there's a high potential that we may not have been aware of the situation until the next periodic investigation, which would have been 5 1/2 years later," she said.
Although continuous vetting is now operational, Green said she would encourage anyone who is having any issues — such as with finances — to proactively report it to their security manager. "Self-reporting is a critical piece of continuous vetting and we prefer to have already known about the incident prior to an alert being generated in the system," she said.
Green also said the person who shares concerns with his or her security manager, would most likely receive some sort of assistance so the problem does not fester and become a potential insider threat concern.
In TW 1.5, a milestone that comes between now and TW 2.0, more data categories will be added to continuous vetting, she said. In addition to the criminal and terrorism checks that are now being done, suspicious financial activity and foreign travel will also be monitored. When TW 1.5 begins, periodic reinvestigations will no longer be necessary.
Green noted there are policy discussions underway as to whether social media monitoring will be added for TW 2.0.