FAS | Secrecy | Library || Index | Search | Join FAS






The Commission has examined the organizational arrangements in the Department of Defense and the Intelligence Community for the performance of personnel security background investigations and industrial security functions. The Commission believes that the effectiveness of these activities can be substantially improved by the establishment of a new joint investigative service.


For the DoD, virtually all personnel security background investigations for civilian, military and contractor personnel are conducted by the Defense Investigative Service (DIS). In the Intelligence Community, personnel security background investigations are conducted by the DIS for the DoD component, including the NSA and the DIA. The CIA and the NRO have their own internal organizations that conduct or contract out background investigations for their employees and contractor personnel. The NSA also has an internal investigative organization that performs a limited number of background investigations.


The DIS also performs, for the DoD, all initial industrial facility certifications which establish that a contractor facility is eligible to receive classified information. The DIS then performs a full range of industrial security functions, such as periodic inspections and assistance visits, for all cleared facilities except for all Navy special access programs and for certain Air Force special access programs. This contrasts with the Intelligence Community's decentralized approach that emphasizes integration of security with program management teams.



Personnel Security Investigations


The Commission believes that one of the more effective means of reducing overall personnel security costs, while enhancing the security posture of our nation, would be to reorganize current investigative resources and thoroughly modernize the process of gathering, investigating, reporting, and storing background investigative information. A previous section of this report outlined the substantial savings to be realized through improving the timeliness of the investigative product. However, we also heard from the end users that the investigative products they receive are uneven in quality and completeness. Because of this, organizations often upscope investigations completed by other investigative organizations, or otherwise invest in additional types of vetting mediums, to establish greater confidence in their personnel. For example, a major SAP contracts out investigations rather than take advantage of "free" investigations provided by the DIS because of concerns about quality and timeliness.


The Commission believes that establishing measurable objectives to improve the timeliness and quality of investigations offers a solution to at least part of the problem. However, the current deficiencies and impending budget reductions casts doubt on improving the situation under the present organizational structure. For example, the DIS faces a 25 percent budget reduction over the next 4 years. Therefore, the Commission believes decisive and innovative action must be taken to resolve these problems.


The Commission proposes forming a new joint personnel security investigative organization for the DoD and the Intelligence Community. A new organization is needed to: establish progressive leadership; realize savings in manpower and personnel; maximize economies of scale; achieve commonalty of product; provide a single focus for implementing technological improvements and efficiencies; and enhance professionalism and career opportunities.


The new joint investigative service would be charged with conducting all personnel security background investigations for military members, civilian employees and contractors of the DoD, the CIA, the NRO, the NSA and all other entities reporting to the Secretary of Defense and the Director of Central Intelligence. The only exceptions to the investigative jurisdiction of the joint investigative service should be: 1) investigations of cabinet officials and political appointees currently performed by the FBI; 2) investigations of new civilian employees hired into the DoD and the Intelligence Community who occupy nonsensitive positions and, therefore, fall under the jurisdiction of the OPM, and; 3) personnel specifically exempted by the Director of Central Intelligence.


The Commission proposes that the joint investigative service be established by incorporating the personnel security investigative elements and resources of the DIS, the NSA, the NRO and the CIA. The Commission further recommends that the joint investigative service be staffed with both full-time investigators and rotational personnel from the security offices of the various agencies that it serves. This would facilitate communication between the investigative agency and its customers, and would provide government security officers with an opportunity to gain valuable investigative experience. The joint investigative service should also establish specific units to handle individuals with cover considerations, reporting these investigations through secure channels. Moreover, the joint investigative service would contract out domestic investigations when appropriate, such as priority investigations, and pursue overseas leads using in-place military and government resources on a reimbursable basis. However, individual agencies would continue to conduct their own special investigations, such as counterintelligence and criminal investigations, and perform their own adjudications.


The Commission believes that the joint investigative service should be industrially funded. The most efficient and customer responsive agencies are those that operate on a fee-for-service basis. For example, the Commission learned that until the OPM became industrially funded, it had a relatively poor reputation for delivering a timely, quality investigative product. Since instituting a revolving fund mechanism, the OPM has cut investigation times dramatically, initiated many innovative automation linkages with customer agencies, and, according to customers, improved the quality of its investigations.



Recommendation 61

The Commission recommends that a joint investigative service be established that performs all personnel security background investigations on a fee-for-service basis for the DoD, the NSA, the NRO, the CIA and other organizations that report to the Secretary of Defense or the Director of Central Intelligence.



Industrial Security


With respect to industrial security, the Commission found two distinct approaches to the protection of classified information by contractors: centralized and decentralized. The CIA, the NRO, the NSA and some of the DoD special access programs integrate security into program management. This decentralized approach integrates small security elements into program management teams with core security functions provided by a centralized service. Security is part of the program management team and provides direct support to organizational goals. The disadvantage of this approach is that it has, in some cases, worked against standardization and reciprocity. Particular SAP program offices have adopted their own security procedures. The centralized approach embodied in the DIS seeks to leverage limited resources through standardized practices and procedures, generally independent of specific contracts or programs. Disadvantages of a centralized approach include inflexibility, distance from the customer, lack of direct accountability, and a system based on achieving security goals independent of organizational goals.


On balance, the Commission has found the programmatic approach to industrial security to be superior to the traditional centralized approach of frequent inspections to measure compliance with a detailed manual of security rules. The program-oriented approach brings security closer to the customer and provides greater flexibility to handle program issues. This structure also makes security directly accountable for the quality and timeliness of its service. Contractors appear to prefer the flexibility of a programmatic approach, but insist that common standards are needed for reciprocity.


The Commission believes that a core industrial security function located within the joint investigative service would benefit the Defense and Intelligence Communities. The new organization should be responsible for initial facility clearances, for the previously recommended facility registration data base, and for all determinations concerning foreign ownership, control and influence (FOCI), as discussed earlier in chapter 6. The new organization should provide an industrial security service to those Defense and Intelligence Community program offices for which a joint industrial security program is most effective. It would also provide this service to non-Defense and Intelligence Community agencies, as the DIS has done in the past. It will centralize, as a core service, the staff to provide accreditation of facilities, technical and computer security expertise, guidance to handle treaty inspections, central records, and representation to industry and government forums. The new organization should promote standardization and responsiveness to customers and coordinate the industrial security inspections previously discussed in chapter 5. It should draw upon the experience of the industrial security program of the NRO, which has made great progress in recent years in combining a programmatic orientation with greater standardization.


The Commission emphasizes that the new organization must break with the past practices which have tended to focus on frequent inspections for compliance with a detailed regulatory manual. Industrial security should be a service to the contract program office, with security performance measured in terms of mission accomplishment rather than adherence to detailed security rules. The joint investigative service should view its industrial security functions as a service to be used where a joint organization is more efficient and economical. The Commission does not intend to force into joint organizations those program offices in the CIA, the NRO, the NSA and certain SAPs that function better by maintaining their own industrial security capabilities. The Secretary of Defense and the Director of Central Intelligence will retain the discretion to authorize separate industrial security offices for specific programs.


The Commission recognizes that this decentralization of execution of industrial security runs a risk that general standards will not be applied uniformly. Indeed, a major disadvantage of the separate SAP industrial security programs in the past has been their adoption of unique security procedures that added multiple burdens to industry which translated into increased, unjustifiable costs to the government. One purpose of establishing a single classification level with two degrees of protection is to standardize the security requirements for the controlled access programs. The security executive committee should ensure that the standards are applied properly, and the joint investigative service should provide a channel through which industry may bring concerns to the attention of the security executive committee.



Recommendation 62

The Commission recommends that a joint investigative service perform industrial security services of common concern for the Defense and Intelligence Communities, as determined by the security executive committee and in accordance with a programmatic, customer-service approach.



Establishment of a Joint Investigative Service


For the reasons set forth above, the Commission has concluded that the Secretary of Defense and the Director of Central Intelligence should establish a joint investigative service to conduct all personnel security background investigations and updates for components of the Department of Defense and Intelligence Community, as well as their contractors, and to perform those industrial security functions that can better be done jointly. The advantages include economies of scale, greater commonality, more uniform implementation of standards, and increased professionalism and career opportunities.


The new organization should draw its personnel and resources from existing security organizations in the Defense Department and Intelligence Community. It should take its policy guidance from the security executive committee. While the Commission does not wish to prescribe the organizational details for a joint investigative service, one model is the Central Imagery Office (CIO). The Director of the CIO is appointed by the Secretary of Defense on the recommendation of the Director of Central Intelligence. Consideration should also be given to other joint DoD-DCI models that have been adopted for different functions. The joint investigative service could report to the Secretary of Defense and the Director of Central Intelligence directly or through a senior official designated by them. Above all, the Commission urges that the establishment and direction of the joint investigative service receive sustained, high-level attention, which has not been the case with the Defense Investigative Service over the years.



Recommendation 63

The Commission recommends that the joint investigative service be established by the Secretary of Defense and the Director of Central Intelligence, that its resources be drawn from existing security organizations, and that it report jointly to the Secretary of Defense and the Director of Central Intelligence.


On to Chapter 8
Back to JSC Top Page

FAS | Secrecy | Library || Index | Search | Join FAS