On January 10, 2000 a public meeting of the President’s Security Policy Advisory Board (SPAB) was held at the Rand Corporation in Santa Monica, CA. Board Chairman General Larry Welch, USAF (Ret) presided along with board members Rear Admiral Thomas Brooks, USN (Ret) and Ms. Nina Stewart. Approximately 60 persons from the public and private sector attended. Minutes
January 10, 2000
Security Policy Advisory Board Meeting
The Rand Corporation
Santa Monica, CaliforniaINTRODUCTIONS
Mr. Bill Isaacs, who is a member of the Security Policy Board Staff and serves as the Responsible Federal Officer in support of the SPAB, opened the meeting at 1400hrs. He welcomed all in attendance and introduced the SPAB members.
PRESENTATIONS
Chairman Welch opened the meeting by presenting three primary areas of focus for the SPAB: 1) Reducing the backlog of investigations at the Defense Security Service (DSS); 2) Tracking the recommendations approved in Phase I of the Joint Security Commission II to their logical conclusion; and 3) Working to achieve the recommendations of Phase II of the JSC II report dealing with Information Systems security issues.
Mr. Dan Jacobson, the Executive Director of the Security Policy Board, provided an update on the first meeting of the Security Policy Board’s new Executive Committee (ExCom). He stated that this senior group has agreed that its charge is to make effective and timely security policy decisions. This is evident in that in their first meeting the group ratified eight recommendations of the JSC II, approved 11 more recommendations but referred them to the appropriate SPB committee/staff for further work, and deferred the remaining 16 to Phase II. The Phase II recommendations require coordination with activities outside the SPB structure. The next meeting of the Excom will be held on March 15, 2000.
Mr. Jim Passarelli, SPB Staff, updated the Board on the Extranet for Security Professionals (ESP) project. He focused on the Joint Security Commission II Recommendation 19, "The SPB should continue to support the ESP, ensuring its continued development, funding, and operational status." In that pursuit, the ESP's Board of Governors tasked the SPB Staff to develop an action plan to meet this recommendation, including milestones, timelines, and deliverables. He further advised the Board that the project was severely impacted by the continuing lack of a stable resource base, as well as the failure, so far, to identify a Government Executive Agent before the project can be fielded. In conclusion, his update served as a lead in to a live demonstration by Mr. Matt Donlon, the ESP Program Manager, of the ESP's on-line Visit Certifications Application for sending visitor security clearances and other relevant visitor information between authorized ESP registrants.
OPEN DISCUSSION
Following the presentations there was a period of open discussion.
1. A member from Industry offered that his facility has seen little progress in the reduction of the investigative backlog and the timeliness of investigations. He indicated that his statistics showed it is taking 250 days to complete a Secret investigation and four months to grant an Interim clearance - both clearly unacceptable.
SPAB CommentaryThe Board members agreed that these completion times were unacceptable and indicated that they will push for adequate resources for DSS to fix the problem. In an effort to put this timeliness issue in proper perspective, General Welch offered the following. He stated that it is his understanding that it takes, on average, less than an hour of investigative time to complete a non-issue Secret investigation. Hence, the long delays are due to administrative processing. He also asked the individual from Industry to provide the SPAB with more detailed statistics as described above.
2. Another Industry representative mentioned that the Department of Defense (DOD) has extended its waiver and reinstatement/conversions of personnel security clearances for industry for one more year. This was an indication to him that the problems being experienced by the DSS with their Case Control Management System (CCMS) will continue.
SPAB CommentaryBoard members offered that we need to screen people in the high level positions and possibly let some lesser cases go. The concentration should be to investigate those persons who can do the most harm to an organization first and then work to address the balance of the backlog.
3. The next issue presented was the recent tendency in Government to use the Federal Acquisition Regulation (FAR) as the vehicle to promulgate Security Policy instead of using the National Industry Security Program (NISP). The first example of this was when the DOD used the FAR to issue its Attestation policy. The most recent is the National Aeronautics and Space Administration (NASA) using the FAR to issue its policy on protection of its sensitive but unclassified computer systems. The industry representative offered that even though the NISP covers the classified arena, its procedures could be used in the unclassified area, especially when it involves Information Systems Security.
SPAB CommentaryBoard members stated that they were unaware of the NASA proposal. They agreed that this “trend” of employing the FAR sans the NISP should stop. Regarding the NASA issue, General Welch stated that the network threat issue has little to do with whether the system is classified. An organization may well be put out of business if their unclassified systems are brought down. He also stated that we in government have lots of work to do to decide how to deal with the network security issue. He suggested that the urgent problem for DOD is to fix their portion of the problem. DOD solutions can then help with the interagency need for solutions for other activities.
Mr. Isaacs adjourned the meeting at 1600hrs.