On April 11, 2000 a public meeting of the President’s Security Policy Advisory Board (SPAB) was held at the Charles S. Draper Laboratory in Cambridge, Massachusetts. Board Chairman General Larry Welch, USAF (Ret) presided with board member Rear Admiral Thomas Brooks, USN (Ret). Board member Ms. Nina Stewart was unable to attend. Approximately 30 persons from the public and private sector also attended. Minutes
April 11, 2000
Security Policy Advisory Board Meeting
Charles S. Draper Laboratory Inc.
Cambridge, MassachusettsINTRODUCTIONS
The meeting was called to order at 1400 hours by Mr. Bill Isaacs, a member of the Security Policy Board (SPB) staff serving as the Responsible Federal Officer in support of the SPAB. He welcomed all in attendance and introduced the advisory board members.
PRESENTATIONS
1. Mr. John Crandell, Chief of the Oversight and Technical Assistance Division, Office of Personnel Management (OPM) and Chairperson of the SPB’s Personnel Security Committee provided the following information. He spoke about recent automation initiatives by OPM’s Investigations Service. First, he talked about an integrated automated fingerprint identification system (IAFIS). The IAFIS system was implemented by the FBI Criminal Justice Information Division (CJIS) in July 1999. Because of IAFIS, OPM and its customer base realizes the following benefits: 1) a reduction in processing time from weeks to hours for the fingerprint based criminal history check, 2) arrest records received electronically are available much earlier in the investigative process, 3) elimination of “lost” fingerprint submissions. Some of the results achieved from this system include receiving the return of fingerprint checks within 5 days on 98% of submissions, the average processing time is 11 hours and 7 minutes, and a reduction of the unclassifiable rate from 10% to 5.1%.
Next Mr. Crandell talked about an OPM and Lockheed Martin Energy Systems initiative to build a user-friendly, web-based system for the creation, access, editing, review, and long-term storage of electronic Standard Forms (SF86/85P/85). The features of the proposed system include online encrypted internet access for applicants or employees for preparation and storage of the Standard Form, online access by submitting offices to review subject provided information and the ability to add additional information required to request an investigation, secure transmission to investigative service providers and long term storage so that the subject can update the original data when preparing for reinvestigation.
Mr. Crandell provided the following benchmarks for the proposed system. By October 1, 2000, an electronic SF 86 will be available for on-line (encrypted) internet access for use by a pre-determined pilot site and, by January 1, 2001, it will be expanded to include all Federal agencies. He closed his presentation by stating that future development of this web-based system will include other Standard Forms and agency specific forms.
2. Mr. Dan Jacobson, the Executive Director of the SPB, was to brief on the results of the SPB Executive Committee (EXCOM) meeting held on April 7, 2000 but the meeting was rescheduled for April 14, 2000. He presented the agenda items for the meeting: 1) security policy oversight, 2) SPB staff resources, and 3) organizational placement of the Department of Defense Polygraph Institute (DODPI).
He reported that the SPB has received the go-ahead to further its efforts in the Critical Infrastructure Information area. The SPB was asked to develop a definition of critical infrastructure information to be protected and a scheme to protect that information. Key to this initiative is a Freedom of Information (FOIA) exemption.
Next Mr. Jacobson discussed smart badge architecture. On April 11, 2000 the Facilities Protection Committee (FPC) of the SPB approved a process for the development of a standard badge topology for the cleared government community. This recommended process will be submitted to the SPB Forum for their consideration.
Mr. Jacobson advised that Mr. Arthur Money, the Co-Chair of the SPB EXCOM and Chair of the National Security Telecommunications and Information Systems Security Committee (NSTISSC) directed a proposal be developed for staffing through the SPB and the NSTISSC to partner the two entities to aid the development and implementation of national information systems security policy. Mr. Jacobson advised that such initiatives are essential if we are to be able to respond to the protection challenges that face us.
3. Defense Security Service (DSS) Director Lt. General Charles Cunningham Jr. USAF (Ret) provided an update on the progress being made at his agency.
In June 1999, the General Accounting Office (GAO) described the DSS as an agency in turmoil. The backlog of personnel security investigations was estimated to be as high as 700,000. Industrial Security oversight of user agency contractors was severely lacking per the Joint Security Commission II report, and the DSS training function was found wanting. Overall, many management changes were dictated.
DSS began by changing the management structure both at the Headquarters and in the field activities. DSS returned to program specific management, a regional management concept with four regional directors, a program specific supervision scheme with an effective span of control, and established good order and discipline with sound management practices as a foundation. The Agency re-instituted accountability across the board and established a Quality and Standards office to ensure that Investigative and Industrial Security products meet federally mandated standards. The DSS training academy recently opened a start-of-the-art facility in Linthicum, Md. and is beginning to provide the security community with an acceptable training product.
The Agency faced the daunting task of “fixing” a computer system that was clearly deployed before it was ready. This system is called the Case Control Management System (CCMS). In short, the CCMS recovery actions were described in three phases: complete system stabilization and short term improvements this fiscal year, additional system improvements during FY01, and system enhancements from FY2001-03. To accomplish this recovery plan, the DSS has engaged a program management office (PMO), under the auspices of the Air Force, to manage the operations of CCMS.
DSS is making a major “turn around” during the third fiscal quarter. First, a backlog of signed releases that existed at the Baltimore facility of DSS has now been eliminated and these releases are now in the hands of the DSS investigators. Second, the backlog of interim clearance requests from industry at the Defense Industrial Security Clearance Office (DISCO) has been eliminated. Third, a backlog of fingerprint cards for submission to the Federal Bureau of Investigations (FBI), and which impacts on the completion of an estimated 7% of the pending workload at the DSS, has been eliminated. The fourth indicator of agency turnaround relates to output or cases closed. The DSS target for completing cases is a mandated 2500 case closings per day in accordance with its “contract” with the Defense Management Council. As recently as January 2000 that number was in the 1100 per day range. In February, output rose to 1500 cases per day. In March the rate of closings was 1700 per day and for April the rate is 2000 per day. The Agency is convinced that the target of 2500 per day by August is achievable and will be surpassed.
DSS is working in partnership with OPM to complete a significant portion of the backlogged investigations and this, combined with a DSS contracting capability with private companies, should work well for significantly reducing the investigative backlog by the end of next year. Finally, DSS employee morale is up and indications are that the third quarter turnaround is clearly taking shape.
OPEN DISCUSSION
Question: An individual from the audience offered a concern that the protection of personal information while in the hands of private contractors was an issue. He also spoke of the vulnerability of archived information stored on CD-ROMs.
Board Commentary: General Welch indicated that in general the trustworthiness of the private sector in the protection of personal security investigation information has been good. He did not expect any change in this as long as existing controls were enforced. He deferred the archiving question to General Cunningham who met with the individual posing the question after the meeting.
Question: A member from industry posed a question on the letter of compelling need as allowed in the industrial security program. Should it be discontinued?
Board Commentary: The board deferred to General Cunningham on this, noting that communications between government and industry could be improved. General Cunningham stated that he is implementing a quarterly newsletter from DSS to industry containing useful and timely security information.
Question: An individual from industry provided the following scenario. He recently received a classified email that “contaminated” many unclassified tapes. He wants DSS and the software manufacturers to agree on a workable solution to resolve this problem.
Board Commentary: General Welch sympathized with the person posing the question and offered that most everyone in the room has probably experienced something similar to this. He said that the government should take a common sense approach to solving this problem. In that vein, DSS has formed a working group with industry to resolve the problem and will provide the community with the results of their efforts.
Closing Commentary
General Welch said that progress is being made in certain areas of security policy and that reciprocity is becoming more and more a reality. He added that continued vigilance of implementation of the Joint Security Commission II recommendations is imperative.
The meeting was adjourned at 1545 hrs.