While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The National Background Investigations Bureau (NBIB) was born out of a scandal at the Office of Personnel Management. Now OPM wants to make sure it has the necessary IT to function properly in securing federal workers’ records.
In an exit memo earlier this month, outgoing OPM Director Beth Cobert spelled out the agency’s goals for NBIB, which took over at the start of October 2016 as the agency responsible for processing federal background checks for OPM. At the time, outgoing Defense Department CIO Terry Halvorsen said it would take 12 to 18 months to get the NBIB’s secure, back-end IT architecture, which will be managed by the DOD, actually up and running.
As of Oct. 1, NBIB absorbed the existing mission, functions, and personnel of OPM’s Federal Investigative Services. The White House named Charles Phalen Jr. as NBIB’s first director, and he brings a strong security pedigree to the job. Phalen served as director of security for the Central Intelligence Agency from 2007 to 2011, then took over as vice president of corporate security at Northrop Grumman from 2011 to April 2016.
NBIB, a semiautonomous agency housed in OPM, was unveiled in January 2016 in the wake of OPM breaches that resulted in the theft of the personal information of more than 22.1 million current, former and potential federal employees. Although inside OPM, the DOD has been put in charge of the IT systems and security for the bureau.
In her memo, Cobert noted that “to leverage the latest technology, protect sensitive information, and best defend against evolving threats, NBIB’s IT systems will be designed, secured, and operated by DOD.”
NBIB will leverage DOD’s cybersecurity expertise to protect its systems, Cobert said. As OPM transitions to the more secure systems, DOD and OPM have been collaborating to enhance the security of OPM’s legacy networks, Cobert said.
To help background investigators capture relevant information and complete their work efficiently, NBIB will “streamline its internal business processes, embrace tools that enhance automation, improve the ability to share information across government, and explore new and evolving information sources like social media,” Cobert said.
NBIB will also enhance customer service and “maintain formal and informal lines of communication to facilitate open dialogue with all stakeholders, including local law enforcement that provides much of the information relevant to the investigations, and the agencies that rely on the collected information to make decisions.”
Key elements of the modernized and strengthened background investigations system include continuous evaluation of security threats, Cobert said.
“The government needs a way to identify potential national security threats in real time,” she said, urging a push toward a system that “notifies officials of incidents or potential red flags immediately, rather than waiting for the next reinvestigation to identify risks.”
Such a model would “allow for re-evaluations based on risk rather than fixed timelines” and would “enable faster transitions for an increasingly mobile workforce as applicants and employees change jobs across government and industry.”
NBIB should also take a risk-based approach to vetting, Cobert said, adding that “decision-makers need to access the right information at the right time.”
“The digital environment has revealed new types of records, such as social media, that can generate information electronically,” Cobert said. “We need a way to access this information and a strategy that lets us determine which new sources are relevant to adjudications while respecting individual liberties and privacy. There are also still many highly relevant records, such as law enforcement records, that often can only be accessed manually. The government should pursue a strategy that better enables us to access both.”
NBIB should also “evolve, innovate, and make empirically-based decisions” because such a strategy is “critical for the process to continue to adapt to new and emerging threats.”
“We must analyze the impact of new policies and procedures, evaluate new methodologies, and identify and resolve potential challenges through coordination with stakeholders from across the government,” Cobert said.
Cobert urged the Trump administration to continue to push for NBIB to get off the ground. “Leadership within OPM, DOD, the Office of the Director of National Intelligence, and the Office of Management and Budget will need to continue close collaboration through the Performance Accountability Council and prioritize this important work within their agencies,” she said.
NBIB should also focus on reducing the backlog of investigations and “continue to diligently execute initiatives to streamline business processes, increase automation, add investigative resources, and improve the way information is verified and shared.”
Cobert also said that “new systems must be built using an IT strategy informed by the needs of stakeholders across government and informed by best practices. In addition to securing the sensitive data collected in the investigations, improvements to the IT systems can make the background investigation processes more efficient, nimble and responsive.”