[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
                           GAO INSIGHTS INTO 
                       SECURITY CLEARANCE REFORM 

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                   INTELLIGENCE COMMUNITY MANAGEMENT

                                 of the

                       PERMANENT SELECT COMMITTEE
                            ON INTELLIGENCE

                       ONE HUNDRED TENTH CONGRESS

                             SECOND SESSION

                               __________

             Hearing held in Washington, DC, July 30, 2008


                  Printed for the use of the Committee

                               ----------
                         U.S. GOVERNMENT PRINTING OFFICE 

44-570 PDF                       WASHINGTON : 2008 

For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
Washington, DC 20402-0001 































               PERMANENT SELECT COMMITTEE ON INTELLIGENCE

                    SILVESTRE REYES, Texas, Chairman
LEONARD L. BOSWELL, Iowa             PETER HOEKSTRA, Michigan
ROBERT E. (BUD) CRAMER, Alabama      TERRY EVERETT, Alabama
ANNA G. ESHOO, California            ELTON GALLEGLY, California
RUSH D. HOLT, New Jersey             HEATHER WILSON, New Mexico
C.A. DUTCH RUPPERSBERGER, Maryland   MAC THORNBERRY, Texas
JOHN F. TIERNEY, Massachusetts       JOHN M. McHUGH, New York
MIKE THOMPSON, California            TODD TIAHRT, Kansas
JANICE D. SCHAKOWSKY, Illinois       MIKE ROGERS, Michigan
JAMES R. LANGEVIN, Rhode Island      DARRELL E. ISSA, California
PATRICK J. MURPHY, Pennsylvania
ADAM B. SCHIFF, California

          Nancy Pelosi, California, Speaker, Ex Officio Member
       John A. Boehner, Ohio, Minority Leader, Ex Officio Member
                    Michael Delaney, Staff Director


              GAO INSIGHTS INTO SECURITY CLEARANCE REFORM

                              ----------                              


                        WEDNESDAY, JULY 30, 2008

                  House of Representatives,
        Permanent Select Committee on Intelligence,
         Subcommittee on Intelligence Community Management,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 3:07 p.m., in 
room 2212, Rayburn House Office Building, the Hon. Anna G. 
Eshoo (chairwoman of the subcommittee) presiding.
    Present: Representatives Eshoo, Holt, and Issa.
    Chairwoman Eshoo. Good afternoon, everyone. I hope you are 
all well. The first thing I would like to do is to thank you 
for your patience in waiting for us to begin the hearing.
    My name is Anna Eshoo. I chair the Intelligence Community 
Management Subcommittee; and just as I was en route to be here 
a few minutes before 2:30, the bells went off. Perhaps it is 
better that they did then and won't interrupt our hearing.
    I know the Ranking Member will be here. He has a very 
important vote over at the Judiciary Committee. So I will start 
out with an opening statement; and, again, thank you to 
everyone that is here.
    This is our second hearing on security clearance reform. We 
all know that the clearance system serves two main functions. 
It should clear trustworthy people into the community so that 
they can serve without undue delay, and it is supposed to keep 
out those who pose security threats.
    In recent years, the security system has been plagued by 
delays in clearing people into the community quickly, on a 
timely basis. These challenges have been amply documented by 
the GAO. I know no one has done the work that the GAO has done 
on this issue. It is highly instructive to all of us not only 
on this subcommittee but the full committee, and we salute the 
GAO for the work that they have done.
    In response to these concerns, Congress enacted the 
Intelligence Reform and Terrorism Prevention Act of 2004, which 
had some very specific language for reform which directed 
improvements in timelines and in quality. The administration 
has made strides, though belated, in addressing the delays, but 
it has not been as aggressive in addressing other reforms until 
recently. And as my mother used to say, nothing like waiting 
for the last minute. But let's see what we can get done.
    At our last hearing, we heard testimony from the GAO and 
the administration on their most recent reform efforts which 
were just beginning. In the beginning of 2005, in compliance 
with the Intelligence Reform Act, the President issued an 
Executive Order that authorized OMB to reform the clearance 
process. Earlier this year, a joint DOD-ODNI reform team 
published an initial report on their vision of clearance 
reform.
    Now these are all steps, but what it says to me is that we 
haven't even begun. I know that there are things that have to 
be done in preparation, but we still haven't gotten there. It 
is still what I consider to be mostly a Cold War system.
    Now, most recently, on June 30, the President signed 
another Executive Order dividing responsibilities for clearance 
reform among the ODNI, OPM and OMB. Given the flurry of 
clearance reform activity by the administration and the 
constantly shifting division of labor, I think it is critical 
that Congress keep a watchful eye on the program and ensure 
that progress in this area is actually made.
    There are a lot of people in a lot of functions that are 
dependent upon a 21st century looking, forward-leaning security 
clearance program. Members of the subcommittee remain concerned 
that the administration has not developed metrics to evaluate 
the quality of the process and has been inconsistent in 
interpreting congressional intent on reciprocity between the 
agencies, the consolidation of the process or uniformity of the 
process across agencies.
    We need to get this right. And I will say it again. We need 
to get this right. I spent 2 years chairing this little 
subcommittee; and I really thought, if someone had asked me 2 
years ago where we would be on this, I would have said we would 
have been at least maybe 60, 65 percent on the road to progress 
and the implementation was taking place. We are still in the 
planning stages of this thing. So we need to get this right.
    What is at stake with clearance reform I think is the 
success of the Intelligence Community. Both the public and the 
private sectors both rely on it.
    This is a function that has to be engaged in by our 
government. People can't go to Macy's or Neiman Marcus to get 
these clearances, to buy them or to process them. They have to 
come to us. Every intelligence community employee, whether they 
are working for the government or for a contractor, has to hold 
a clearance from top to bottom. Whether one is the director of 
an agency, an entry level translator, an aerospace engineer or 
an IT consultant, you need a clearance.
    A malfunctioning clearance system keeps the right people 
out and lets the wrong people in, and it jeopardizes the 
security of our country. We have to ensure that we bring in the 
linguistic and the cultural talent that we need.
    I am kind of a broken record on that along with several of 
my colleagues on the full committee. We have to ensure that 
intelligence professionals can transfer and collaborate between 
intelligence agencies. In other words, they have to fit into 
different settings; and reform has to fit the mission needs. To 
that end, we may need to re-evaluate some of the assumptions of 
the reform legislation and consider whether a different 
approach is necessary.
    To assist us in our oversight, this committee asked the GAO 
to evaluate certain reform efforts, including the GAO's first 
assessment of the Intelligence Community's security clearance 
process. We made a formal request for an assessment of the 
ongoing joint DNI-DOD reform pilot effort relative to best 
practice standards that GAO has used in the past. We also asked 
for a review of the criteria that the administration is using 
to assess the effectiveness of its efforts, and the GAO is here 
today to share their initial findings.
    Our witness today is Ms. Brenda Farrell, the Director of 
Military and Civilian Personnel and Medical Readiness, Defense 
Capabilities and Management. She has had years of valuable 
experience and can provide this committee with a historical 
perspective on the challenges we face in our efforts to deal 
with the problems.
    I hope that you will address a few key questions today; and 
they are:
    Does the administration's reform plan offer solutions to 
the clearance problems GAO has identified in past assessments? 
And if anyone hasn't taken the time, I would recommend that you 
pour through all the work that GAO has done on this. I mean, 
these are volumes of really superb work.
    Is the reform plan an improvement over the current system? 
I mean, is it going to take us to where we want to land? Or is 
it one layer over another of planning activities without the 
kind of direction or directive that it needs to be?
    And has the administration developed adequate metrics to 
assess the quality of its system? Planning is wonderful. Ideas 
are always important. But if you can't measure these things to 
see if you are producing the outcomes that the initial process 
and planning was for. If not, then you are really, in my view, 
back to square one.
    So we have also asked for an initial evaluation of the new 
Executive order on clearance reforms signed by the President at 
the end of June, and I look forward to that evaluation and 
especially your testimony.
    So with that, since our Ranking Member is not here--I will 
recognize him as soon as he comes in. As I said, he had a vote, 
a very important vote at the Judiciary Committee. And then he 
said he would be over here to join us as well as some of the 
other members of the subcommittee.
    I want to welcome you again, Ms. Farrell, and thank you for 
the very important, superb, professional work that you do. So, 
with that, I will ask you to make your statement.
    Ms. Farrell. Thank you so much.
    Chairwoman Eshoo. It looks like it is just the two of us 
with an audience, right? It is kind of a luxury though, isn't 
it?

STATEMENT OF BRENDA S. FARRELL, DIRECTOR, DEFENSE CAPABILITIES 
                         AND MANAGEMENT

    Ms. Farrell. Thank you so much for those kinds words, too, 
about GAO. We are proud of the decades of work, that you are 
obviously very familiar with, on personnel security clearances. 
But, if I may, I will briefly summarize my written statement; 
and then, hopefully, the others will join us.
    Again, thank you for the opportunity to be here today to 
discuss GAO's preliminary observations on the Federal 
Government's efforts to reform the security clearance process. 
My remarks today are based on our preliminary review of the 
Joint Security and Suitability Reform Team's initial plan and 
the recently issued Executive Order 13467, our prior work on 
security clearance processes and best practices developed from 
GAO's institutional knowledge of organizational transformation.
    Next month, we plan to officially begin our detailed review 
of the joint reform efforts as requested by the Chairman of the 
Permanent Select Committee on Intelligence and you, Madam 
Chairwoman, in your capacity as Chair of this Subcommittee.
    GAO placed the Department of Defense's personnel security 
clearance program on our high-risk list in 2005 because of a 
variety of long-standing problems that increase a risk to 
national security. These problems include delays in clearance 
processing, incomplete investigations and the granting of 
clearances based on incomplete data.
    Since then, the government has undertaken a number of 
clearance reform efforts, including an April 30, 2008, initial 
plan by the Joint Security and Suitability Reform Team. The 
plan outlines a new seven-step process for determining 
clearance eligibility.
    Another effort was an issuance in June, 2008, of the 
Executive Order 13467 that responds to the initial reform plan 
by establishing a Performance Accountability Council to 
implement reform efforts.
    The joint reform team's initial plan in the Executive order 
reflected the collaborative efforts of several key agencies, 
including the Office of Management and Budget, DOD, the Office 
of Director of National Intelligence, and the Office of 
Personnel Management. In addition, before this subcommittee in 
February of this year, we identified four factors key to 
reforming the security clearance process.
    My written statement is divided into three parts. First, 
the recent security efforts as reflected in the joint reform 
team's initial plan and Executive Order 13467 consist of 
several positive elements, including responsiveness to the 
President's direction with an initial plan that identifies 
near-term actions to follow, input from key stakeholders and 
support and accountability of high-level leadership. For 
example, the initial plan described several near-term actions 
that will be taken to transform the security process across the 
Federal Government. These actions include establishing an 
executive branch governance structure to achieve the goals of 
reform and sustain reform momentum through the upcoming 
administration transition; developing and initiating automated 
systems for the application, adjudication and record-checking 
steps; and developing information technology strategy to enable 
improvements government-wide.
    Second, the joint reform team's plan and the Executive 
order begin to but do not fully address the four factors that 
GAO identified before this committee as key to reforming the 
process. These factors are having a sound requirements 
determination in place, building quality into every step of the 
clearance process, heading a valid set of metrics for 
evaluating efficiency and effectiveness, and providing Congress 
with long-term funding requirements of security reform.
    First, although the plan states that a reformed clearance 
process would begin with a step to validate the need for a 
clearance, neither the plan nor the Executive order includes 
discrete actions for implementing a sound requirements 
determination process.
    Second, while the plan provides some information on 
building quality into the clearance process, it provides 
limited details on how the newly automated processes will 
ensure quality.
    Third, the reform efforts emphasize timeliness but do not 
discuss the use of additional metrics that could be used to 
evaluate the performance of a reform process.
    Finally, neither the plan nor the Executive order contain 
information about funding requirements, which limits their 
utility in helping decision makers.
    The last part of my written statement addresses how moving 
forward the reform efforts could benefit from clearly 
incorporating additional best practices that GAO has identified 
for agencies to successfully transform their cultures. This is 
particularly important since a central theme of the 9/11 
Commission Report was that one of the major challenges facing 
the Intelligence Community is moving from a culture of need to 
know to a culture of need to share.
    These best practices include, among other things, 
establishing a coherent mission and integrating strategic goals 
to guide the transformation, focusing on a key set of 
principles and priorities at the outset of the transformation, 
setting implementation goals and a timeline to build momentum 
and show progress from day one and, last, establishing a 
communication strategy to create shared expectations and report 
related progress.
    Further, the Intelligence Reform and Terrorism Prevention 
Act of 2004 sets clearance processing timeliness requirements, 
general specifications for an integrated database and 
reciprocity across government. Using the best practices to meet 
IRTPA requirements can assist the newly formed Performance 
Accountability Council in the development of a coherent 
mission, guide the transformation and focus efforts on key 
principles and priorities as the Council prepares its December, 
2008, report which we understand from OMB will detail 
implementation of the reformed security process.
    In summary, the current reform efforts represent positive 
steps forward. The key to successfully reforming the personnel 
security process is how these reform efforts will be 
implemented.
    Again, GAO is honored to be before you today, and we look 
forward to conducting a more detailed review of these reform 
efforts, and in that review we plan to examine all of the 
considerations presented in my written statement as the efforts 
move forward. Thank you, Madam Chair, and I will be pleased to 
take questions whenever you are ready.
    Chairwoman Eshoo. Thank you very much, Ms. Farrell.
    [The statement of Ms. Farrell follows:] 

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Chairwoman Eshoo. We have been joined by the Ranking Member 
of our subcommittee, a very able and respected member of the 
Intelligence Committee and a wonderful partner in the Congress, 
a fellow Californian, Mr. Issa.
    Mr. Issa. Madam Chair, I would like to ask unanimous 
consent to have my written statement put into the record. And I 
will be so brief we will be in questioning before you know it.
    Obviously, we have such a long series of these kind of 
hearings, open hearings whenever possible, because it is so 
important that we get this right. It is so important that 
something we have started down, that seems to be floundering in 
this Member's opinion. And particularly you touched on the 
metrics for speed but maybe not accuracy, budget, uniformity 
and the other issues.
    So I will save the rest of my speech for my questions. And 
I thank the gentlelady. And let's move forward because this is 
a bipartisan issue that we have to get right.
    Chairwoman Eshoo. Thank you, and thank you for being here.
    [The statement of Mr. Issa follows:]

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Chairwoman Eshoo. One can't help but observe that this has 
gone on for a long time. And before we get into some of the 
specifics and the details of what is at hand now and how you 
measure it, why do you think it is, while the GAO placed the 
security clearance on a high-risk list--that should be an 
attention-getter, a high-risk list in 2005, because of the 
long-standing problems. What would you identify as maybe the 
top two or top three things that have kept this from actually 
being fixed?
    Is it so complicated that the agencies don't know how to do 
it, that the overall planning has lacked something? Is it that 
there is not a designated heavy hitter, an effective leader in 
it? Is it that the agencies are proprietary and if they get 
involved they may have to give something up? What do you find 
to be the reason for this?
    I am curious, given all of the reports.
    Ms. Farrell. Certainly. Well, I think that the requirements 
were laid out in the IRTPA of 2004, of what the intent was in 
terms of personnel security reform. Leadership was definitely 
needed. How that was to be achieved was not evident at the 
beginning. By the time we hit 2005, OMB, due to Executive Order 
13383, stepped up to the plate and provided the leadership in 
terms of trying to move the agencies forward to a common goal.
    A plan was issued in November of 2005. We testified a 
couple of days after that plan was issued. We said at that time 
that, although leadership was now evident with OMB, this was a 
very positive thing, we still did not see a plan with details 
in terms of goals, metrics, milestones; and these were the 
things that were needed in order to move a very significant 
transformation forward.
    Since then, as you have noted, there have been other 
planning efforts. And the good thing that we are seeing, 
besides leadership at this stage, is the collaboration, among 
other things. You didn't see the collaboration when GAO was 
looking at these efforts in the past. And the collaboration 
being amongst the key players, the DNI, the DOD, OMB, OPM. I 
think they should be recognized for coming together at this 
stage and having at least a collaborative plan that is 
reflected in the April 30, 2008, plan of this year.
    But, in 2005, we saw what you acknowledged earlier in your 
opening, a lack of clear milestones in how you are going to get 
there; and you need those so that when you are off course you 
can identify why you are off course and make a course 
correction. That is what has been missing.
    Chairwoman Eshoo. I am going to run through some of the 
directives in the Act and ask you to give us a letter grade on 
them, what you think, where we are on them right now.
    Creation of a single entity for oversight of security 
clearances.
    Ms. Farrell. We would probably give them higher marks 
because we, again----
    Chairwoman Eshoo. Higher. What is higher? B?
    Ms. Farrell. Above meets.
    Chairwoman Eshoo. B plus?
    Ms. Farrell. I don't give letter grades, but it would be at 
the upper end.
    Chairwoman Eshoo. That sounds like a B plus to me.
    Ms. Farrell. A few years ago, the Executive order did 
establish OMB as being the single entity responsible for 
clearance oversight; and that was recognized in 2005. Now there 
are some questions that are arising with the latest Executive 
order about the new Performance Accountability Council and 
their role. We do have some work that we have to do to 
understand the roles and responsibilities of that Council and 
how they act as a single entity in response to IRTPA.
    Chairwoman Eshoo. Interagency reciprocity of security 
clearances.
    Ms. Farrell. That is an unknown. We hear anecdotal stories 
about reciprocity. The extent of the problem hasn't been 
clearly defined. If you ask OMB, OPM and others, they will tell 
you there is no issue with reciprocity. Our concern is OPM has 
oversight of what is going on in DOD, but they don't have 
oversight of what is going on in the Intelligence Community. 
And, as you know, we have ongoing work for this subcommittee to 
look at the Intelligence Committee, not just the timeliness and 
the quality but the issues of reciprocity and is it a problem.
    Chairwoman Eshoo. Creation of a single, integrated database 
for security clearances, are we anywhere near that?
    Ms. Farrell. That doesn't exist. We have asked questions.
    Chairwoman Eshoo. That is our hope and our prayer.
    Okay. Evaluation of available information technologies.
    Ms. Farrell. PERSEREC, as you are probably familiar with, 
has been doing research for years about potential technology 
that can be used to streamline the process. So there has been a 
lot going on in that area. We will be looking even closer about 
where do those demonstration projects fit with the long-term 
goals that are laid out in IRTPA. So there is work going on in 
there.
    Chairwoman Eshoo. Reducing the length of security clearance 
processing to 90 days by the end of the year. I think there has 
been progress made on that, in some areas, anyway.
    Ms. Farrell. The OMB report show that the numbers are going 
in the right direction. It is good to have interim goals to get 
to your long-term goal of 60 days. Whether they will get there 
or not remains to be seen. When you have reform efforts as 
major as the one that is being planned, they could be put off-
course to some extent. But the numbers appear to be moving in 
the right direction.
    When we looked at the numbers in 2006, there was quite a 
bit of disagreement, as you know, between OMB and GAO about the 
numbers for timeliness. But I will note that in the February, 
2008, report of OMB, the numbers that they reported for 2006 
were the same as the numbers that we reported. We are looking 
very carefully at this point to see what are the current 
numbers.
    There are concerns still about the starting point for the 
clearance process. We disagree with OMB about--when you measure 
end-to-end processing, where do you start? Do you start with 
when the applicant submits the application or when the security 
officer submits it?
    Then there is the question of, do you count the time to 
transfer the investigative report to the adjudicators? Does 
that go with the investigator's time or the adjudicator's time?
    So there are still some points that we are asking about and 
looking at in great detail right now to see how accurate are 
those numbers and if they reflect what you are wanting to see 
as required with IRTPA.
    Chairwoman Eshoo. Mr. Issa.
    Mr. Issa. Thank you, Madam Chair. I am going to follow up 
on the same line.
    Although it is pretty easy to tell if you get a security 
clearance in 90 days, pretty easy to tell if the adjudication 
runs 30 days or less, of what real value is that unless all the 
other important issues of accuracy, uniformity, you know, if 
you will, reciprocity, if those aren't achieved, then in a 
sense aren't we simply saying, okay, deadline, give them that. 
It is a little bit like a court that has a 90-day requirement 
or that they have to let the felon go. Well, obviously, they 
are going to get him to trial, but it doesn't mean they are 
ready for trial. And, by the way, if they let him go, that is 
not good.
    So my question is, did we fundamentally flaw in making 90 
days and then the final goal of 60 days anything more than the 
last step, rather than the first step in the reform?
    Ms. Farrell. The reform effort, when it started in 2005, 
was focused on timeliness; and that was in response to IRTPA.
    Some of the other issues with respect to--with transferring 
clearances across government fell to the bottom of the list. 
The target was the 60, as you mentioned. Our concern has been 
exactly what you are raising, that you might increase the speed 
but the quality of the investigations has been called into 
doubt. We are also looking at the adjudication phase for which 
there are no metrics. So it is something though that can be 
corrected with the reform effort.
    The good news is that, in the April 30 plan, there is an 
acknowledgement of quality metrics needing be to be put in 
place, but we don't have any more information than that. As you 
know, for going back to 1999, GAO reported that the only metric 
that was being used was when investigations were returned; and 
that, by itself, was not enough to assess the quality of the 
investigations, much less the other steps in the process.
    So we would like to see quality and quality metrics built 
into the reform process every step of the phase.
    Mr. Issa. Following up on that, because it is not in the 
Act, although we have a single point for oversight--and one 
could say that there is a single point for oversight and it is 
at the dais here, you know, in that the committees, in a sense, 
are the ultimate oversight. As we start looking at possible 
add-on or future follow-on legislation, since it has been 4 
years, and that is about the time that we start on something 
that 6 years later often becomes law, would it be, from a 
management practice----
    I come from the private sector, even though I have been 
here 8 years, I guess. In the private sector, we would say, 
well, wait a second, you want everyone to trust a common 
clearance. Well, the easiest way to do that is to say, okay, 
instead of CIA and Defense Intelligence and everyone having 
their own little fiefdoms, we will simply have a single entity, 
although they may be implanted in these various intelligence 
communities, that owns this. And, if you will, a little like 
the Corps of Engineers which not only does the Army Corps but 
also does NASA, probably is responsible for everything except 
this building.
    In a sense, do you believe, from your experience and the 
progress we have made and failed to make, that perhaps that was 
something that Congress should have looked at, was that a 
uniform security agency--security clearance agency could have, 
in fact, guaranteed that the examiners, the computer systems, 
the processes, the interface with the FBI and those who--
because that may not be the FBI as the agency.
    But all of that would be uniform, by definition, if you 
created one career group that, in fact, this is what they did. 
They got a high-level clearance. They were then embedded in the 
appropriate places to do their job, because they need to be all 
over. But, at the end of the day, the oversight is pretty easy. 
We funnel up to one organization that is responsible, and then 
we have oversight on them.
    And, yes, the CIA says, I need this. But they say it to the 
same entity that Defense Intelligence says and the NRO says and 
everyone else says so that, if they specified the same level, 
they get the same level. Looking back, is this something that 
we should have anticipated and perhaps done?
    Ms. Farrell. The Act was clear that a single entity, 
whether it was a department or an agency or an element of the 
Federal Government, was to be responsible for six--I think it 
was six aspects of the security clearance process. The law gave 
OMB leeway to proceed with how they saw that this could----
    Mr. Issa. My question is the leeway, if you will.
    Ms. Farrell. And, as I said, to respond to the 2005 
Executive order, OMB did step up to the plate. They were 
provided the leadership to be that single entity that would be 
providing oversight and move on from there.
    Now we have this Performance Accountability Council. The 
DNI that is the executive agent for the security clearance 
process. OPM is the executive agent for suitability. OMB though 
is still Chair of the Performance Accountability Council, but 
we will be questioning the Council about how do they see their 
role in terms of that single entity? Does OMB as Chair of the 
performance accountability rule what the executive agents do? 
Or does the DNI have responsibility that is separate from this 
Performance Accountability Council? This is something that we 
are going to be exploring further.
    But you gave leeway again to OMB to see how they wanted to 
move forward, and that has been a stumbling block in terms of 
who is in charge to keep moving this forward. Right now, it 
appears to be OMB as Chair of that Council. But we need to talk 
to them more to see how they see carrying out their role.
    Mr. Issa. Well, working with the gentlelady, I think we are 
reaching that point where we are asking did we give too much 
leeway?
    I will share with you very quickly. I was in another 
committee today where a sergeant had been electrocuted in Iraq, 
and the hearing dealt with a contractor who was sort of the 
plumber and the electrician for the buildings. And it was 
unclear what their role was, what they were supposed to do, not 
do. And I asked six people there, five of whom were former 
commissioned officers and the three commissioned officers 
behind them, well, didn't the sergeant have a lieutenant that 
was supposed to care for his health and well-being and didn't 
that lieutenant have a captain and didn't that captain have a 
colonel?
    Well, it turned out, yes, they had a chain of command, all 
of whom were responsible to make sure that the previously 
reported shocks that people were getting in the shower didn't 
allow him to later be electrocuted because no one should have 
been in that shower from the first time. There was that.
    To a certain extent, I am seeing a correlation here that 
concerns me. If the basics of who is in charge--if we don't get 
that right, then we are going to have later questions that you 
are having now.
    Is everyone playing well together in the sandbox? I am 
hearing and I think Ms. Eshoo and I both are hearing at every 
one of our hearings that people aren't playing as well in the 
sandbox and the usual question of, well, the DNI is an emerging 
power. Should they take the lead? All of this--and the DNI and 
the FBI are never going to play well together in the sandbox 
because they weren't mandated by Congress to be the same 
entities.
    So we start seeing that, in fact, we may have had a 
fundamental mistake, which is that whether it is the people 
behind us on the dais needing clearances or contractors needing 
clearances, that, in fact, it wasn't easy to hand to one group 
and say, make everyone play. Am I hearing that correctly? 
Because that is the impression I am getting here, and it is not 
the first time I have gotten it.
    Ms. Farrell. Well, again, maybe one of the reasons why it 
has been taking so long is to get people to play together. But 
that is what we are seeing with the latest efforts with this 
Performance Accountability Council. You have heard OMB and OPM 
and the DNI say, this is the first time they have actually come 
together and tried to have an agreement to move forward.
    But there are questions about who is in charge. And this 
again is something that we need to explore, with how do they 
see the Chair of the Performance Accountability Council or the 
executive agents fitting with this single entity that is 
described in IRTPA?
    Mr. Issa. Okay. Madam Chair, I have a markup to go to, but 
I would like to ask, if at all possible, that we look during 
the September session at asking to have a panel back before us 
to see whether or not, going into the next administration, we 
have to immediately act. Because it does appear as though--you 
know, we both know there is going to be a lot of new 
appointments, and we can either set the tone or not set the 
tone to get progress in that next administration. So I would 
hope that we could set a short fuse to revisit this to see 
whether that progress has actually come to fruition in as 
little as, let's say, July or August and the first part of 
September.
    Chairwoman Eshoo. I think that is an excellent suggestion. 
I wanted to start out with the GAO first and then when we 
return after the August break to do exactly what you said. 
There is a short time frame here.
    And I am delighted that you were here to participate. You 
are an important partner in this.
    Mr. Issa. And I apologize. Mr. Conyers will not wait.
    Chairwoman Eshoo. He has got to get your vote. Thank you 
very much.
    I think, in listening to both Mr. Issa's questions and your 
responses as well as your opening remarks, Ms. Farrell, that 
what I am reminded of is that nothing has really changed 
dramatically in terms of the structure, a new structure, a new 
way of doing business, something that is streamlined and timely 
and all that is attached to that, that in all of this planning 
there has not been one security clearance that these people 
have approved.
    We have layers and layers of planning--and I am not one to 
diminish the need for good, solid planning. You have a good 
plan. Then that leads to, I think, that much more of an 
effective execution and implementation. But it seems to me that 
we are caught in layers here and that there are still questions 
about who may be in charge, if the others are buying in. We are 
not going to find that out until we bring them in and let's 
hear what they have to say to each other.
    But what I am hearing from you really leads me to a place 
where I am still not satisfied. I am uncomfortable. Tell me 
this, do you think that there is hope for specifics in the 
reform plan that can be executed before the end of this 
administration? Or is that just too much to hope for?
    Ms. Farrell. Well, the good news is the April 30 plan does 
have some near-term primary goals. And that makes----
    Chairwoman Eshoo. Do you think they can execute them? I 
mean, these are plans and intentions and more plans that direct 
the stakeholders to execute.
    Ms. Farrell. It is a plan that requires more planning with 
action. But it does differ from the 2005 plan that had no near-
term primary goals. This April plan does have some primary 
near-term goals.
    We don't see those near-term goals connected with the long-
term goals of IRTPA. One of the near-term goals, again, was the 
governance structure, which is the Executive Order 13467 that 
establishes this Performance Accountability Council. That is an 
example of a near-term goal that they have put in motion. So I 
think we should keep in mind that that plan does differ from 
previous plans.
    Initially, we were also thinking that we would be seeing 
some interim plans before the final implementation. Mr. Johnson 
informed us that there would not be any other interim plans. 
They decided it was in the best interest in order to keep 
moving forward to have everything wrapped up by December 2008. 
And we are told that much is under way. That is what we will be 
asking questions about. Do they have pieces of this out there 
that needs to be consolidated into one plan? And what is behind 
that?
    But it is important I think to recognize that the 
difference with the April plan is that it does have some near-
term actions. Our concern still is that--linking that to the 
long-term goals, of whether it is an integrated database and 
how you are going to get there, who is responsible for it, how 
are you going to measure your progress to get there, we don't 
see that.
    Chairwoman Eshoo. Do you think that the agencies--which all 
need to have timely security clearances issued--have a sense 
that they have a sense of urgency about it?
    Ms. Farrell. The Intelligence Community agencies?
    Chairwoman Eshoo. Yes. Or are they kind of comfortable with 
where they are and how they do it?
    Ms. Farrell. We hear anecdotal stories all the time, as I 
think you do; and in the course of our work we have had 
concerns expressed about DHS, FBI, individual cases. This is 
the first time that we have had work where we actually are 
going in to measure the timeliness and see if it is a problem 
and is quality a problem in the Intelligence Community the same 
way that we have seen with the DOD community. So that is work 
that you requested that I am happy to say is under way.
    Chairwoman Eshoo. Where do you think this needs to be by 
the end of the year to hand over to a new administration?
    Ms. Farrell. The Joint Team needs to do what they say they 
are going to deliver in December, which is a very detailed 
implementation plan with the performance accountability 
council's roles even more defined in terms of who is in charge. 
Does that single entity meet IRTPA requirements? Does anyone 
have voting rights? They need a very coherent mission with 
common goals, with milestones so that they can hand it off to 
the next administration. If you don't have a detailed plan with 
specifics that can be measured, then you can't determine if you 
are on the right road to transformation.
    Chairwoman Eshoo. This is OMB's security and suitability 
process reform initial report April 30, 2008. Under CY 08 they 
have a whole list of bullets, and the second one is to draft 
and submit an Executive Order to ensure fitness reciprocity and 
reinvestigation of individuals in public trust positions. Can 
you tell us about where that is? Do you know? Can you comment 
on this one?
    Ms. Farrell. Well, to our knowledge--again, we have just 
started this work--the only action that has been fulfilled in 
that plan is that of the Executive Order, establishing the 
governance structure which is one of their near-term goals.
    For these other issues, those require action to be taken. 
It is possible, I guess, that they have taken that. The 
Executive order is about a month old at this point, which may 
move them a little bit further in terms of the accountability. 
But we have not seen the specifics.
    Chairwoman Eshoo. Have you seen the full Executive Order 
and what it contains?
    Ms. Farrell. The Executive order, yes. But we haven't seen 
the specifics of any details behind that plan, other than the--
--
    Chairwoman Eshoo. On the one I just asked about.
    Ms. Farrell. There is the appendix that accompanies that 
plan. It is more about hindsight of projects that they have 
completed, rather than where they are going.
    Chairwoman Eshoo. I just have this overwhelming sensibility 
that we are driving with an emergency brake on. You know? We 
are moving, but none of this seems to have a sense of urgency 
relative to reforming the whole system.
    I don't know if we didn't give them clear enough direction 
in IRTPA or if the GAO sees a further need for legislative 
direction from the Congress, from the Intelligence Committee to 
get this going. I mean, I think that that is an important 
consideration as well.
    I am not suggesting just because we had language to direct 
something that it was perfect and absolutely clear. And if it 
needs to be more directive and have more clarity and have some 
time frames around it and some specifics, then maybe if you 
have any suggestions or views in that area----
    Ms. Farrell. I would want to see what is going to be in 
their December 2008 plan. We are told that--when we shared the 
message of our statement with Mr. Johnson last week, we were 
told that everything we were discussing would be reflected down 
the road, that it was in motion, it was evolving.
    We also had a discussion about how the focus has been on 
timeliness. It has not been on these other issues that we have 
been discussing today with the database and reciprocity and the 
other issues. You can see that when you look at the February 
OMB 2007 report and the February OMB 2008 report. The focus is 
on timeliness. And, with timeliness, they had interim steps of 
how they were trying to get to the 60 days to issue a 
clearance. And that is good that they had those interim steps 
for timeliness, but you don't see interim steps to develop an 
integrated database that the agencies could use----
    Chairwoman Eshoo. Well, it seems to me that the 
administration has made progress, in addressing timeliness--and 
I salute their having achieved a better time frame for some of 
these security clearances. But that is only one part of it. And 
the other pieces, in my view, are tougher to do. They are 
tougher to do.
    And so I think the ball is being bounced and passed along 
through these various committees and executive orders and 
reviews and structure and plans, et cetera, et cetera, et 
cetera; and we are not doing ourselves any favor by this.
    Has the administration indicated to you that they are 
planning to reform the suitability guidelines, you know, what I 
had asked about earlier?
    Ms. Farrell. We have been told that part of the reform 
effort is to look at suitability guidelines, look at the 
clearance guidelines in terms of investigations and 
adjudications and see how the two sets can work better 
together. As you know now, they are rather isolated and there 
are questions about duplication. We are told that guidelines 
are part of the reform effort.
    Chairwoman Eshoo. Well, the Intelligence Reform Act stated 
that there should be a single entity. I mean, to me that is 
very clear. And I don't think the Congress' intent here when we 
referred to a single entity is a single planning group. I don't 
think that is what it is about. I have respect for planning, 
but I don't think that that is what the intention of the 
Congress was. And, yes, one has to take place in order to 
achieve the other.
    Do you think that equal attention is being paid to 
adjudications and investigations?
    Ms. Farrell. In the past, you know, we have raised the 
issue of quality throughout the process; and the answer was no. 
Again, we are looking at that again right now.
    Chairwoman Eshoo. Is there any way for that to be measured 
now in the present system?
    Ms. Farrell. Yes, we believe it is. We believe that you can 
have metrics in the present system from the beginning to the 
end.
    Chairwoman Eshoo. But there aren't, though.
    Ms. Farrell. Currently, there is only, as we have discussed 
before, one metric; and we are not even sure that that metric 
is being used right now for the investigative phase, that being 
the number of investigations that are returned by the 
adjudicators to the investigators. Several years ago we know 
that that was the metric that was being used, but it has fallen 
out of reports recently. We are not sure that any metrics are 
being used for the current system.
    Chairwoman Eshoo. Has the administration established a 
timeline or any specific objectives that have to be achieved to 
create a single adjudicative entity, do you know?
    Ms. Farrell. Not to our--again, the timelines are what are 
missing from this April 30 plan, that we are told that there 
will be more specifics in the December plan.
    The Performance Accountability Council had their first 
meeting last Tuesday. We were over at OMB, and they were 
meeting that afternoon. They were going to be discussing how to 
form subcommittees to carry out some of these actions.
    Chairwoman Eshoo. There we go. It is getting really hot. It 
is heating up. We are going to do subcommittees! We have to 
have a sense of humor about some things I guess.
    Ms. Farrell. There were discussions about bringing other 
stakeholders in, other Federal agencies, the Commerce 
Department, VA, others that might have a need to be players. 
But, again, it was their first meeting. It appeared that they 
would be meeting about once a month, maybe more often after 
August.
    Chairwoman Eshoo. Why is this so hard to do?
    Ms. Farrell. Why is this so hard?
    Chairwoman Eshoo. Why do you think return is so hard to do?
    Ms. Farrell. It is a complicated issue that has been around 
for decades.
    Chairwoman Eshoo. Let me just dissect that word 
``complicated''. Security clearances are not something that is 
brand new. We have been doing them for a long, long time. These 
reviews of the process are a service that has been rendered, 
whether it is inside of an agency or another agency, and they 
help the agency that needs to have clearances done. It is not 
something that we have never done before and have to maybe go 
to some liaison service to find out about on the other side of 
the world. It is something that we have been doing.
    We know that there are processes that can help. Because 
technology--and I understand this coming from my district, 
which is where all the innovation and so much takes place--can 
certainly speed things up. It can advance. It can enhance. It 
can do a lot of things.
    We know that agencies, especially within the Intelligence 
Community, have a need to hold things close to the vest rather 
than share. And I don't know how much of a problem that is, if 
they just don't want to let go of controlling their process and 
they want to have this within their own agency. But it seems to 
me that this old system has been in place, and served us well 
for a long time. And it certainly reflects the time that it 
served us well, during the Cold War. It seems to me that if 
there is anything that we have duplicated from that, taken from 
that Cold War system is this system; but times have changed yet 
we don't seem to have an urgency to change the system. So I am 
wondering if there needs to be clearer, stronger directive 
legislative language to change the process.
    But I agree with you. I think we have to wait until 
December to see progress. I am not exceptionally hopeful about 
what is going to happen until December. And this isn't 
aspersions against any of the people that are working on this. 
It just seems to me that they are complicating it more with 
their subcommittees.
    Are you as frustrated as I am about this?
    Ms. Farrell. Yes, we are. Yes, we are.
    When I first started at GAO early in the 1980s, we were 
looking at personnel security clearances.
    Chairwoman Eshoo. And there is a long, long history on it.
    Ms. Farrell. And here we are many, many years later; and we 
are still looking at these same issues. It now has management 
attention, though. It goes back to what we were talking about. 
There was management attention in 2005. The problem is 
sustaining it. And management attention by itself won't get you 
transformation. As you know, there are a number of other best 
practices that you have to put in play.
    And now, as we have been discussing, the Performance 
Accountability Council raises another set of questions. It 
looks like this could be a good thing in terms of assigning 
roles and responsibilities for certain areas. We haven't seen 
that before. But how does that really play out when we talk 
about----
    Chairwoman Eshoo. Why don't we have one entity that 
actually is responsible for doing the things that we are 
describing? I mean, it seems to me that you need to establish 
the entity--and then the person that is in charge and goes 
forward to do these things.
    I don't understand why it is being done this way. Because 
right now we are being planned and subcommitteed to death on 
this thing.
    My guess in December is, is that there will be some kind of 
report on the plan and the subcommittees to a new 
administration. And then by the time they start up and they 
review everything that the GAO has said and tried to get the 
agencies to do, et cetera, et cetera, plus review all of this, 
that it will be well into 2009.
    And I am not saying this to be disrespectful. I just think 
that there just isn't any ``umph'' to this thing. There isn't 
anyone that has a sense of urgency--you know, ``fire, fire, 
house on fire,'' saying we have got to get this thing done.
    I think it is being done the wrong way. I think you have 
somebody in charge. Then they say, all right, come on in, here 
is the plan. Here is how we are going to measure it. These are 
the assignments for people. This is the equipment that we need 
to buy in order to enhance the system that we have. This is the 
request we need to make of the Congress. These are some of the 
snags that need to be cleaned up legislatively.
    Otherwise, I will be gone from the Congress. You will be 
retired from the GAO. Maybe that will make some of the people 
in these security clearance subcommittee happy, but reform 
won't be achieved.
    Anyway, I will yield time to I think one of the most 
brilliant Members of the Congress and the House Intelligence 
Committee and this subcommittee, Mr. Holt from New Jersey.
    Mr. Holt. Thank you for the compliment. But, more 
important, thank you for holding this hearing; and thank you, 
Ms. Farrell, for coming.
    How many people in the U.S. Government have security 
clearances?
    Ms. Farrell. The volume of security clearances is unknown 
to us at this time, due to past data reliability problems that 
we have identified with DOD's JPAS system and others. We can 
use the number of investigations that OPM tells us they do, 
which is only one portion of the community that you are 
interested in, the Intelligence Community. I can't tell you 
that number because there is not a reliable number out there 
that I can present to you.
    Mr. Holt. Well, that is what I thought you would say. I 
don't really need to know the answer. I just wanted it on the 
record that nobody knows the answer. I believe it is true.
    Do you also believe it is true that nobody knows the 
answer?
    Ms. Farrell. We, based on our past work with DOD's program, 
would say that is correct. Again, we are just starting our work 
with the Intelligence Community; and we are trying to get a 
reliable number. I will be back to report that or my colleague, 
Ms. Davi D'Agostino, will.
    Mr. Holt. Why do you suppose that the requirement of the 
Intelligence Reform Act on the intelligence part that there be 
a comprehensive database has not been fulfilled? Why do you 
think that provision has not been?
    Ms. Farrell. There are multiple databases among the 
agencies. I think there are over 20 in various stages. One 
issue for them is going to be integrating those databases, 
deciding to use legacy or go with something brand new. That is 
a business transformation effort, and that will require an 
information technology strategy that they have acknowledged in 
the plan, but we haven't seen anything that will move them 
forward to developing that database.
    Mr. Holt. Thank you.
    In April of this year, the Office of Management and Budget 
sent the President a report on security and suitability reform; 
and OMB stated it is now ready to adopt and pursue 
implementation of a process to reform the system that will 
include six concepts: to improve the relevancy of information 
collected, which makes sense because a lot of the investigation 
that goes into this seems to me to be irrelevant to the whole 
purpose of the investigation.
    Ms. Farrell. Yes.
    Mr. Holt. Second, to increase the use of automation to 
speed the process. Third, to focus field investigations on 
specific kinds of information, rather than fishing expeditions. 
Four, to make decisions based on modern analytic assessments of 
risk, rather than a risk-avoidance model. Five, to reduce 
duplication of data. And, six, to use continuous evaluation, 
rather than periodic investigations.
    Did GAO--did you evaluate the methodology that the 
administration used to develop these concepts and do you have 
any idea how they decided to move away from periodic 
reinvestigation to continuous evaluation? I'm not saying that 
is a bad move. I just wonder how they came up with these.
    Ms. Farrell. These concepts are familiar to us. If you look 
at the history of personnel security clearances, whether it is 
the old process or the new process, I think you can make some 
kind of relationship. We don't know the methodology that they 
used to come up with those, but they seem to be logical.
    As far as the continuous evaluation, research has been done 
by DOD for years in this area of what technology can be applied 
to streamline the process and improve quality. So the 
continuous evaluation is a concept that has been discussed for 
some time. We know concepts that have been around. We don't 
know specifics on how to make them materialize.
    Mr. Holt. Thank you.
    On reciprocity, do you think the administration--and 
forgive me, Madam Chair, if I am repeating ground that already 
has been plowed here. Does the administration security reform 
effort move toward reciprocity, transferability--and I am not 
sure that we will ever see an Intelligence Community, one 
badge, as has been suggested, but are we moving toward at least 
transferability, reciprocity, whatever name you want to use?
    Ms. Farrell. We don't see that movement in the plan. IRPTA 
clearly lays that out as a goal. But, again, that is where we 
would like to see a coherent mission with clear goals and steps 
of how the Council or whoever the single entity is in charge is 
going to get there. But you cannot tell what the movement is to 
reciprocity by looking at the plan or at the Executive order.
    Mr. Holt. Is it your job to evaluate the idea of a one 
badge or of a community-wide reciprocity or just to look at the 
process for getting there or not? Are you going to offer a 
judgment on the wisdom of such a clearance and clearance 
system?
    Ms. Farrell. We are going to look at that process in terms 
of what is the goal, just what you are raising. Is it one 
badge? Or what do you mean by reciprocity? First, that needs to 
be defined in the plan, what is that, and then what steps are 
going to be taken. We are not going to be specific in terms of 
this is exactly what you should do.
    Mr. Holt. More to the point, I am wondering if you think it 
is in your purview to make a judgment about the wisdom of doing 
that.
    Ms. Farrell. We make judgment based on criteria; and, in 
this case, the law is what we would be using as criteria or 
other best practices or something that very clearly lays out 
what it should be. GAO would not come in and offer this is 
exactly how it should be unless it is in the law and this is 
how it meets the intent of the law.
    Mr. Holt. It is the law, I think, that all the 
investigations and determinations shall be transferable, 
accepted by any agency. I guess you are not in a position to 
judge whether that will work well once we get there. Right now, 
all you can ask is whether there is a plan and activity to get 
there.
    Ms. Farrell. Right now, we have several efforts that are 
under way. Besides looking at the reform efforts, we are 
looking at timeliness, quality, and reciprocity within the 
Intelligence Community. So that is part of what we are 
addressing for this subcommittee in terms of is it a problem or 
isn't it a problem.
    Mr. Holt. Well, this is enlightening. I will have to catch 
up on your testimony earlier today.
    I thank you, Madam Chairman.
    Chairwoman Eshoo. I thank you, Mr. Holt, for being here and 
the questions you asked.
    We are planning when we return, when Congress returns after 
the August break, to have a hearing with the stakeholders--the 
planners, the major stakeholders. We will review with them 
where they are in their goals, when and how they plan to 
execute, really the questions and some of the points that were 
raised today.
    But we wanted to start with you. Because if there is anyone 
who has been the very important thorn in the ointment, so to 
speak, it has been the GAO. And not just one report but reports 
over decades on this very issue. So we are very grateful to you 
for the work that you have done, that the agency has done.
    I think today has been enlightening, both for myself, the 
ranking member, and for Mr. Holt as well as the staff, the 
minority staff and the majority staff. This is not a partisan 
issue. There is no reason for it to be. In fact, I think we 
keep developing more consensus about this as we move through 
it.
    What is disturbing to me is when we don't know exactly how 
many security clearances are out there. The question comes up 
that can be raised is how do we protect those who have them if 
we don't know how many and who they are. I guess we know who 
they are, but why don't we know how many there are.
    That raises the question, do we really know who they are? 
There is a whole new group that have been issued security 
clearances, and that is all these contractors. What happens 
when they leave and their contract runs out or is cut off, like 
some of those that have not respected the public dime or the 
taxpayer that provides it. It is a big concern of mine. And so 
I think, beyond the planning and as important as all of these 
things are really very, very serious issues.
    Mr. Holt. Madam Chairman, if I may add a comment along 
those lines. The proliferation of clearances and classified 
material just cheapens the process and makes it less and less 
reliable because it is less and less meaningful.
    Thank you.
    Chairwoman Eshoo. Thank you. I think on that note we will 
close the hearing. And again, Ms. Farrell, thank you again for 
your service to our country. And for everyone who is here and 
attended the hearing today, I thank you for being here and I 
hope it was as instructive and enlightening for you as it was 
for the rest of us. Thank you.
    [Whereupon, at 4:12 p.m., the subcommittee was adjourned.]

                                  
