[Senate Hearing 115-394]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 115-394
 
                OPEN HEARING: SECURITY CLEARANCE REFORM

=======================================================================

                                HEARING

                               BEFORE THE

                    SELECT COMMITTEE ON INTELLIGENCE

                                 OF THE

                          UNITED STATES SENATE

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                        WEDNESDAY, MARCH 7, 2018

                               __________

      Printed for the use of the Select Committee on Intelligence
      
      
      
      
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]        




        Available via the World Wide Web: http://www.govinfo.gov
        
        
        
        
        
                         _________ 

             U.S. GOVERNMENT PUBLISHING OFFICE
                   
28-948 PDF              WASHINGTON : 2018             
     
        
        
        
                    SELECT COMMITTEE ON INTELLIGENCE

           [Established by S. Res. 400, 94th Cong., 2d Sess.]

                 RICHARD BURR, North Carolina, Chairman
                MARK R. WARNER, Virginia, Vice Chairman

JAMES E. RISCH, Idaho                DIANNE FEINSTEIN, California
MARCO RUBIO, Florida                 RON WYDEN, Oregon
SUSAN COLLINS, Maine                 MARTIN HEINRICH, New Mexico
ROY BLUNT, Missouri                  ANGUS KING, Maine
JAMES LANKFORD, Oklahoma             JOE MANCHIN III, West Virginia
TOM COTTON, Arkansas                 KAMALA HARRIS, California
JOHN CORNYN, Texas
                 MITCH McCONNELL, Kentucky, Ex Officio
                  CHUCK SCHUMER, New York, Ex Officio
                    JOHN McCAIN, Arizona, Ex Officio
                  JACK REED, Rhode Island, Ex Officio
                              ----------                              
                      Chris Joyner, Staff Director
                 Michael Casey, Minority Staff Director
                   Kelsey Stroud Bailey, Chief Clerk
                   
                   
                                CONTENTS

                              ----------                              

                             MARCH 7, 2018

                           OPENING STATEMENTS

Burr, Hon. Richard, Chairman, a U.S. Senator from North Carolina.     1
Warner, Hon. Mark R., Vice Chairman, a U.S. Senator from Virginia     2

                               WITNESSES
                                Panel 1

Farrell, Brenda, Director, DOD Strategic Human Capital 
  Management, Government Accountability Office...................     4
    Prepared statement...........................................     6
Phillips, Kevin, President and Chief Executive Officer, Mantech 
  International Corporation......................................    23
    Prepared statement...........................................    25
Chappell, Jane, Vice President for Global Intelligence Solutions, 
  Raytheon Corporation...........................................    32
    Prepared statement...........................................    34
Berteau, David, President and Chief Executive Officer, 
  Professional Services Council..................................    44
    Prepared statement...........................................    46

                                Panel 2

Dunbar, Brian, Assistant Director, Special Security Directorate, 
  National Counter-Intelligence and Security Center, Office of 
  the Director of National Intelligence..........................    76
    Prepared statement...........................................    79
Phalen, Jr., Charles S., Director, National Background 
  Investigations Bureau, U.S. Office of Personnel Management.....    83
    Prepared statement...........................................    85
Reid, Garry P., Director for Defense Intelligence (Intelligence 
  and Security), Department of Defense...........................    90
    Prepared statement...........................................    93
Payne, Daniel E., Director, Defense Security Service, Department 
  of Defense.....................................................    97
    Prepared statement...........................................    99

                         SUPPLEMENTAL MATERIAL

Responses to Questions for the Record by:
    Ms. Farrell..................................................   118
    Mr. Phillips.................................................   121
    Mr. Phalen...................................................   124
    Mr. Dunbar...................................................   131
    Mr. Reid and Mr. Payne.......................................   142


                OPEN HEARING: SECURITY CLEARANCE REFORM

                              ----------                              


                        WEDNESDAY, MARCH 7, 2018

                                       U.S. Senate,
                          Select Committee on Intelligence,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 9:35 a.m. in Room 
SD-106, Dirksen Senate Office Building, Hon. Richard Burr 
(Chairman of the Committee) presiding.
    Present: Senators Burr, Warner, Risch, Rubio, Collins, 
Blunt, Lankford, Cotton, Cornyn, Feinstein, Wyden, Heinrich, 
King, Manchin, Harris, and Reed.

   OPENING STATEMENT OF HON. RICHARD BURR, CHAIRMAN, A U.S. 
                  SENATOR FROM NORTH CAROLINA

    Chairman Burr. Good morning. I'd like to thank our 
witnesses for appearing today to discuss our government's 
security clearance process and potential areas of reform. The 
intelligence community, Department of Defense, and defense 
industrial base trust cleared personnel with our Nation's most 
sensitive projects and most important secrets. Ensuring a 
modern, efficient, and secure clearance process is paramount 
and necessary to maintain our national security.
    The committee will first hear from industry representatives 
on their perspective on the process and how it affects their 
ability to support the U.S. Government. Our first panel 
includes: Mr. Kevin Phillips, President and CEO of ManTech; Ms. 
Jane Chappell, Vice President of Intelligence, Information, and 
Services at Raytheon; Mr. David Berteau, President of the 
Professional Services Council; and Ms. Brenda Farrell from the 
Government Accountability Office. Welcome to all of you. We 
appreciate your willingness to appear and, more importantly, 
thank you for the thousands of employees you represent, who 
work every day to support the whole of the U.S. Government. 
Many of our Nation's most sensitive programs and operations 
would not be possible without your work.
    I look forward to hearing from you on how your respective 
companies view the security clearance process and how it 
affects your operations, your hiring, your retention, and your 
competitiveness. I also hope you've come today prepared with 
ideas for reform where necessary.
    Our second panel will include representatives from the 
Executive Branch: Mr. Charlie Phalen, the Director of the 
National Background Investigation Bureau; Mr. Brian Dunbar, 
Assistant Director of National Counterintelligence and Security 
Center at the ODNI; Mr. Garry Reid, Director for Security and 
Intelligence at the Office of the Under Secretary of Defense 
for Intelligence; and Mr. Dan Payne, Director of Defense 
Security Service at the Department of Defense. They'll provide 
the government's perspective on this issue and will update us 
on their efforts to improve the efficiency and effectiveness of 
the current system.
    The purpose of this hearing is to explore the process for 
granting Secret and Top Secret clearances to both government 
and industry personnel, and to consider potential better ways 
forward. The government's approach to issuing national security 
clearances is largely unchanged since it was established in 
1947, and the net result is a growing backlog of 
investigations, which now reaches 547,000, and inefficiencies 
that could result in our missing information necessary to 
thwart insider threats or workplace violence.
    We should also consider new technologies that could 
increase the efficiency and effectiveness of our vetting 
process while also providing greater real-time situational 
awareness of potential threats to sensitive information. 
Furthermore, the system of reciprocity, whereby a clearance 
granted by one agency is also recognized by another, simply 
does not work.
    We would all agree that the clearance process should be 
demanding on candidates and should effectively uncover 
potential issues before one is granted access to sensitive 
information. But clearly, the current system is not optimal and 
we must do better. I'm hopeful that today's discussion will 
have some good ideas and strategies that we can put into action 
to reform the process.
    Again, I want to thank each of our witnesses for your 
testimony today, and I will now turn to the Vice Chairman for 
any comments he might have.

OPENING STATEMENT OF HON. MARK R. WARNER, VICE CHAIRMAN, A U.S. 
                     SENATOR FROM VIRGINIA

    Vice Chairman Warner. Thank you, Mr. Chairman, and welcome 
to our witnesses. I want to first thank the Chairman for 
holding this hearing, particularly in an unclassified setting.
    I believe that the way our government protects our secrets 
is a critical area for oversight of this committee. As the 
Chairman has already mentioned, in many ways the system that is 
in place, which was born in 1947--and I remind everybody, 
that's when classified cables were sent by typewriter and 
telex--really hasn't changed very much.
    I believe that the clearance process today is a 
duplicative, manually intensive process. It relies on shoe 
leather field investigations that would be familiar to fans of 
spy films. It was built for a time when there was a small 
industry component and government workers stayed in their 
agency for their entire career. The principal risk was that 
someone would share pages from classified reports with an 
identifiable foreign adversary.
    Today in many ways we worry more about insider threats, 
someone who can remove an external hard drive and provide 
petabytes of data online to an adversary or, for that matter, 
to a global audience. And industry--and much of that industry 
I'm proud to have in my State. And industry is a much larger 
partner. Workers are highly mobile across careers, sectors, and 
location. Technologies such as big data and AI can help assess 
people's trustworthiness in a far more efficient and dynamic 
way. But we've not taken advantage of these advances.
    Just last month, at an open hearing the Director of 
National intelligence, Director Coats, said that our security 
clearance process is, in his words, ``broken and needs to be 
reformed.'' In January of this year--and I again appreciate the 
GAO witness today--placed the security clearance process on 
its, quote, ``high-risk list'' of areas that the government 
needs broad-based transformation or reforms.
    The problems with our security clearance process are clear. 
The investigation inventory has more than doubled in the last 
three years, with, as the Chairman has mentioned, 700,000 
people currently waiting on a background check. Despite recent 
headlines, the overwhelming majority of those waiting don't 
have unusually complex backgrounds or finances to untangle. 
Nevertheless, the cost to run a background check have nearly 
doubled. Timelines to process clearance are far in excess of 
standards set in law.
    These failures in our security clearance process impact 
individual individuals, companies, government agencies, and 
even our own military's readiness. Again, as I mentioned, in 
the Commonwealth of Virginia I hear again and again from 
contractors, particularly from cutting-edge technology 
companies, and government agencies that they cannot hire the 
people they need in a timely manner. I hear from individuals 
who must wait for months and sometimes even a year to start 
jobs that they were hired for. And I've heard from a lot of 
folks who ultimately had to take other jobs because the process 
took too long and they couldn't afford to wait.
    To compete globally, economically, and militarily, the 
status quo of continued delays and convoluted systems cannot 
continue. No doubt we face real threats to our security that we 
have to address. Insider threats like Ed Snowden and Harold 
Martin compromised vast amounts of sensitive data. And 
obviously the tragedy of the shootings at Washington Naval Yard 
and Fort Hood took innocent lives. The impacts of these lapses 
on national security are too big to think that incremental 
reforms will suffice.
    Again referring back to Dan Coats's testimony, we need a 
revolution to our system. I believe we can assess the 
trustworthiness of our cleared workforce in a dramatically 
faster and more effective manner than we do today.
    We have two great panels here that will help us, both from 
the government's perspective and from our national security 
partners in the private sector. I'd like again to thank you all 
for appearing. I hope that at our next meeting--and I hope some 
are listening downtown--that the OMB, which chairs the inter-
agency efforts to address clearances, which declined to appear 
before us today, will actually participate in this process.
    I want to be a partner in rethinking our entire security 
clearance architecture. I want to work with you to devise a 
model that reflects a dynamic workforce and embraces the needs 
of both our government and industry partners.
    Thank you, Mr. Chairman. I look forward to this hearing.
    Chairman Burr. I thank the Vice Chairman.
    To members, when we have finished receiving testimony I'll 
recognize members based upon seniority for up to five minutes.
    With that, Ms. Farrell, I understand you're going to go 
first, and then we'll work right down to your left, my right, 
all the way down the line. The floor is yours.

  STATEMENT OF BRENDA FARRELL, DIRECTOR, DOD STRATEGIC HUMAN 
      CAPITAL MANAGEMENT, GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Farrell. Thank you very much, Mr. Chairman. Chairman 
Burr, Vice Chairman Warner, and members of the committee: Thank 
you for the opportunity to be here today to discuss our recent 
work on the serious challenges associated with the personnel 
security clearance process. We designated the government-wide 
security clearance process as a high-risk area in January 2018 
because it represents a significant management risk. A high-
quality security clearance process is necessary to minimize the 
risk of unauthorized disclosures of classified information and 
to help ensure that information about individuals with criminal 
histories or other questionable behavior is identified and 
assessed.
    My written statement today summarizes some of the findings 
in our reports issued in November and December 2017 on this 
topic. Now I will briefly discuss my written statement that is 
provided in three parts.
    First, we found that the Executive Branch agencies have 
made progress reforming the clearance process, but key 
longstanding initiatives remain incomplete. For example, 
agencies still face challenges in implementing aspects of the 
2012 Federal Investigative Standards that are criteria for 
conducting background investigations and in fully implementing 
a continuous evaluation program for clearance holders. Efforts 
to implement such a program go back ten years.
    We found that, while the ODNI has taken an initial step to 
implement continuous evaluation in a phased approach, it had 
not determined what the future phases will consist of or occur. 
We recommended that the DNI develop an implementation plan.
    Also, while agencies have taken steps to establish 
government-wide performance measures for the quality of 
investigations, the original milestone for completion was 
missed in fiscal year 2010. No revised milestone currently has 
been set for their completion. We recommended that the DNI 
establish a milestone for completion of such measures.
    Second, we found that the number of agencies meeting 
timeliness objectives for initial Secret and Top Secret 
clearances, as well as periodic reinvestigations, decreased 
from fiscal years 2012 through 2016. For example, while 73 
percent of agencies did not meet timeliness objectives for 
initial clearances for most of fiscal year 2012, 98 percent of 
agencies did not meet these objectives in fiscal year 2016. 
Lack of timely processing for clearances has contributed to a 
significant backlog of background investigations at the agency 
that is currently responsible for conducting most of the 
government's background investigations, that is the National 
Background Investigations Bureau. The Bureau's documentation 
shows that the backlog of pending investigations increased from 
about 190,000 in August 2014 to more than 710,000 as of 
February 2018. We found that the Bureau did not have a plan for 
reducing the backlog.
    Finally, we found that potential effects of continuous 
evaluation on agencies are unknown because the future phases of 
the program and the effect on agency resources have not yet 
been determined. Agencies have identified increased resources 
as a risk to the program. For example, DOD officials told us 
that, with workload and funding issues, they see no alternative 
but to replace periodic reinvestigations for certain clearance 
holders with continuous evaluation. DOD believes that more 
frequent reinvestigations for certain clearance holders could 
cost $1.8 billion for fiscal year 2018 through 2022. However, 
the DNI's recently issued directive for continuous evaluation 
clarified that continuous evaluation is intended to supplement, 
but not replace, periodic reinvestigations.
    In summary, Mr. Chairman, several agencies have key roles 
and responsibilities in the multi-phase clearance process, 
including ODNI, OMB, DOD, and OPM. Also, the top leadership 
from these agencies comprises the Performance Accountability 
Council that is responsible for driving implementation of and 
overseeing the reform efforts government-wide.
    We look forward to working with them to discuss our plans 
for assessing their progress in addressing this high-risk area.
    Now is the time for strong top leadership to focus on 
implementing GAO's recommended actions to complete the reform 
efforts, improve timeliness, and reduce the backlog. Failure to 
do so increases the risk of damaging unauthorized disclosures 
of classified information.
    Mr. Chairman, that concludes my remarks.
    [The prepared statement of Ms. Farrell follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    
    Chairman Burr. Thank you, Ms. Farrell.
    Mr. Phillips, the floor is yours.

  STATEMENT OF KEVIN PHILLIPS, PRESIDENT AND CHIEF EXECUTIVE 
           OFFICER, MANTECH INTERNATIONAL CORPORATION

    Mr. Phillips. Mr. Chairman, Vice Chairman, and members of 
the committee: My name is Kevin Phillips. I'm the President and 
CEO of ManTech International. ManTech has 7,800 employees who 
support national security and homeland security. I appreciate 
the opportunity to participate in this industry panel and ask 
that my written statement be entered as part of the hearing 
record.
    Senator Warner, including our initial outreach through 
NVTC, 15 companies and 6 industry associations have worked 
collectively over the last 6 to 9 months to increase the 
visibility and importance of this matter and to propose 
solutions to help improve the process. Put simply, the backlog 
of 700,000 security clearance cases is our industry's number 
one priority. Given the increasing challenges that we face in 
providing qualified, cleared talent to meet the mission 
demands, we consider it a national security issue and an all-
of-government issue because it impacts every agency we support.
    Some quick facts. Since 2014, the time it takes to obtain a 
clearance has more than doubled in our industry. The average 
time it takes to get a TS-SCI clearance, a Top Secret 
clearance, is over a year. The time it takes to get a Secret 
clearance is eight months. Top professionals are in high demand 
across the Nation. They do not have time to wait over a year to 
get a job. And increasingly, they are unwilling to deal with 
the uncertainty associated with this process.
    As a result of this issue, the key support for weapons 
development, cyber security, analytics, maintenance and 
sustainment, space resilience support, as well as the use of 
transformational technologies across all of government, is 
being underserved. Since the end of 2014, we estimate that 
approximately 10,000 positions required from the contractor 
community in support of the intelligence community have gone 
unfilled due to these delays.
    We offer the following recommendations to help improve the 
backlog: first, enable reciprocity; allow for crossover 
clearances to be done routinely and automatically. Today 23 
different agencies provide different processes and standards in 
order to determine who is trustworthy and suitable to be 
employed within their agency. One universally accepted and 
enforced standard across all of government is needed.
    Second, increase funding. The current backlog shows no 
signs of improvement. We need funding to increase processing 
capacity, to reduce the backlog we have today, while our 
government partners, who are working diligently to develop and 
implement a new system, work to develop the system of tomorrow.
    Third, prioritize existing cases. The amount of backlog of 
700,000 cases has not gone down. The timelines have not 
improved, and we may be at a point where we have to prioritize 
within that backlog the cases that have the greatest mission 
impact or that may have the highest or pose the highest risks 
to national security based on the access to data.
    Fourth, adopt continuous evaluation, adopt new systems that 
can be used across all of government, and establish a framework 
for which government and industry can better share information 
about individuals holding positions of public trust that is 
derogatory, so that we can better protect the Nation against 
threats from insiders.
    Fifth, from a legislative standpoint we consider this a 
whole-of-government issue. Accordingly, we believe that a 
concerted focus from Congress is required and the oversight is 
needed. We support the reinstatement of the IRTPA timelines 
with incremental milestones. ``IRTPA'' is the Intelligence 
Reform and Terrorism Prevention Act.
    Finally, we offer that mobility and portability for 
clearances among the contractor community are needed. We in 
industry fully understand the importance of a strong security 
clearance process. That said, slow security does not constitute 
good security. Time matters to mission.
    The industry is committed to take the actions needed to 
hire trustworthy individuals and to help protect the Nation 
from outside threats. We appreciate the committee's leadership 
and the focus on this important matter. Thank you.
    [The prepared statement of Mr. Phillips follows:]
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    Chairman Burr. Thank you, Mr. Phillips.
    Ms. Chappell.

     STATEMENT OF JANE CHAPPELL, VICE PRESIDENT FOR GLOBAL 
          INTELLIGENCE SOLUTIONS, RAYTHEON CORPORATION

    Ms. Chappell. Chairman Burr, Vice Chairman Warner, members 
of the committee: I'm honored to represent Raytheon today 
before the Select Committee on Intelligence. Raytheon and our 
employees understand and take very seriously our obligation to 
protect the Nation's secrets. We submit to the same clearance 
process that governs our government and military partners and 
we take the same oath to protect the information established 
and entrusted to us. Every day our number one priority is 
honoring that oath while meeting the needs of our customers.
    As Vice President of Raytheon's Global Intelligence 
Solutions business unit, I navigate the disruptions that 
backlogs in the security clearance process cause on a daily 
basis, not just for Raytheon, but for our suppliers and our 
industry peers, but ultimately for the warfighters, 
intelligence officers, and homeland security officials who rely 
on our products and services to protect the United States.
    The magnitude of the backlog and the associated delays is 
well documented, and the metrics speak for themselves. But what 
metrics fail to capture are the real-world impacts of the 
backlog: new careers put on hold, top talent lost to non-
defense industries, and programs that provide critical 
warfighter capabilities suffer delay and cost increases. The 
delays also come with a real-world price tag. Those new hires 
run up overhead costs while they wait for their clearances, 
resulting in significant program cost increases and inefficient 
use of taxpayer dollars.
    Reducing the current backlog will require immediate and 
aggressive interim steps, some of which are already being 
addressed. Raytheon supports the government's efforts to add 
resources and ease requirements for periodic reinvestigations. 
We also appreciate efforts to streamline the application 
process, automate and digitize information collection, provide 
for secure data storage, and improve the related processes.
    Beyond these actions, we recommend eliminating the first-
in, first-out approach to the investigation workflow, focusing 
immediate resources on high-priority clearance and low-risk 
investigations.
    It's also critical that Congress and the Executive Branch 
implement fundamental reforms that streamline the clearance 
process and increase our Nation's security by leveraging 
advances in technology. This effort should be guided by what 
our industry calls ``the four ones.'' The first one is one 
application, which is a digital permanent record forming the 
basis of all clearance investigations, updated continuously and 
stored securely.
    The second is one investigation, which would implement 
continuous evaluation and the appropriate use of robust user 
activity monitoring tools to facilitate a dynamic ongoing 
assessment of individual risk while securing sensitive 
information on protected systems.
    The third one is one adjudication, which calls for 
streamlining and standardizing the adjudication system so the 
agency's clearance decision is respected by other departments 
and agencies. This would increase efficiency and promote 
reciprocity based on a consistent set of standards for access, 
suitability, and fitness.
    The fourth and final one is one clearance, that is 
recognized across the entire government that is transferable 
between departments, agencies, and contracts.
    We believe the implementation of these reforms will help 
eliminate the inefficiencies that hamstring the current 
clearance system while promoting more effective recruitment, 
retention, and utilization of government employees and 
contractors. And most critically, these reforms will help close 
the security gaps that threaten our Nation's secrets and 
personnel.
    The modern threat environment can no longer be addressed 
using outdated and infrequent security snapshots. But even the 
most well-intended reporting requirements, working groups, and 
legislative deadlines have not and will not overcome the fear 
of change or the comfort of the status quo. Strong, sustained 
leadership from both Congress and the White House will be 
crucial to the success of these efforts.
    Thank you for the opportunity to be here today and I look 
forward to answering your questions.
    [The prepared statement of Ms. Chappell follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    Chairman Burr. Thank you, Ms. Chappell.
    Mr. Berteau.

   STATEMENT OF DAVID BERTEAU, PRESIDENT AND CHIEF EXECUTIVE 
             OFFICER, PROFESSIONAL SERVICES COUNCIL

    Mr. Berteau. Thank you, Mr. Chairman, Vice Chairman Warner, 
members of the committee. We really appreciate you having this 
hearing today. I would ask that my written statement be 
incorporated in the record in its entirety and I'll just make a 
few key points here.
    You heard the description of the problems and the process 
solutions, the four ones: one application, one investigation, 
one adjudication, and one clearance. It highlights, I think, 
the fact that this is really a whole-of-government problem. 
Just look at the panel that you have following us. You don't 
have a whole-of-government representation on there.
    As Vice Chairman Warner pointed out, the Office of 
Management and Budget plays a key role both in the Performance 
Accountability Council and in the fundamental process across 
the board. In the end, though, this is a set of processes that 
exercises judgment. It makes the decision of where to place 
trust. And in that decision is a calculus of how much risk are 
we willing to accept. If it's zero, then we'll never issue a 
clearance. So there's a whole level of dynamic that has to go 
on there, and the four ones helps get you there.
    What, though, can this committee and the Congress do? First 
is keep that whole-of-government requirement in mind. Second 
is, within that there's a funding process. So all of those 23 
agencies that have separate authorities here have to provide 
funding to somebody who's going to do the work. Typically today 
that's the National Background Investigation Bureau. We can't 
find, from where we sit outside, a record of where that funding 
stands for those 23 agencies, because it's across all the 
appropriations accounts. OMB used to track that and report 
that, but that's no longer available to us. It may be available 
to you. It should be available to you. And I think it's 
important as we look at the fiscal year 2018 funding bill that 
we'll see end of this week, early next week, make sure that 
that funding is in there, because these systems will not 
operate without adequate resources. You can't buy your way out 
of it, though. There's got to be substantial process 
improvement as well. My fellow panelists have talked about 
that.
    But in the meantime, you have a requirement for part of 
this responsibility to be moved from the Office of Personnel 
Management, the National Background Investigations Bureau, over 
to the Defense Department, and you'll hear more about that in 
the second panel. While that movement's taking place--and the 
plan is it will take years--the system has to keep going as 
well. So there's got to be both funding for the ongoing work 
and funding for the new capabilities inside the Defense 
Department. So that makes it all the more important.
    My fellow panelists have mentioned reciprocity. This is a 
critical, critical issue. How can it be that you're cleared and 
acceptable for one part of the government at a certain level 
and you're not cleared and acceptable at another part? The 
records show 23 different agencies, but within those agencies 
there's lots of subcategories. DHS alone has more than a dozen 
separate individual reciprocity determiners who can say: You 
may be good enough for those guys, but you're not good enough 
for me. And they don't even have to tell us why, which makes it 
very hard for us to figure out how to get out of that.
    So industry can quantify its impact. You've already heard 
some of that. We all know there's an impact on the government 
as well. Somewhere in the government, something's not being 
done or not being done as well as it ought to be or not being 
done as fast as it ought to be. We don't have that kind of 
information out of the government, but you've got to believe 
that in fact somewhere a backlog of 700,000 is going to have an 
impact, because this is not just contractors; this is 
government civilian personnel, this is military personnel, this 
is new recruits. All of those have effects as well.
    So I think the single biggest thing is access to 
information about what's going on, what the results are. You've 
got a situation now where it used to be there was information 
made available to the public that we could rely on to 
prioritize our own resources. That's no longer there. We need 
you to help make that information not only visible to you in 
the committee--it might come to you in an FOUO kind of a 
status--but visible to the public and to those of us who have 
to operate within that system in order to do our job supporting 
the government.
    So with that, Mr. Chairman, I'll conclude my remarks and 
turn back to you.
    [The prepared statement of Mr. Berteau follows:]
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
        
    Chairman Burr. Thank you, Mr. Berteau.
    The Chair would recognize himself, and then we'll go by 
seniority for up to five minutes.
    My question is very simple, and it's this. Let's make an 
assumption that funding is not an issue. Why does it take so 
damn long? Give me the three things that make this process be 
so long?
    Mr. Phillips. Let's start, sir, with we have from history a 
number of agencies who have their own processes set up and they 
have to go through those processes, and they're very manual. As 
mentioned before, the process was established during the 
Eisenhower administration. It's very manual.
    Investigators have to go in person and write notes, rather 
than use tablets. They have to go through the mail to send a 
request to get an education check. They physically have to 
visit a person, versus using social media or other access 
points to get things done, when today's technology allows for a 
much more rapid way of getting decisions done without, in our 
view, changing the trustworthiness of the individual. That can 
be done greatly and significantly.
    I think the second part is that people want to walk through 
the process and make sure in this environment that people are 
trustworthy, and the timeline is taking longer because the 
assurance is needed and it's impacting the mission. We want to 
make sure time is factored in to the decisions or we will not 
be able to defend the digital walls from outside threats.
    So I think it's the process and I think it's the need to 
have a more risk-based review against the mission requirements 
and the need to protect our Nation combined from insider 
threats.
    Thank you.
    Chairman Burr. Ms. Chappell.
    Ms. Chappell. I would echo his comments, but I would say it 
a little different. We are a Nation blessed with very high 
technology. We are just not using that technology in this 
process.
    We talked about people having to physically go and meet 
with people. I think that, while that gives us some level of 
assurance, I think the continuous evaluation gives us a whole 
other level of insurance, and we should use that technology to 
give us more confidence in the results as well as decrease the 
time lines.
    Chairman Burr. Basically, what you've told me is I put more 
effort into understanding who my interns are than potentially 
the process does for security clearances, because you go to the 
areas that you learn the most about them, which social media is 
right at the top of the list. I can't envision anybody coming 
into the office that you haven't thoroughly checked out 
everything that they've said online, which is to them a 
protected space. And we all know that it's a public space.
    I think what you've done is you've confirmed our biggest 
fear, that we're so obsessed with process and very little 
consumption of outcome. I think that's how you get a backlog. 
And you can let that continue to be the norm and nobody's 
outraged.
    What's the single change that you'd make to the security 
clearance process if you only were limited to one?
    Ms. Farrell.
    Ms. Farrell. I think prompt action. This needs to be, as 
some of the colleagues here have said, a high priority. We keep 
hearing the words ``top leadership.'' There was top leadership 
involvement when the DOD program was on the high-risk list from 
2005 and 2011. We saw that top leadership driving efforts from 
OMB, DOD, the DNI. That's what we're going to be looking for as 
we measure their progress going forward to take actions to come 
off of the high-risk list: top leadership actions engaging with 
Congress to show that reducing the backlog is a top priority, 
as well as taking action to communicate that to the other 
members of the personnel strategic clearance community, as well 
as my colleagues on the panel here. But leadership is 
desperately needed in this area.
    Chairman Burr. Mr. Phillips.
    Mr. Phillips. Sir, immediately it's funding. But putting 
that aside, I think long-term it's one uniform standard and 
reciprocity. It's a big deal.
    Chairman Burr. Ms. Chappell.
    Ms. Chappell. I would say continuous evaluation monitoring, 
doing that on a continuous basis, which reduces the periodic 
investigations, which allows those people to spend more time 
reducing the current backlog.
    Chairman Burr. Mr. Berteau.
    Mr. Berteau. Do I get to use the three that they've already 
used and add a fourth one to it?
    Chairman Burr. Absolutely.
    Mr. Berteau. Because I do think reciprocity is the top 
priority in that process. But I think using technology, not 
just in continuous evaluation, but in the investigations 
process itself. I've had a clearance for nearly 40 years and 
the guy still shows up with a pencil and a piece of paper and 
makes sure that the questions I've entered into the form, which 
are in many cases the same answers I've given for almost 40 
years, are still what I believe, and he writes it down with a 
pencil, and then he takes it off and puts it into a computer 
system that's not compatible with anybody else's computer 
system. Let's get the process down to where we're using 21st 
century technology.
    Chairman Burr. My thanks to all of you for your candid 
responses, and I say that with the full knowledge of knowing 
that this issue is a multi-committee jurisdictional issue on 
the Hill. So we've got just as much to fix up here. I think 
some of the things that you have expressed are the results of 
no coordination legislatively, and I think we're going to take 
that at heart as we move forward.
    Vice Chairman.
    Vice Chairman Warner. Thank you, Mr. Chairman.
    Again, thank the panel for their I think accurate 
description. I think it's really important that we all think 
about this, and I appreciate the GAO putting this on the 
national security high risk, because not only are we wasting 
taxpayer dollars by hiring individuals that then cannot do the 
work they're hired to do or, as some of the industry panels 
indicated, will then not take a job because of the clearance 
process--and I think we particularly lose on the government 
side, where people would come in and serve at a much perhaps 
lower salary than they would on the industry side, but because 
of the security clearance.
    And I really appreciate, Mr. Berteau, your comments about 
the use of technology. If you can give--we'll start with you 
and at least start through our industry colleagues--other 
specific examples on how, on a technology basis, we can improve 
this process that, again, candidly, hasn't been significantly 
updated since the 1950s? Mr. Berteau, do you want to start, and 
then we'll go down, specific technology examples?
    Mr. Berteau. I think that the entities that are involved in 
both the front-end, the scheduling process, the investigation 
process, and the adjudication process have all identified a 
number of places where they can bring that technology to bear. 
The greatest advantage I think we can take is to have 
integrated data across the government, so that in fact we've 
got access to everything everywhere.
    The intelligence community has made more progress here than 
much of the rest of the government has had. But they also have 
the advantage of scale. The scale is smaller in they've got the 
funding and resources and the motivation to do that. I think we 
could give you a list of specifics that you could consider as 
you go forward as well.
    Vice Chairman Warner. Ms. Chappell.
    Ms. Chappell. I would say, going back to my previous 
answer, that continuous evaluation. A lot of this data that we 
go personally ask these people, that are the same questions 
we've asked for 40 years, that data, a lot of that data is 
available in open source, that's available to anybody. It's a 
matter of public record.
    Vice Chairman Warner. Rather than having somebody send a 
letter to an educational institution----
    Ms. Chappell. Correct.
    Vice Chairman Warner [continuing]. Or make personal visits. 
Could you drill down for a minute on continuous evaluation, at 
least for SECRET clearance level? It seems like it would make 
so much sense.
    Ms. Chappell. If you go down through and look for 
bankruptcy, if someone files for bankruptcy that's a matter of 
public record, for example. We can get that through just 
trolling the web.
    Vice Chairman Warner. Without an agent going to a 
courthouse----
    Ms. Chappell. Without an agent having to physically travel 
and then go take that information down with pencil and paper, 
for example.
    Vice Chairman Warner. Thank you.
    Mr. Phillips. Sir, I'll give you two examples and one 
desired solution. We have--one of my fellow CEOs has a contract 
where he has people in the Green Zone doing DOD work and they 
cannot support in that same limited space, work for another 
department because they have to file an entire process to get a 
clearance in order to do that and it's totally separated. So 
right across the street, they can't go in and support, with a 
confined environment, for two agencies to do the same thing in 
a very difficult environment.
    Separately, we have a separate CEO who's got a contract 
that does work, that the information flows to both DOD and 
somewhere in DHS. That individual has to fill two applications 
and go through two investigations to do the same job.
    Industry quite often utilizes public systems that we share, 
that are cloud-based, multi-layer security, and we pay for it 
for ourselves. We control the data ourselves. But it is a 
uniform set of systems that are available. We can make that 
decision.
    I think establishing a uniform system that every agency 
that has funding can fund into and do its own processing would 
be very beneficial, because then those accesses would be 
available at the same security level for people to know what's 
happening and that crossover and that reciprocity could happen 
just like that.
    Vice Chairman Warner. I think, just before I get my last 
question in for Ms. Farrell, we need both reciprocity and 
portability. One of the things, and I think one of the reasons 
why ODNI Coats, this is so high on his priority, he lived this 
experience. Having sat on this committee for a number of years, 
being accessed to all types of information, the amount of--when 
he left the Senate and a few weeks later when he was then 
appointed head of ODNI, because there was that short-term gap, 
he had to go through a whole new security clearance process. 
That was pretty absurd.
    Ms. Farrell, one of the things that I'd like you to comment 
on is: What I've heard constantly is, typically from the 
government side, everybody knows it's a problem, but this, like 
much of G&A in terms of operations, gets pushed to the back of 
the line. How do we make sure that we as Congress can, with 
appropriate oversight, make sure that agencies don't take their 
security clearance budget and push it to the back of the line? 
Everyone acknowledges this is an issue and a problem, but these 
are dollars that don't ever seem to be prioritized because they 
are not sole to mission.
    Ms. Farrell. I think this is something that goes back to 
the top leadership, from the deputy director for management at 
OMB, who is the chair of the council that's driving the reform 
efforts and overseeing the reform efforts, and to send a 
message that this is a top priority, whether it's reducing the 
backlog or fully implementing CE, and resources will be 
provided and the agencies will follow suit.
    If I may comment on the technology, the continuous 
evaluation is an area that you've heard has great promise, that 
could help streamline the process, perhaps be more efficient. 
As I noted, the efforts to implement continuous evaluation go 
back to 2008, with full implementation expected in 2010, and 
that has not happened.
    We are encouraged by the DNI's recent directive expanding 
on what CE is. However, we still don't really know what 
continuous evaluation is going to comprise and when it's going 
to be implemented. I think that's going to be a huge step, for 
the DNI to develop a detailed implementation plan of when the 
phases are going to occur and the agencies' expectations to 
implement that.
    Vice Chairman Warner. Mr. Chairman, I'd simply say I think 
Ms. Farrell's comments are pretty clear. We've got to start at 
the top. I'm disappointed, and I know you are as well, that OMB 
did not take our invitation to actually participate, since they 
chair the inter-agency council to try to move forward on this. 
I think we need to get them back in at some point.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator Collins.
    Senator Collins. Thank you, Mr. Chairman.
    All three of our private sector witnesses today have been 
understandably very critical of the unacceptable flaws in the 
government's clearance process and the lack of a system of 
continuous evaluation. Inadequate funding has been mentioned. I 
want to turn the question around.
    There have been three widely reported, serious breaches at 
the NSA and all three involved contract employees. It is 
evident that relying solely on a moment-in-time snapshot of an 
applicant's security profile to determine clearances and secure 
our information and facilities is simply not working. I've been 
a strong supporter of moving to continuous evaluation, 
particularly following the Navy Yard shooting.
    But my question for each of the three of you is: What 
responsibility do contractors have to identify and report 
changes in employee behavior that may indicate a vulnerability 
and should trigger a review of the security clearance? In at 
least one of the widely reported incidents involving NSA, the 
employees who worked with the individual were very aware of the 
issues that should have triggered a review of his clearance.
    So I understand the role that government has and that we 
need to do much better. But what is your role, particularly in 
light of those three serious breaches, all involving contract 
employees? Mr. Berteau, we'll start with you and then move 
across.
    Mr. Berteau. Thank you, Senator. Those are critical 
questions, obviously.
    I make three points there. Number one, I know you know 
this, but the process is the same, whether you're a government 
uniformed personnel or a government civilian or a contractor, 
in terms of the investigation and adjudication process.
    Senator Collins. I do know that.
    Mr. Berteau. And I think that the issues that we've been 
talking about today, some of the process fixes actually 
incorporate in them a number of the lessons learned from those 
very examples that you cite here, continuous evaluation being 
the key piece of it here. So I think that a number of the 
proposals, some of which are already being implemented, 
although, since we don't get visible insight into that, we 
don't know how far that implementation is--that's a question 
for your second panel--are designed to address those very same 
problems.
    But I think there's a third piece. In the examples that you 
cite, you're right, there are individuals inside who do this, 
but from the company's point of view these are people working 
inside a government facility, and we frequently don't get the 
information about, or our member companies don't get the 
information, about the employee that the government itself has.
    So there's got to be greater collaboration and cooperation 
between the government oversight mechanisms and the contractor 
oversight mechanisms. This is where personnel issues, privacy 
issues, security issues, and contract issues come together, and 
we've got to design it that way up front in the contract 
itself.
    I think we're very capable of doing that. We know how to do 
it. We just don't do it every time.
    Senator Collins. Ms. Chappell, what is Raytheon's 
responsibility?
    Ms. Chappell. We have a responsibility to train our 
employees. Yearly, we go through an employee training series 
that's mandated across all of our employees. In some cases 
where we have employees sit at government facilities, they take 
yet a second round of training that is required by the 
government customer as well. So that's two.
    The second thing we do is what we call ``user activity 
monitoring.'' When you log on to a Raytheon system, it's very 
clear to you. It says right there on the screen that your 
activity is being monitored while you're on those systems. So 
we have a process where we use analytic-type of capabilities to 
look at what people are doing on the systems, to monitor their 
behavior, to look for things that are outside their normal 
patterns or their normal work scope. That data is then provided 
to our security operations center, and then if it triggers an 
alert we go through an investigation process.
    If someone comes through and says there's something going 
on with an employee, we trigger an investigation.
    Senator Collins. Mr. Phillips, very quickly: If ManTech has 
a group of employees working for the government on highly 
sensitive information and many of the employees of that group 
think that one of the employees has gone off the rails--
developed a drug problem, has financial problems--what 
specifically happens?
    Mr. Phillips. Specifically, ManTech has an insider threat 
program that identifies high-risk employees, and once those 
individuals, whether they hold a position of trust, we see a 
behavior that we need to track, it rolls into a process that's 
controlled through our senior security executive, coordinated 
with our human resources and legal department, and overseen by 
myself, with board updates every quarter to make sure that we 
are tracking those individuals that have been identified from 
an insider threat perspective.
    We report that information to the government. We also start 
monitoring their overall behavior, where appropriate, to make 
sure that that individual's behavior doesn't provide additional 
risk of harm to our employees or Federal employees or 
potentially increase the position of trust or breach of data to 
the government.
    Additionally, we spot-check people coming out of our own 
SCIFs for data. We want to make sure that as a partner we're 
doing everything we can. The only thing we suggest: We have to 
share information better about individuals who hold positions 
of public trust.
    Senator Collins. Thank you.
    Chairman Burr. Senator Feinstein.
    Senator Feinstein. Thanks very much, Mr. Chairman. I'd like 
to follow up on Senator Collins' questions to you, Mr. 
Phillips. Specifically, what changes have been made by your 
company in the wake of Snowden and Martin?
    Mr. Phillips. Ma'am, since then we've increased our insider 
threat process. We do more training----
    Senator Feinstein. From what to what? If you could be 
specific here, that would be helpful.
    Mr. Phillips. Sure. I think all of government is moving 
towards mandating industry be a partner in this process. We 
already had a process in place, but what we're doing is we're 
making sure that every behavior--we physically go to our 
program managers and we tell them: If you or your employees see 
a behavior, we need to see it, we need to know.
    Senator Feinstein. Well, where did you miss with Snowden?
    Mr. Phillips. We did not--we did not have that event within 
our framework. The Snowden component or something like that 
specifically is the employee is on a Federal facility, and a 
company cannot access the government's data to see the 
behaviors. They have to be visually seen by the people around 
that individual. We need to better share information.
    Senator Feinstein. Isn't that an important point right 
there?
    Mr. Phillips. Yes, ma'am, it's very important.
    Senator Feinstein. Because these were big events, and it's 
very hard for us to know the background and how it happened. So 
could you go into that in a little bit more detail?
    Mr. Phillips. Anything that is on a secured government 
network or secured government facility is controlled by the 
government, regardless of whether it's a military, Federal 
employee, or contractor. The information flow around that is 
fairly limited, for security reasons, but also personnel 
reasons.
    The information-sharing program that we think is best long-
term, aligning those who have positions of public trust and 
have agreed to that, with the appropriate protections of 
privacy, if they are on a network having classified 
information, how do we better collectively track the behaviors 
and actions of the individual so that we as a contract 
community can take the appropriate actions on that staff.
    Senator Feinstein. Well, as you know, both these employees 
were contract employees with NSA. How closely have you reviewed 
the procedures and have you made any recommendations to NSA?
    Mr. Phillips. Ma'am, the agency has gone through 
significant review and we as a contract community are adjusting 
to meet their required additional standards to be responsive to 
the risks that they may have seen within their review.
    Mr. Berteau. Senator----
    Senator Feinstein. Well, maybe somebody can add to that, 
because that's a very general statement and it doesn't leave me 
really with any answer.
    Mr. Berteau. Senator, if I could sort of add a little bit 
to that, not necessarily the Snowden case or the Martin case, 
but we see time and again a situation where the government will 
tell a contractor, this person is no longer suitable, take them 
off the contract, but they won't tell us why. They won't tell 
us what behavior has occurred, what has motivated them to do 
that.
    So we're left trying to figure out what happened here, 
without the information from the government.
    Senator Feinstein. How often does that happen?
    Mr. Berteau. I don't have a count of how often, because 
there's no database to do it. But I hear about it more than 
once a year, and I probably don't hear about it a lot of times 
that it does happen. So you have individuals, and it may be 
that the company releases that individual, but the individual 
can go somewhere else.
    So that information-sharing that should occur here between 
the government and the contractors involved, cutting across the 
security domain and the personnel and human resources domain, 
has got to be improved.
    Senator Feinstein. Because of the 4,080,000 national 
security clearances, the contractors hold almost a million, 
921,065 of those. That's a big constituency out there. Because 
it involves the defense companies, of which Raytheon is a 
California company that I'm very proud of, that's one of them, 
it seems to me that the private sector has an increased 
responsibility, too.
    Ms. Chappell, how do you view that? How does Raytheon 
specifically view an increased responsibility?
    Ms. Chappell. I think we have stepped up our training 
requirements around this area; more sensitivity to what has 
happened and making people aware. When it's on our own 
networks, we have control on what we monitor and where we see 
risk and how we escalate that and where we investigate.
    I think Mr. Berteau is very correct in that there needs to 
be better partnership. When our employees sit on government 
facilities and use government networks, there needs to be more 
information-sharing on what we can do jointly, because we don't 
have the ability to monitor those networks. So I think any 
insight we can get there is most helpful to us in making sure 
we adjudicate through our workforce.
    Senator Feinstein. Right. On pages 7 and 8--I'm looking for 
your written remarks and can't find them at the moment. But you 
make some good recommendations. Could you go into them for us, 
please?
    Ms. Chappell. On the written?
    Senator Feinstein. In the written, and let me find it.
    [Pause.]
    Ms. Chappell. Just one second, please.
    Senator Feinstein. Yes. I'm sorry, Mr. Chairman. I'm sorry. 
My hand slipped and I lost the----
    Ms. Chappell. I think that was around the one application.
    Senator Feinstein. That's right, the fundamental reforms. 
And you began with the clearance backlog of 300,000 and the one 
application, and it runs through--now, this is more than a 
decade, as you point out, since they were first proposed. But 
to make immediate progress, you say ``Raytheon encourages the 
government to prioritize and set incremental milestones for 
implementing government-wide reciprocity, continuous 
evaluation, and information technology reforms.''
    Can you be more specific about that?
    Ms. Chappell. On the one application, that is the one, 
standardized--one standardized, one digitized, so it's 
available, it can be shared across organizations. You don't 
have to fill that out more than once. One investigation, to 
make sure that, whether it's a DOD investigation, an Air Force, 
Army, or a CIA investigation, that that's the same 
investigation, that had the same standards, the same views on 
risk. Those can be shared across the different agencies.
    One adjudication of that, so instead of having different 
adjudications you have one set of adjudication processes, one 
set of risks that that adjudication is based on, so that then 
that clearance can be agreed to and can be recognized across 
the different agencies. Then clearly, just the one clearance, 
to make sure that that reciprocity moves across organizations.
    So I think they're pretty fundamental, pretty standard, 
pretty simple processes: one application; one clearance 
process; one adjudication, recognized by all.
    Senator Feinstein. Do you think that would make a 
difference with the 4 million and the 600,000 each year?
    Ms. Chappell. I think it would make a huge difference, 
because not only would it streamline the original 
investigation; you're not re-investigating the same people over 
and over, and the resources required to do the re-
investigations would be focused on the backlog.
    Senator Feinstein. Thank you.
    Thank you, Mr. Chairman.
    Chairman Burr. Mr. Berteau.
    Mr. Berteau. Mr. Chairman, if you would indulge me for just 
one added point. Senator Feinstein's line of questioning is 
really critical here. One thing I think is important to put on 
the record: The member companies for PSC and companies like 
Raytheon and ManTech are very limited in their ability to get 
information out of the government of the status of the 
investigation and adjudication that's going on with the people 
that they've submitted into the process.
    If Kevin Phillips or Jane Chappell calls the government 
agency that's doing that, what they will likely be told is: We 
can't tell you anything; go talk to your contracting officer 
representative, who then has a process they have to go through 
internally, not the speediest of processes, and they may or may 
not get you an answer back.
    We see cases where a decision has been made and not 
communicated to the company, in some cases for more than six 
months. So there is a lot that has to be done here in terms of 
improvement of the communication back and forth. I think the 
oversight role of this committee in encouraging that and 
getting visible results of that from the agencies involved 
would be very helpful.
    Senator Feinstein. Thank you very much. Would you be 
willing to write something up as to what both of you or three 
of you think would be the specifics and send it to the 
Chairman?
    Mr. Berteau. Absolutely.
    Ms. Chappell. Yes, ma'am.
    Senator Feinstein. Thank you. Thank you very much.
    Chairman Burr. Thank you, Senator.
    Senator Blunt.
    Senator Blunt. Thank you, Chairman.
    Ms. Farrell, in your testimony you talked about the 12 
recommendations I think you made to the Director of National 
Intelligence. How many of those did they accept?
    Ms. Farrell. For the majority of those we directed to the 
DNI, they did not comment whether they agreed or disagreed. So 
we don't know if they're going to take action on those 
recommendations or not.
    Senator Blunt. I think I must have read your testimony 
wrong. I got the impression that they had concurred with some, 
but not all.
    Ms. Farrell. They did concur with some.
    Senator Blunt. What does that mean, they concurred with 
some, but didn't accept them? I'm getting a thesaurus out here 
to figure out what that means.
    Ms. Farrell. They concurred, for example, with taking steps 
to develop a continuation--continuous evaluation policy and 
implementation. But on other actions they disagreed; they 
thought that they had already had things in play and that no 
more action was necessary.
    Senator Blunt. Which of the 12 things you recommended do 
you think would have the most impact on achieving the goal we 
want to achieve here?
    Ms. Farrell. For today, I think it would be the 
implementation plan for continuous evaluation. But I also have 
to note that there's been a lot of discussion about 
reciprocity, and reciprocity is statutorily required by the 
Intelligence Reform and Terrorism Prevention Act of 2004. So by 
that Act, agencies are supposed to honor investigations that 
are conducted by an authorized provider, as well as 
adjudications from an authorized adjudicator.
    There's always certain exceptions, but reciprocity is in 
statute. It just hasn't had guidance so it could be 
implemented.
    Senator Blunt. And continuous evaluation, Ms. Chappell, how 
does that relate to--you're saying a lot of the same things: 
continuous evaluation; using open source data or data that's 
already been collected, rather than going through that process 
again. Do you want to talk about that just a little bit more?
    Ms. Chappell. What we're saying is, instead of waiting from 
day one when you're given your clearance to year five and 
having no investigation between that period, and then doing 
your periodic investigation with sending people out, traveling 
around the country, doing your investigation, all through that 
time period to continuously monitor data to see if there is any 
adverse data concerning that person and do you need to start--
is that person of higher risk and do you need to pay more 
attention to that person sooner, rather than wait the normal 
five to six years for that background investigation.
    Senator Blunt. If that person, like Senator Warner 
mentioned about Senator Coats and that brief space, when 
someone has moved on to another job and is coming back, do they 
have to go through the whole clearance process again? They have 
to re-submit again everywhere they ever lived?
    Ms. Chappell. Yes, sir.
    Senator Blunt. Don't we have all that somewhere if they've 
been cleared once?
    Ms. Chappell. Yes, sir.
    Mr. Berteau. Senator Blunt, I've lived in the same house 
for the last 29 years. I've had the same neighbors on each side 
of me for the last 29 years. Both are former government 
employees with suitability determinations and clearances as 
well. Every time I fill that form out, it's the exact same 
information as it was the time before, the time before that, 
and the time before that. It's already in their databases. They 
just make me do it again.
    Senator Blunt. Does anybody have a reason that would 
justify why you'd have to do this again, if the government's 
already collected all this?
    Mr. Berteau. There's an old saying--Eric Sevareid brought 
it out of World War II with him--called ``The chief cause of 
problems is solutions.'' And in almost every case, these 
elements of the process that are built in here was a fix to a 
previous problem. What we've never done is the kind of end-to-
end analysis of what actual result are we trying to get out of 
this and how do we design a process that gets that result.
    I think what you'll hear from the second panel is some of 
the efforts both at the National Background Investigations 
Bureau has under way and that DOD is developing a plan for, 
would take advantage of some of that opportunity. It's just 
going to take a long time, and we'd like to see it speeded up.
    Senator Blunt. Mr. Berteau, one other question. Are small 
companies treated differently when it comes to getting their 
employees cleared?
    Mr. Berteau. Unfortunately, they go through the same 
process, and I think they have an added disadvantage. If a 
company has a substantial amount of work in the government, 
they may actually be able to make a job offer to a new employee 
and say: We've got something we can have you do while we're 
waiting the year or two years it takes to get this clearance 
through the process. It's very much harder for a smaller 
business, who doesn't have the business base or the overhead 
capacity to be able to do that. So you make a contingency 
offer.
    Well, if this is a critical skill--let's say it's a cyber 
security expert who's just come out of college--you're asking 
them: Put your career on hold for an indefinite period of time, 
don't get paid, go do something else while you're figuring out 
what to do here, and then maybe we'll get a clearance at some 
point in time and be able to hire you.
    This has two negative advantages. One, it's going to reduce 
the number of people who are going to want to do that. 
Secondly, they're going to have lost their technical edge, 
because the system is moving on, the cyber security world is 
moving along, while they're not working in it. So it has a 
double impact.
    When I mentioned the importance of balancing risk here, 
there's a risk that we often don't take into account. It's not 
just the risk of awarding a clearance to somebody who ends up 
doing something wrong. There's a risk to government missions 
and functions in every step of the way by not doing it in a 
timely way and not by having the best and brightest people on 
board to do that. That's got to be part of the calculus. Nobody 
documents that.
    Senator Blunt. Thank you.
    Thank you, Chairman.
    Chairman Burr. Senator Wyden.
    Senator Wyden. Thank you, Mr. Chairman. It's been a good 
panel.
    I'm just going to ask one question of this panel, and it's 
for you, Ms. Farrell. It seems to me one of the central issues 
here is there is a culture where over-secrecy is actually 
valued and there is no accountability for excessive secrecy. So 
we end up with four million people with security clearances. 
I've heard my colleagues talk about the backlog question and I 
know that that is very important to our companies. But I think 
to really get at the guts of this issue we've got to deal with 
this over-secrecy kind of question.
    I'd like to ask you: What in your view is the government 
doing that is most helpful in terms of reducing that four 
million number, which I think reflects that there are too many 
secrets out there and too many people are sitting on them. 
What's the government doing about that?
    Mr. Phillips. Senator, I'll start----
    Senator Wyden. I'd like to start with the GAO on it.
    Ms. Farrell. Thank you. That's okay. We have in the past 
recommended that DOD and its components, the services, as well 
as the agencies, evaluate their positions that require 
clearances to make sure that the clearance is required in the 
first place, and then have procedures in place where they 
periodically reevaluate those positions to see if those 
clearances are still necessary. That would be a way to make 
sure that the requirement is correct.
    Most people think that clearances follow people. Clearances 
don't follow them. They follow the positions.
    Senator Wyden. I want to be respectful. I know of your 
recommendations. I'm curious as to whether you think the 
government is moving effectively and expeditiously on actually 
doing something about it, because this strikes me, this 
excessive number of security clearances--and your 
recommendations are always to have these efforts to reduce 
them--it's been the longest-running battle since the Trojan 
War. I've been on this committee--I think, with Senator 
Feinstein, we're the longest-serving members. And I've heard 
this again and again.
    So what is the government doing that is actually effective 
in your view about this? Not your recommendations, which I 
think are very good, but what's the government doing that is 
actually effective now in terms of reducing this number?
    Ms. Farrell. I think the answer is obviously: Not enough, 
because if they were doing enough in terms of leadership and 
prompt action, they wouldn't have the backlog that they have or 
the number of people that you're calling into question.
    Senator Wyden. Okay. I'm going to submit some questions to 
you in writing as well.
    Thank you, Mr. Chairman. I look forward to the second 
round.
    Chairman Burr. Senator Cornyn.
    Senator Cornyn. Thank you, Mr. Chairman.
    With the hack of OPM a couple of years ago, reportedly by a 
hostile foreign power, countless Americans have had their 
privacy violated and their personally identifiable information 
obtained by that foreign power. Do any of you have any 
observations or comments about what impact that sort of lack of 
security for that sensitive information, what impact that's had 
on the best and the brightest people who we would like to serve 
in these important positions?
    Ms. Chappell. I'll start with that, because my personal 
information was some of that information that was leaked. Not 
only my information, but the people who I had down as 
references, my family members also, their information was also 
compromised. So I think it's incredibly important that this 
data is secured and that it goes through the same cyber process 
that the programs that we support do.
    Senator Cornyn. Mr. Berteau, you were saying how you have 
to fill out the same information on repetitive applications for 
security clearances. I guess we know that foreign nations have 
that information, but the U.S. Government apparently doesn't 
keep it in a place where they can use it without having to ask 
you each time.
    Mr. Berteau. Senator, it is my understanding that actually 
a number of steps have been taken inside the Office of 
Personnel Management to provide greater security. It's a 
question I think for the second panel on the status of those 
steps.
    But we also have to recognize that we'll never be 100 
percent secure on being able to do that. I think we have to be 
able to mitigate against that as well.
    I would also note that it's not just the central databases 
that come into play here. It's all the individual things inside 
each of the agencies as well. We probably are in a situation 
where we're going to have to be able to recognize and mitigate 
that as rapidly as possible.
    I'm probably a little less concerned about that particular, 
although I got a letter and my wife got a letter and my kids 
all got a letter as well. I had the responsibility inside DOD 
to actually oversee the mailing of those 22 million letters. We 
mailed out a million a week and it took the better part of half 
a year to notify everybody.
    I note that that mailing occurred about a year and a half 
after the breach. So we also need to be able to let people know 
in a more timely way that their data has been compromised.
    Senator Cornyn. I don't know anything about that episode 
that we can be proud of. It just seems to be it would be 
embarrassing, and obviously people are at risk as a result.
    Let me move on to ask about interim clearances, the role of 
interim clearances. What I don't understand is how can somebody 
get an--have a sufficient background investigation to get an 
interim clearance, and what limitations are put on that 
clearance that would not be available--or that would not apply 
to a complete clearance, so to speak? And how does that 
actually work in practice, the role of interim clearances and 
the background investigations that are conducted to approve 
those?
    Mr. Phillips. Senator, thanks for the question. ManTech is 
entering its fiftieth year of supporting national security this 
year, and we have forever had interim clearances being an 
integral part of moving people into supporting the Federal 
Government.
    As you know, the interim clearance process is a decision 
that's a government decision. It is not something we as 
contractors can decide. We have to inform the government and 
let them make those adjudications.
    We have not seen, as a company, issues with the process and 
how we do it. That said, one of the issues is, because of the 
time it takes to get a security clearance, that the interim 
security clearance timeline is now longer than it was three 
years ago. So part of our suggestion is we need to move that 
timeline back so the time people have interim security 
clearances is narrowed.
    The process itself is: The background investigation that is 
commercial is done on the individual from a company standpoint. 
The forms are reviewed in total about the employee to make sure 
that the potential applicant, to make sure that all information 
is available, so that that government employee or official can 
make a decision whether sufficient grounds to grant an interim 
clearance based on those facts, before the more manual 
investigation takes place.
    In our history as a company, less than one person per year 
has been identified in that sequence as not being supportable 
to doing security work in the future.
    Senator Cornyn. Thank you.
    Chairman Burr. Senator Heinrich.
    Senator Heinrich. Thank you, Mr. Chair.
    I want to follow up a little bit on those good questions 
from my colleague from Texas. For those of you in industry--and 
we'll start with you, Mr. Phillips--how often have you seen a 
TS-SCI interim clearance? Is that a common thing?
    Mr. Phillips. For our industry, it is not uncommon. But as 
an example, out of our, let's say, 150 people doing an interim 
status, a vast majority of them are SECRET for the type of work 
we perform. So I can't compare it to any other application or 
requirement.
    Senator Heinrich. Got you.
    Mr. Phillips. Those who are in an interim SECRET status 
have already received a SECRET clearance. So it's fairly narrow 
bandwidth.
    Senator Heinrich. Ms. Chappell.
    Ms. Chappell. From my personal knowledge, I don't know of 
interim clearances on a TS-SCI kind of clearance. Those are 
usually finalized. From an interim clearance, they're more on 
the SECRET side. Quite frankly, with the backlog of clearances 
that we have right now, I think the risk of not doing that and 
not being able to perform the mission is very high.
    Senator Heinrich. That's very helpful.
    Mr. Berteau. Senator, in my experience--I don't know if 
there's data collected on this, but in my experience it was 
more common in the past. It's a lot less common today, and it 
has been a lot less common over the last few years. I think 
it's one of those examples of as we've learned----
    Senator Heinrich. For good reason.
    Mr. Berteau. For good reason, I agree.
    Senator Heinrich. For the risk that's inherent in that.
    Does the government track how many interim security 
clearances are issued by type, by agency, by personnel type? 
And is there a process in place to make sure that when that 
temporary access period has expired that there's a review to 
say, red flag, this has come to an end, we should look at this 
person again?
    Ms. Farrell. I take it you want me to answer that?
    Senator Heinrich. Yes, if you could.
    Ms. Farrell. That information might be at the agency level 
in their case management systems. But it was not at the levels 
that we looked at in our reviews when we worked with ODNI to 
collect data on the investigation time as well as adjudication 
and intake for specific agencies.
    Senator Heinrich. So obviously the whole of government, all 
the agencies aren't here right now. But that's something we 
should probably pay a lot of attention to.
    Ms. Farrell. Yes.
    Senator Heinrich. For any of you who want to offer your 
advice on this: It seems to me from some of the previous 
testimony that it sounds like continuous evaluation is really 
important, but it shouldn't necessarily supplant a periodic 
review; it should supplement a periodic review. Is that your 
view across the board, and any of you who want to offer your 
advice on that, I'd be curious.
    Mr. Phillips. Yes, sir, I'll start. Technology allows for 
continuous evaluation where ten years ago you really couldn't 
do it. So start with that. It's a very good thing to utilize 
and over time it will become a more and more important thing 
because it can be depended on, and in fact it will identify 
things, not five years from now, but along the way between now 
and five years. So we consider it a use of technology to the 
benefit of national security.
    Within that framework, depending on the level of trust on 
the CE process itself, the periodic re-investigation 
percentages can come down. I don't see it going away, but it 
can be like the IRS: We're going to audit you every once in a 
while, versus everybody 100 percent.
    Senator Heinrich. So the interim period between those 
periodic reviews might get longer based on a lower rate?
    Mr. Phillips. And there can be sample periodic re-
investigations to help inform and make sure the process is 
working.
    Ms. Chappell. I would just say it slightly different. I 
would say it focuses where the higher risk is and where you 
should focus periodic investigations on.
    Senator Heinrich. Ms. Farrell, I want to ask you one more 
question before I run out of time here. You testified that the 
National Background Investigation Bureau is trying to decrease 
the backlog, but it has huge challenges in actually achieving 
this. One of the stories I've seen that I'm intrigued by that 
seems to be working is NBIB is taking and deploying teams of 
investigative personnel to specific sites for a two-month 
period where they'll set up shop in a dedicated work space, and 
they try to crank through some of the most time-sensitive 
clearance investigations without the back-and-forth that we 
heard about in some of the testimony, the travel, the 
inefficiencies.
    This is happening right now at a couple of labs in the DOE 
labs in New Mexico. It seems like a rare good-news story of 
increasing efficiency. Do you agree with that, and is this a 
model that we should be potentially applying more broadly?
    Ms. Farrell. What we found during the review was that the 
Bureau did not have the capacity to carry out their 
investigative responsibilities and reduce the backlog. The 
Bureau looked at four scenarios of different workforces to try 
to tackle this backlog. They looked at just if things stay the 
same; they looked at very aggressive hiring of contractors. 
They decided that it was not feasible for the plan where they 
would put so much emphasis on the contractors; and the two 
plans that they did look at, the backlog still would not be 
reduced for several years.
    There hasn't been a selection, though, of which plan 
they're going to go with in order to reduce the backlog. So 
that is going to be key. You can't reduce the backlog if you 
don't have the workforce.
    Senator Heinrich. I don't disagree with you. I don't think 
you answered my question. But my time is over, so we're going 
to have to move along here.
    Chairman Burr. Senator King.
    Senator King. Mr. Berteau, first I want to congratulate you 
because you made the key point of this whole hearing for me. 
It's the opportunity cost that we should be talking about. It's 
the good people lost. That's what brings me here today, because 
I know too many stories of people who just gave up, who spoke 
Arabic, who had visited, lived in the Middle East, and because 
of that couldn't get their clearance. It was a kind of Catch-
22, and those are the very people that we want.
    So I think that's what we have to keep focusing on, is 
those immeasurable people lost, the opportunity cost that has 
made this such an important inquiry.
    Ms. Farrell, who's in charge? If John McCain were here, 
he'd be saying; Who can we fire? Why is this--this is a pure 
management problem, it seems to me.
    Ms. Farrell. This is a management problem, and I referred 
to the Performance Accountability Council because those are the 
principals that are in charge of implementing the reform 
efforts and overseeing----
    Senator King. Who is on that council? Who are the people?
    Ms. Farrell. That's the deputy director for management at 
OMB. It's the director for national intelligence, who is also 
the security executive agent, which means that person sets the 
policy across----
    Senator King. My problem with that is any time you have a 
council the term ``all of government'' has been used. I'm sick 
of that term. That means none of government. That's what people 
say when nobody's in charge.
    Is there one person who has the responsibility for fixing 
this problem, and who are they?
    Ms. Farrell. I would point to the chair of the Performance 
Accountability Council, because that person does have the 
authority to provide direction regarding the process and carry 
out those functions.
    Senator King. Is that person going to be here today, do you 
know?
    Ms. Farrell. I believe that person declined.
    Senator King. Well, that's kind of ridiculous, isn't it? So 
the one person in the government that's in charge of this 
issue, that's a very important issue, isn't here because--did 
they have to wash their hair? What's the deal?
    Ms. Farrell. I can't speak for OMB, sir.
    Senator King. Well, that's really--that's really 
disappointing. Okay.
    Again for you, Ms. Farrell: The private sector has moved on 
from the 1940s style of doing these things. The financial 
sector does it much more quickly. Have we tried to learn from 
them? Has there been any effort to study how the financial 
sector does this, for example?
    Ms. Farrell. I do believe that the Executive Branch 
agencies have reached out to the private sector. After the Navy 
Yard shootings, they did a 120-day review. They identified 
challenges within the process. There was a lot of coordination 
with government and non-government. Many of the recommendations 
that they had were recommendations that they had been working 
on, though, since the reform began back with the passage of the 
OFAC.
    Senator King. Well, I would hope that we could try to learn 
something from the private sector, because they appear to be 
doing this much more efficiently.
    Mr. Berteau, a technical question. The people who come to 
interview you to redo these security clearances, do they carry 
a clipboard?
    Mr. Berteau. I think they do, sir, and I think it's legal-
sized, so that it has more room.
    Senator King. To me, the clipboard is the sign of not being 
in the 21st century.
    Mr. Berteau. I'm sorry to hear that. I actually own a 
couple of clipboards and I occasionally use them.
    [Laughter.]
    Senator King. I used to say it was the universal symbol of 
authority. But if you go into a hospital and they hand you a 
clipboard, they're seeking data from you that they already have 
somewhere else in their system.
    Mr. Berteau. That's certainly been my experience, yes, sir.
    Senator King. That's the point I'm trying to make.
    Mr. Berteau. And I think that's certainly within my 
experience.
    If I could add something on the ``who's in charge'' thing. 
I think you've hit a very key point here. There are divided 
responsibilities and some of those divided responsibilities 
actually spill over into the question that Senator Wyden raised 
about really focusing on--we've been focusing entirely on the 
supply side of this equation: How do we actually move people, 
put them in the process, and put them in a clearance?
    There's a demand side of this equation as well. Actually, 
operating under the authorities granted by this committee, a 
previous DNI did a substantial reduction in the number of 
billets that required a clearance. I don't remember the exact 
number. I think it was something around 700,000 that they 
eliminated the requirement for a clearance.
    If you could do one thing to reduce the backlog, getting 
rid of the demand would be the one thing. But what we've seen 
over time--and this is back to your question of who's in 
charge--is other responsibilities, responses to other 
incidents, the Navy Yard shooting, for example. When I was back 
in the Defense Department, what I saw was in fact you had to 
practically get a clearance to get a pass to get on the base, 
even though there would be nothing you would ever touch in the 
way of classified material once you got on. That's out of an 
abundance of caution of we don't want somebody to be able to 
come on the base with a gun and be able to kill our people.
    There are other ways to do that, I would submit, than 
expanding and lengthening the background investigation process, 
and continuous evaluation using 21st century technology is the 
key to that. The government has to do that.
    Senator King. I'm running out of time, but I want to ask 
one more question. Am I correct in taking from this panel that 
these security clearances are not transferable, they're not 
portable? You get one in one agency and if you go to another 
agency you have to start all over?
    Mr. Berteau. It varies. There are parts of the government 
where----
    Senator King. That's a disappointing answer.
    Mr. Berteau. There are places where the portability is 
pretty robust, and it doesn't take very long, sometimes maybe 
only a day or two. There are others, Department of Homeland 
Security, for example, where I believe the average to move from 
one to another is almost 100 days, within the same Department, 
under the same Cabinet officer.
    Senator King. I'm sorry. They already--I can't believe what 
you just said. You mean a person within the Homeland Security 
Department who has a clearance, to move from one job in 
Homeland Security to another job in Homeland Security takes 100 
days?
    Mr. Berteau. Yes, sir. And it could even mean that a 
contractor sitting at the same desk, moving to a different 
contract, has to go through a new process.
    Senator King. That's preposterous.
    Mr. Berteau. Yes. I think that's a very nuanced and subtle 
word to use for it, yes, sir.
    [Laughter.]
    Senator King. Thank you, Mr. Chairman.
    Chairman Burr. Senator Lankford.
    Senator Lankford. I want to be able to pick up where you 
just left off, because that was actually one of my key 
questions, was about the reciprocal agreements for clearances. 
What's holding that back that you have seen at this point of 
why the agencies don't trust each other enough to be able to 
handle clearances? Is this an issue of ``No, our people have to 
be able to do it; I don't trust your people'' or not a common 
set of standards?
    Mr. Berteau. It's probably a combination of a host of 
things. I think the three things that you could do about it: 
number one is force a set of common standards that are a 
starting point. Even within DHS, for example, there's only 
statutory standards for one part of DHS. It happens to be the 
Transportation Security Administration and that's a result of a 
different line of Congressional inquiry.
    Setting common standards and then reviewing and making sure 
that the deviations or the additions to those standards are 
minimized and they have to be approved by the top leadership. 
So there's a leadership question. That's the second piece that 
comes in.
    Senator Lankford. So what is currently not aligned right 
now on our standards?
    Mr. Berteau. I think it tends to be more in the civilian 
agency side than it does in the intel community and the Defense 
Department side. I think there the standards are a little 
clearer. But they're not clear to us. We as contractors often 
don't know what standards are going to be applied to the 
individuals.
    Senator Lankford. Can I push ``Pause'' in there real 
quick''
    Ms. Farrell, what would be the--could we get a list from 
anyone to be able to say, where are we deviating in standards, 
civilian, defense, contractors, whatever it may be?
    Ms. Farrell. The standards should be the same. There's 
Federal investigative standards. They do not differ by category 
of the workforce. Federal adjudicative standards are also 
supposed to be uniformly applied.
    There are no--there's no data, there's no measures about 
the extent to which reciprocity works or does not work. This is 
something that we have recommended before, that there should be 
a baseline to determine whether or not reciprocity is working, 
and if it's not working then to be able to pinpoint the issues 
that are being discussed as to why it's not working.
    Many years ago, it was believed that reciprocity was not 
working because agencies did not trust the quality of the 
investigations that someone else had done. But we don't know 
what the issue is today.
    Senator Lankford. So when I meet with the chief human 
capital officers of the agencies, affectionately called 
``CHICOs,'' those folks tell me that one of the key areas that 
slows down Federal hiring, which now is over 106 days on 
average across the Federal Government, is this reciprocity 
issue; that this issue is not only slowing down and creating a 
bigger backlog and, as you mentioned, Mr. Berteau, a demand 
issue, that we've got to be able to go through this again and 
again and again for the same person, and an incredible nuisance 
for the person that's actually going through it for the third 
time, but it's also decreasing our Federal hiring and the speed 
of actually getting good people on the job.
    So what I'm trying to drill down on: Is this an issue of 
agencies having a standard across all the Federal Government, 
but they add one more and because they've added one or two more 
than we've got to redo the whole thing, rather than trusting 
somebody else has already done it and we're going to just do 
this one additional check? What is it?
    Ms. Farrell. This is an issue of the DNI not issuing the 
policy on how reciprocity should be applied.
    Senator Lankford. So reciprocity is already required?
    Ms. Farrell. It's required by statute.
    Senator Lankford. So it's required, but you're saying it's 
just a matter of releasing a document from ODNI or from anyone 
else on how to actually apply what is current law?
    Ms. Farrell. Because current law does state ``with certain 
exceptions.'' So it's up to the DNI to know what those certain 
exceptions are, so that the agencies will be able to determine 
if an investigative can be accepted as well as an adjudication.
    Senator Lankford. Because at this point who is determining 
what the ``certain exceptions'' are?
    Ms. Farrell. The agencies.
    Senator Lankford. So they can determine ``I don't trust 
them'' or ``I don't know them'' or whatever it may be?
    Ms. Farrell. Correct. There's some guidance out there, but 
it's not clear. So the DNI is working on a reciprocity policy 
and we are waiting for that policy to be issued.
    Senator Lankford. What is the key information-gathering 
that is needed? You also mentioned this as well, about 
individuals getting onto a facility that may not need security 
clearances, because they're not going to touch documents, 
they're not going to see elements they shouldn't be able to 
see. What is the lower level that could be done faster, to make 
sure those individuals can get access and start to do their 
job, but not have to go through the full check?
    Mr. Berteau. The DNI does have the statutory authority and 
responsibility for the standards for security clearances. 
There's a second set of standards just for suitability or 
fitness to be in the job and for the credentials to be able to 
access the facilities. Those standards are governed by the 
Office of Personnel Management, not the DNI, and there 
frequently needs to be a little better mapping between these 
two.
    I think the greatest thing this committee could do is to 
require regular reporting of a lot more information about this. 
My experience as a government official is when I'm required to 
send you a report on how I'm doing, I'm going to pay a lot more 
attention to what I'm doing than if I'm not.
    Senator Lankford. Thank you.
    Chairman Burr. Do any members seek additional time?
    Senator Cornyn.
    Senator Cornyn. Can I just ask one more question, Mr. 
Chairman?
    Chairman Burr. Absolutely.
    Senator Cornyn. Who in the United States Government decides 
who is eligible for a security clearance?
    Ms. Farrell. That would be the--usually it's the agency of 
the employee that's applying for the clearance. The agency 
takes the investigative report and determines if someone is 
eligible or not.
    Senator Cornyn. Thank you.
    Mr. Berteau. Mr. Cornyn, sometimes there are easy decisions 
that are made at a lower level within the adjudication process, 
and sometimes there are harder calls that have to go higher up 
before a decision is made. This has to do both with the quality 
and characteristics of the individual case, but also the 
dynamic of the job and how fast it's needed and what needs to 
come into play here. It can actually be calibrated a little bit 
in terms of who comes into play here.
    That's also a very good question, I think, to ask the 
government representatives on the second panel.
    Chairman Burr. Vice Chair.
    Vice Chairman Warner. Again, thank you, Mr. Chairman, for 
holding this hearing. This has been something that I've been 
working on for some time. But I think getting more members 
engaged, because we are losing good people. But I go back to 
Ms. Chappell's comments: one, if we can use technology; and 
two, the closer we can get, at least at the SECRET level, on 
one standard, one form, one adjudication, and one clearance. 
Seems like it's kind of common sense, and you marry the 
technology with continuous evaluation and we could make real, 
real progress.
    The good news is there is no--ODNI Director Coats and I 
think a host of others realize this is a problem. I again thank 
the chair for holding this hearing.
    Chairman Burr. I thank the Vice Chair. I thank all the 
members and, more importantly, I thank those of you at the dais 
as witnesses today. Your testimony is invaluable to us.
    I walk away to some degree more optimistic than I came, 
because I think that the biggest issues that you've raised can 
be solved. And I think this is a question of can we put the 
right people in a room that understand when you talk about 
reciprocity, what is that? As I said to Senator King, we 
shouldn't be shocked. DHS is the comingling of about 37 
different pieces that we moved from different areas of 
government and we put it under a new agency. Given that there 
was baptism by fire of the Secretary, it's not unrealistic to 
believe that they still operate like the core agencies they 
came out of. They just happen to be under a new banner.
    So I think these are all things that are doable, but we've 
got to have the right leadership in the room talking about real 
solutions. I think that it's the commitment of this committee 
that we will start and complete that process, and at the end of 
the day hopefully a year from now you will come back and tell 
us what great things have happened within government, and it 
will be because of your testimony today.
    With that, the first panel is dismissed and I would call up 
the second panel.
    [Pause.]
    I call into session the second panel. I'd like to welcome 
our witnesses for the second panel. We just heard from the 
industry on the challenges they face and some potential 
solutions moving forward. We now have an opportunity to hear 
from the Executive Branch, their perspectives and their ideas. 
I understand the daunting task and job before each of you, 
vetting more than four million cleared personnel and 
identifying threats before they materialize. It's not easy.
    But we can do better than we're doing today. As we continue 
our dialogue, I hope you'll speak freely, frankly, and think 
creatively, because this hearing is not only about identifying 
the problem, but it's about uncovering the solutions.
    I want to thank each of you for being here, and I just want 
to reiterate what I said at the end of the last panel. I 
actually am more optimistic right now than I was before we 
started, because I think we've been able to clearly understand 
the big muscle moves, and I think that putting the right people 
in the room might enable us to try to overcome some of the 
challenges and replace it with solutions that we would have 
full agreement are worth trying or that we feel will achieve a 
different outcome.
    I'm not going to turn to the Vice Chairman. I'm going to 
turn directly to Mr. Dunbar, who I understand will begin. Then 
the floor will go to Mr. Phalen and then Mr. Reid and Mr. 
Payne. Mr. Dunbar, the floor is yours.

STATEMENT OF BRIAN DUNBAR, ASSISTANT DIRECTOR, SPECIAL SECURITY 
DIRECTORATE, NATIONAL COUNTER-INTELLIGENCE AND SECURITY CENTER, 
        OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE

    Mr. Dunbar. Thank you, Chairman Burr, Vice Chairman Warner, 
and members of the committee. Thank you for the opportunity to 
appear before you today to discuss security clearances 
challenges and reforms. The Director of National Intelligence 
is designated as the security executive agent. In this role, 
the DNI is responsible for the development, implementation, and 
oversight of effective, efficient, and uniform policies and 
procedures governing the conduct of investigations, 
adjudications, and, if applicable, polygraph, for eligibility 
for access to classified information.
    The National Counterintelligence and Security Center has 
been designated as the lead support element to fulfill the 
DNI's SecEA responsibilities. We're responsible for the 
oversight of policies governing the conduct of investigations 
and adjudications for approximately four million national 
security cleared personnel. The security clearance process 
includes determining if an individual is suitable to receive a 
security clearance, conducting a background investigation, 
reviewing investigative results, determining if the individual 
is eligible for access to classified information or to hold a 
sensitive position, facilitating reciprocity, and periodically 
reviewing continued eligibility.
    We work closely with the agencies responsible for actually 
conducting the investigations and adjudications and managing 
other security programs associated with clearances. This 
ensures that our policies and practices are informed by those 
working to protect our personnel and sensitive information. We 
have collectively enjoyed some noteworthy progress in security 
reform, including the development and implementation of 
multiple security executive agent directives, examples of which 
I've outlined in my written statement for the record.
    However, as recently noted by DNI Coats in his annual 
threat assessment, today's security clearance process is in 
urgent need of substantive reform across the entire enterprise. 
We must quickly and with laser focus identify and undertake 
concrete and transformative action to reform the enterprise, 
while at the same time continuing to ensure a trusted 
workforce.
    Underpinning this reform effort must be a robust background 
investigation process, which enables Federal employees and 
contractor workforce partners to deliver on agency mission 
while also protecting our Nation's secrets. When the background 
investigation process fails or is delayed, mission delivery 
suffers, the national security is put at risk, and our ability 
to attract and retain the workforce of the 21st century is 
inhibited.
    Despite the hard work of dedicated, patriotic professionals 
who are working these issues daily, we have reached a time of 
critical mass which demands transformative change. Significant 
challenges for the background investigation program continue to 
adversely affect government operations. The current 
investigative backlog is approximately 500,000 cases and the 
average time for investigating and adjudicating clearance is 
three times longer than the Intelligence Reform and Terrorism 
Prevention Act standards.
    For the first quarter of 2018, our metrics indicate the 
fastest 90 percent of TOP SECRET background investigations 
government-wide took an average in excess of 300 days. This is 
four times longer than the IRTPA standards and goals. In 
addition, background investigation-related costs have risen by 
over 40 percent since FY 2014. The SecEA, the suitability 
executive agent, or SuitEA, all security organizations, and all 
impacted industry partners agree that this is unacceptable.
    I would like to take the opportunity to provide the 
committee with more detail regarding our upcoming Trusted 
Workforce 2.0 initiative. This initiative is designed to 
address the transformational overhaul I referenced earlier. It 
is an enterprise effort sponsored by the security executive 
agent and the suitability executive agent, in concert with our 
partner organizations, which will bring together key senior 
leadership, change agents, industry experts, and innovative 
thinkers to chart a bold path forward for the security, 
suitability, and credentialing enterprise.
    The participants, including all Performance Accountability 
Council principal organizations, are committed to critically 
reviewing and analyzing with a clean slate and forward-leaning 
approach how to accomplish the transformational overhaul which 
is required. As mentioned in my statement for the record, our 
Trusted Workforce 2.0 initiative kicks off next Monday and 
Tuesday, 12 and 13 March, at the Intelligence Community Campus, 
Bethesda. We look forward to conceptualizing, implementing, and 
ultimately accomplishing the revolutionary change required 
across the clearance enterprise. In addition, we look forward 
to updating the committee on our progress.
    The SecEA and SuitEA have committed to transformational 
overhaul in at least three areas: first, revamping the 
fundamental approach and policy framework. The current 
standards are built on decades of layered incremental changes 
and have not fundamentally changed since the 1950s. We accept 
the ambitious goal that by the end of 2018 we will identify and 
establish a new set of policy standards that transforms the 
U.S. Government's approach to vetting its workforce. Our 
objective must be to ensure a trusted workforce across 
government and industry who will appropriately protect vital 
national security information with which they are entrusted.
    Second, overhauling the enterprise business process. The 
current process is slow, arduous, overly reliant on manual 
field work, and does not leverage advancements in modern 
technology and the availability of data.
    Finally, we must modernize information technology. Existing 
information technology constrains our ability to transform fast 
enough. We must leverage today's technology to connect vital 
national security processing required and ensure we are well 
positioned to adopt tomorrow's advancing technology. After more 
than a decade of incremental policy change, there is still an 
unacceptable operational burden on government agencies making 
security and suitability determinations. We owe those dedicated 
professionals a high-performing process that meets the needs of 
our workforce and ultimately the American citizen. We are 
committed to full transparency in these efforts.
    Thank you for the opportunity to appear before the 
committee and I will be happy to respond to any questions.
    [The prepared statement of Mr. Dunbar follows:]
    
    
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]   
    
    
    Chairman Burr. Thank you, Mr. Dunbar.

    STATEMENT OF CHARLES S. PHALEN, JR., DIRECTOR, NATIONAL 
  BACKGROUND INVESTIGATIONS BUREAU, U.S. OFFICE OF PERSONNEL 
                           MANAGEMENT

    Mr. Phalen. Chairman Burr, Vice Chairman Warner, members--
--
    Chairman Burr. Let me thank you, thank you in his absence.
    [Laughter.]
    Mr. Phalen. I'll bring my clipboard later.
    Members of the committee: My name is Charles S. Phalen, Jr. 
I am the Director of the National Background Investigations 
Bureau in the Office of Personnel Management, and I do 
appreciate the opportunity to appear before you today. NBIB 
currently conducts 95 percent of the investigations across the 
Federal Government. The results of this mostly singular supply 
chain are used by over 100 agencies to make their independent 
adjudicative decisions. Even those few agencies that have their 
own delegated or statutory authority to conduct investigations, 
such as agencies in the intelligence community, rely on our 
services in some capacity.
    I'd like to start by addressing our existing investigative 
inventory and put some context around the numbers, which have 
been the subject of much media attention. In 2017 we completed 
2.5 million investigations across all our investigative types. 
As of today, our inventory is approximately 710,000 
investigative products. These include simple record checks, 
suitability, credentialing investigations, and national 
security investigations.
    It's important to note that the top-end number I just 
mentioned is much greater than the number of individuals 
waiting for their first, their initial, security clearance to 
begin working with or on behalf of the Federal Government. Of 
that total inventory, about 164,000 are either simple record 
checks that move in or out of inventory daily or are 
investigations supporting credentialing or suitability 
determinations. The remaining inventory is for national 
security determinations or clearances. Approximately 337,000 of 
those are for initial investigations and about 209,000 are for 
periodic reinvestigations.
    Since we've stood up 17 months ago as NBIB, we have worked 
to increase our capacity and realize efficiencies. The 
stabilization of the top-end inventory over the past six months 
has been attained primarily because we have invested in the 
necessary infrastructure. We are approaching this challenge on 
three fronts: First, to recover from the 2014 loss of the USIS 
contract for investigative capacity, we have rebuilt both 
contractor and Federal workforce capacity. As of today, there 
are over 7,200 Federal and contract investigators working on 
behalf of NBIB. That's good. That's not enough.
    Second, our investigative capacity can be significantly 
enhanced through smarter use of our workforce's time. Through 
the implementation of our business process reengineering 
strategy, we have clearly defined the critical process 
improvements and technology shortfalls corrections needed to 
support those requirements, and our decisions have been 
enhanced through better data analytics.
    We have improved our field work logistics by centralizing 
and prioritizing cases, first with agencies, beginning about 18 
months ago, and more currently we are beginning to start hubs 
with industry. We have increased efficiencies of conducting and 
reporting on our enhanced subject interviews and implemented 
more efficient collection methodologies by leveraging the 
powers of technology to discover and gather information, and to 
free the investigators' focus on those aspects of 
investigations where human interaction is still critical.
    Third, we are fully supportive of the upcoming executive 
agents trusted workforce initiatives. Our processes today are 
driven by the existing policies, some dating back seven 
decades, and we know from our experience that there is much to 
be gained through this strategic policy review effort, and we 
are fully behind it.
    Underpinning all of this is the planned transition to a new 
information technology system being developed by the Department 
of Defense. The National Background Investigation Services, 
NBIS, will ultimately serve as NBIB's IT system to support 
background investigations and will offer shared services to the 
end-to-end process for all government agencies and departments.
    NBIB, with the support of its inter-agency partners, has 
made and will continue to make improvements to the background 
investigations and vetting processes. As an example, for the 
past year we have offered our customer agencies a continuous 
evaluation product that meets today's guidance issued by the 
Director of National Intelligence for continuous evaluation.
    As we work to reduce this inventory, we will continue to 
explore innovative ways to meet our customer agencies' needs, 
leveraging their expertise as part of our decision making 
process, and remain transparent and accountable to all of our 
customers and to Congress. We recognize that solutions to 
reduce inventory and maintain the strength of the background 
investigation program includes people, resources, and 
technology, as well as partnerships with our stakeholder 
agencies and changes to the overall clearance investigative and 
adjudicative processes.
    Finally, as the Federal Government works to implement the 
transition of the Department of Defense-sponsored background 
investigations from NBIB to DOD, we will examine our workforce 
needs, our capacity, our budget, and work with our partners to 
minimize disruptions. We have a shared interest in reducing the 
inventory, taking steps to effectuate the smooth transition of 
operations, and we have a shared understanding of the 
importance of this entire process and its ultimate impact on 
national security.
    Thank you for the opportunity to be here today. I look 
forward to the next year and I look forward to answering any 
questions that you may have.
    [The prepared statement of Mr. Phalen follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    Chairman Burr. Thank you, Mr. Phalen.
    Mr. Reid.

 STATEMENT OF GARRY P. REID, DIRECTOR FOR DEFENSE INTELLIGENCE 
       (INTELLIGENCE AND SECURITY), DEPARTMENT OF DEFENSE

    Mr. Reid. Thank you, Mr. Chairman, Mr. Vice Chairman, 
distinguished members of the committee: On behalf of Secretary 
of Defense Mattis, thank you very much for the opportunity to 
meet today to discuss a very important topic at hand. I have 
submitted my statement for the record and, sir, with your 
permission, I would just like to take a few minutes to amplify 
a couple points.
    First of all, the Department of Defense fully recognizes 
and appreciates the necessity for security clearance reform, 
and we're fully committed to doing our part to develop and 
implement new and innovative methods for establishing and 
sustaining a trusted workforce, in a manner which upholds the 
highest standards of protection for national security 
information, safeguarding our people, and always ensuring the 
highest degree of readiness to defend our Nation.
    With the support of Congress, multiple committees, and our 
close inter-agency partners represented here today from the 
Office of the DNI, the Office of Personnel Management, and the 
Office of Management and Budget, we have for the past some 18 
months been developing plans to transition responsibility for 
background investigations for our portion of the workforce from 
Mr. Phalen's organization to the Defense Security Service led 
by Mr. Payne.
    The Chair and Vice Chair may recall, we met and briefed on 
this about 11 months ago internally, and we've been moving out 
steadily. Last August, Secretary Mattis approved our plan, 
which was referred to as the Section 951 plan and was tasked to 
us in the 2017 Authorization Act, to submit a plan for this 
transition. This past December, upon approval of the National 
Defense Authorization Act for 2018, this included direction to 
the Defense Department to implement the transition plan we 
submitted under previous tasking and to do so by October of 
2020.
    We are well under way to meet this objective, in fact can 
project today that the initial phase of the plan--and there's 
some dependencies I'll talk about, but we are preparing 
ourselves to begin implementing this plan later this year, in 
the October time frame, concurrent with the next fiscal year, 
and there are some conditions I'll talk about.
    Our team, this inter-agency team represented here today, we 
are all working very hard every day to put the resources and 
the procedures in place to make this happen, and Mr. Payne will 
talk about some of that in detail. But more than just a 
straight transfer of the current mission and the current method 
to our department, and in line with the intent of the security 
executive agent, as just talked about with the 2.0 initiative, 
DOD is actively developing these alternative procedures for 
conducting background investigations, advantaging ourselves 
with all available technology and other things.
    Our fundamental concept is to build on the existing 
continuous evaluation program, which the security executive 
agent has already established, to build around that and 
supplement that with additional tools, such as risk rating 
tools, which analyze individual risks, analyze risk by 
position, and inform us of where to look and where to focus 
these processes. We have a process for automated records 
checks--some of this is in use today at NBIB--to build around 
that, to take the shell of continuous evaluation, enhance that 
with other tools that give us a full comprehensive picture on a 
contemporaneous basis of the risks that we are dealing with in 
individual risk, in human risk, associated with 
responsibilities, levels of responsibility, risk profiles, and 
a host of other data that are connected to other programs we 
have, such as insider threat, such as user monitoring, such as 
base access, facility access.
    We are in a position to aggregate that data to give us a 
much more comprehensive understanding of the risk than we 
currently have. That is the backbone of the automated process 
we're referring to. We have worked this with our colleagues 
here. We have shared it and briefed this to many of the 
industry leaders that you had in the previous panel and the 
organizations they represent. And there is full agreement of 
everyone I've briefed that this methodology is viable and 
sufficient and goes far beyond where we are today in updating 
our understanding of risk in the workforce to a more future-
looking state.
    We will soon--I said there's a condition about when we'll 
start. We will soon be submitting to the DNI our proposal 
requesting approval to begin phasing in the use of this process 
for selected segments of our workforce, and we will do this in 
a very graduated manner so we can assess and evaluate the 
results, everyone involved can understand what's taking place 
and appreciate where we are and accept the results. At the same 
time, we have to build up a capacity to do this on scale.
    So this is a ramp. The plan we submitted is a ramped plan. 
It's a three-part plan, over three years. As I said, we are 
prepared, subject to the concurrence of the security executive 
agent, to formally commence this in October of this year.
    This will be a long-term process and it will be done in a 
graduated manner. We will build up our capacity and we will 
bring everyone along with this, industry, government, 
Congressional oversight, all of our reporting requirements, all 
of our accountability requirements. We have every ability and 
full intent and no latitude not to uphold and not to represent 
what we're doing. There's nothing below the waterline that 
folks won't understand. We're very cognizant of this 
reciprocity issue and how people need to appreciate what's 
happening so they have trust and confidence in the system, and 
we're prepared to do that.
    We're equally mindful, as we do this, that we must continue 
to rely on the National Background Investigations Bureau to 
process the some 500,000 DOD cases that are in their inventory. 
Those cases have gone into that system. We are enabling NBIB to 
do that now. We are the sponsor for the IT system. We will 
continue to do that and build those tools out, all of which 
will transfer, but they will continue to be available to all of 
government, and all investigative services providers in the 
Federal Government will have access to these tools and 
procedures that we are developing.
    In the later stages of our plan, later into next year, we 
will begin working with NBIB to understand and implement the 
resource transfers. The financial resources we put into NBIB 
are on a pay-as-you-go, on a revolving fund. But the human 
capital, the Federal and contractor workforce that supports 
NBIB now, as they ramp down to a smaller population--we are 75 
percent of their business load roughly. So as we shift that, 
we're working with them right now and we have a commitment to 
provide a plan through the PAC principles of what our ramp-up 
plan is and what their ramp-down plan is, and obviously those 
need to be in harmony. We will continue to rely on them to work 
down the inventory and we will support and enable them to do 
so.
    I would just add here, they've done a tremendous job of 
dealing with a very difficult set of challenges with the 
inventory that Mr. Phalen inherited when he took that job, and 
we're very much appreciative of what they're doing.
    I can't underestimate the complexity of this endeavor. This 
is--as I said, it's about a $1.1 billion enterprise. We have a 
volume of 700,000 cases a year that they process for us. There 
are some 8 to 10,000 people that do this. And all of this will 
be in motion as we phase and implement this plan, keeping them 
whole and viable with a re-scoped mission and establishing our 
ability to do our mission, which would then be benefited by the 
fact that we have control of our own initiation process, the 
submissions piece, the investigations piece, and the 
adjudications, and then, very important going forward, the 
follow-up, the continuous vetting, continuous evaluation, 
foundations that I already discussed.
    We're working on this every day. We have great teamwork. We 
appreciate the support of Congress in this endeavor. Sir, thank 
you again and I look forward to your questions.
    [The prepared statement of Mr. Reid follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    Chairman Burr. Thank you, Mr. Reid.
    Mr. Payne.

   STATEMENT OF DANIEL E. PAYNE, DIRECTOR, DEFENSE SECURITY 
                 SERVICE, DEPARTMENT OF DEFENSE

    Mr. Payne. Mr. Chairman, Mr. Vice Chairman, members of the 
committee: Thank you very much for this opportunity to speak 
with you on this topic. You have my written statement. I'm not 
going to go into that. I'll try to keep my comments as brief as 
possible because I know you have a lot of questions.
    I will say that I am the individual who's going to be 
responsible for executing the mission in DOD for background 
investigations and begin to build that mission. As a result of 
that, Charlie and I have to work, Mr. Phalen and I, have to 
work very closely with each other and our teams have to work 
very closely with each other so that we do this in a manner 
that doesn't hinder NBIB's ability to work down the backlog 
while at the same time increasing our capacity to pick up these 
investigations.
    That being said, and in view of the previous panel that was 
here and the comments that came from the previous panel, I am 
responsible for industry security currently. While we do not do 
the background investigations ourselves--that's Mr. Phalen's 
organization that does that--we initiate the background 
investigations. I am the individual who grants interim security 
clearances and takes them away. I am also responsible for the 
execution of DOD's continuous evaluation program, which from my 
perspective has been greatly successful and is the way of the 
future. We have to go down this route if we are going to make 
the necessary changes to make this process better.
    In addition to that, the insider threat programs for DOD. I 
own the Defense Insider Threat Management and Analysis Center, 
which is where all of the insider threat concerns in DOD come 
to. We work with the individual agencies within DOD to resolve 
those particular issues.
    All of those things combined, as Mr. Reid outlined a few 
minutes ago, all of those things combined are things that we 
did not have back in 2004, 2005 when DOD had the initial 
mission for background investigations. We have them now. That's 
the way of the future. That is the way that we have to go.
    If we are going to make any progress in making this program 
faster and making this program more secure, we've got to look 
at a different methodology of doing this. It has to--we have to 
utilize continuous evaluation and automated processes, many of 
which Mr. Reid outlined in his statement. But in addition to 
that, we have to look at the standards. We have to change 
standards. If we are going to do this successfully, we have to 
change standards. That's going to result in some big decisions 
on our part, and those big decisions pertain to how much risk 
we are willing to accept.
    As Mr. Berteau in the previous panel stated, we're never 
going to be able to reduce the risk to zero unless we stop 
hiring. Obviously, we can't do that. There's always going to be 
risk involved in the investigative process. There's always 
going to be risk involved in the security clearance process. 
What we have to determine is how much risk we find acceptable.
    Thank you very much.
    [The prepared statement of Mr. Payne follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
   
    
    Chairman Burr. Thank you, Mr. Payne. Thank you to all of 
our witnesses.
    Again, we'll recognize members based upon seniority for up 
to five minutes. I recognize myself first.
    I'm going to tell you a story. The story starts about ten 
years ago. A 22-year-old graduates college, never even plans to 
work for government, gets offered a job, a civilian at DOD. 
Couldn't be more excited. Parents more excited than he was. 
Job, paycheck, things that you hope they're going to find. Then 
a process of 11 months of security clearance.
    It gets back to some things that were said in the first 
panel. I don't think that I'm an exception. That happened to be 
my son. Here's a kid that is incredibly excited to work for 
government, work where he did, ready to go. And after 11 
months, he wonders whether he made the right decision. He 
didn't lose his skills, like some will do today if it's 
technological. But the question is, how much of that initial 
passion for working for government do you lose from the 
standpoint of retention down the road?
    Understand, I get it first-hand why we've got to accomplish 
what you've set out to do. It is unacceptable to this next 
generation, just the fact that things go so slowly. I say that 
with full knowledge, and I'm still talking about the Federal 
Government, and there are some things even Congress can't 
change. But the reality is that we can do much better.
    Mr. Reid, I thank you for your brief almost a year ago. The 
fact is the time line's about exactly where you told us it was 
going to be. We're excited to see the roll-out. Mr. Payne, a 
lot of pressure on your shoulders. I get that. But we can't go 
forward unless we do this. I know the commitment of Dan Coats 
and I don't think that that's going to change as long as he's 
there. I think now we're matching it with a desire by members 
of Congress to make sure we not only identify those things that 
need to be changed, but we accomplish the solution. So I think 
that we've got good partners.
    Mr. Reid, Mr. Payne, this is to you. Are there additional 
authorities that you need to accomplish this roll-out and 
eventually fully move the system to what you have designed?
    Mr. Reid. Senator, from an authorities standpoint, Section 
925 of the current NDAA gives us--reinforces the Secretary's 
authority in the first instance to conduct background 
investigations, which was a plus. It also provides direction, 
not so much authority, for us to consolidate other elements 
within the Department, which also is very helpful.
    Chairman Burr. Let me ask it a different way.
    Mr. Reid. Yes, sir.
    Chairman Burr. Is there anything in Federal statute today--
--
    Mr. Reid. No, sir.
    Chairman Burr [continuing]. That hinders your ability to 
change your review process the way you think it needs to be 
done?
    Mr. Reid. Not that I'm aware, not in statute. Now, we are 
wholly dependent on Director Coats and his leadership to 
approve, as I outlined, our alternative process. The Secretary 
cannot, Secretary Mattis, cannot do that unilaterally. We are 
beholden to the security executive agent and the suitability 
executive agent for the standards they set and the process they 
control. We don't have a problem with that process. We're 
eagerly looking forward to participating in the Trusted 
Workforce 2.0, because it comports to the plan that we've 
already set out to conduct. So I do not believe there's 
anything in Federal law that is an impediment to what we want 
to do, sir.
    Chairman Burr. Mr. Dunbar, I'd also ask you to go back and 
make sure from an ODNI standpoint that there's not some statute 
out there that is going to pop its ugly head up and say: Well, 
you know, this does make a lot of sense, what we're doing over 
here, but you can't do that until we change this statute. If 
we've got things to change, let us know now so that we can 
implement this on the timeline that's designed.
    Mr. Dunbar. Yes, Senator, absolutely.
    Chairman Burr. I should have said this at the first panel 
and I'll say it now. I'm not adverse to additional 
investigators. I'm not adverse to increasing funding. I am 
adverse in doing either of those things before we change the 
system. So until you change, it's hard to truly evaluate what 
the need is going to be, what the cost is going to be.
    I am hopeful--and I think, Mr. Reid, this is your intent--
that this takes the timeline for security approval and drives 
it down. Can you give us what your goal is from a standpoint of 
a timeline? If today--if 9 years ago it took 11 months, I can't 
imagine what it is today for that similar TS-SCI individual. 
What's your goal now?
    Mr. Reid. Yes, sir. The established goals for each level of 
clearance are attainable under our plan, but, better than that, 
under our plan--currently, for a SECRET reinvestigation, the 
guideline goal is 145 days. It's taking about twice that long. 
Under our plan, our vision is that that periodic 
reinvestigation as it's currently conducted does not exist, 
that a contemporaneous continuous vetting process would be 
implemented in place of that.
    Now, there will still be deliberate face-to-face sort of 
re-upping of employees. It's not autopilot. But the monitoring 
and the reporting, which we are already doing in our program 
now, will be the backbone. So the answer to that question is 
the goal is to eliminate the requirement currently existing for 
periodic reinvestigations at all levels. We have some work to 
do to get beyond the first level.
    Chairman Burr. What can I tell that next 22-year-old who 
wants to be a civilian DOD employee and is getting ready to go 
through the background check, 22 years old, out of school, 
never lived anywhere but school and home? How long is it going 
to take to process him for a clearance?
    Mr. Reid. Again, under the current process that ranges from 
200 to 400 days. Under the future process, it's perfectly 
attainable to get down to, in the current guidelines, which are 
for TOP SECRET 150 days, but we feel it can go much lower with 
the automation and the tools that I described, sir.
    Chairman Burr. Vice Chair.
    Vice Chairman Warner. Thank you, Mr. Chairman.
    I think we've heard a lot of commonality from the first 
panel to the second panel in terms of goals. It's not a new 
problem. But I look at just the last, performance over the last 
couple years. We've had doubling of the backlog. From Mr. 
Phalen, while you say it's stabilized, I don't hear--and I'm 
going to come to you in a couple minutes--when are we going to 
actually get it down?
    We've had a doubling of the costs. We have everybody using 
the term ``continuous evaluation,'' yet we seem to not have 
commonality on that or how we're going to get there. We have 
the notion of increased technology. But again, I don't see a 
timeline presented. We see in certain areas, for example, the 
financial sector, where there are enormous security concerns, 
they have been able to implement tools like continuous 
evaluation using increased technology.
    I get the frustration on the DOD side that say, we've got 
to split this up. But we're talking about an effort to go with, 
if we accept some of the industry's interest in terms of one 
application, one investigation, one adjudication, and one 
clearance, it seems like we're going the opposite direction.
    So I'd like to hear either from Mr. Reid or Mr. Payne how 
we make sure, if we go through this process, we're not going to 
simply create more duplication, less portability, less 
reciprocity, than what we have right now, which again I'm the 
first to acknowledge is not working.
    Mr. Reid. Yes, sir. The application, the standards, are 
federally directed. There is one, there is one standard. What 
we are embarking on and preparing to implement is an 
alternative methodology to reach those standards. Now, in 
parallel, these guys talked about everyone getting together and 
looking at the standards. If they change, they'll change for 
everybody. We're not creating a new standard. We're not 
creating a new application. We are automating behind the 
application the process that we go through to collect the data 
that's relevant to form the basis of a background 
investigation, that becomes the basis of an adjudicative 
decision or determination.
    We are not changing the standard, sir.
    Vice Chairman Warner. Recognizing that you are the vast 
majority, how are you going to make sure the goal of 
reciprocity and portability takes place as you build this new 
system?
    Mr. Reid. In the very first instance, sir, that will be by 
adhering to the guidelines set by the executive agents in 
everything we implement. We do not have unilateral authority to 
change that process without the executive agents' concurrence. 
So we will align our process to their standard.
    Vice Chairman Warner. Respectfully, I know you're trying to 
head us in the right direction, but it sounds like a lot of 
process words rather than specific guidelines, timetables, and 
how we're going to get there.
    Let me just--and while I share the Chairman's concern about 
simply throwing money at it, but my understanding is there's an 
awful lot of agencies, they kind of build this into their G&A 
and they don't continue to prioritize funding, so that the 
funding that is even supposed to be there isn't getting there. 
So I don't think we ought to throw more dollars, but I do think 
we need to make sure that agencies make this a priority within 
their funding scheme. I hope DOD, which has gotten a very 
generous bump-up in the last budget--if you're going to take 
this on, it would be very disappointing, at least to this 
Senator, if we came back and said, ``Well, we didn't have the 
dough to do it.''
    I'm going to go to Mr. Phalen. Mr. Phalen, stabilizing at 
700,000 is not acceptable. It's just not acceptable. I'd like 
to know when we're going to start seeing those numbers driven 
down on the backlog.
    Also, Senator Heinrich raised issues on the earlier hearing 
about new techniques that some of the government labs were 
using in terms of, for example, hubbing interviews. Why is it 
taking so long to try to implement what seems to make common 
sense in terms of hubbing interviews. I've got an area like 
Norfolk, Virginia, where we've got huge numbers of people 
trying to--waiting for clearances. What can you talk--what can 
you say specifically about using these tools that seem to be 
working in DOE kind of across the breadth in other areas where 
there's concentration of Federal employees, like Norfolk in my 
area or Northern Virginia in my area?
    Start with how we're going to drive that 700,000 backlog 
down, not stabilize it, drive it down.
    Mr. Phalen. Starting one step even further behind that, 
when I first joined this organization 17 months ago, the 
capacity to conduct the work that we were required to do was 
insufficient to conduct that work, period. That's why, as you 
saw in the first few months after we stood up, that that 
inventory continued to rise as opposed to begin to stabilize.
    When we reach the point where we have the same capacity 
that we had in 2014 when this all fell apart, that's a way 
station along the way to reach that point of stabilization. 
It's not the endgame. In one sense, I'm proud we hit that 
stabilization, but I'm not proud that we have not brought that 
inventory down. Our goal is to bring it down. Last week I noted 
to a committee on the other side, the House side, that we are 
looking at potentially as much as 15 to 20 percent reduction by 
this time--not by this time--by the end of the calendar year. 
That's still not sufficient, but it will be--by itself, it will 
begin to drive that number down. It will probably take us a 
couple of years to get down to a level that is much more 
effective.
    Along the way, we are trying a number of things. We've 
talked about technology. We need to be able to get at 
information, collect information more reliably, more quickly, 
through technology, as opposed to shoe leather, as was 
mentioned in the previous session. The problem is getting to 
some of those sources right now, particularly law enforcement 
sources, is not as easy as one would hope, and we still have to 
put a lot of people on the street to find police records in 
relevant areas. But we're continuing to work on that closely 
with the police agencies at the State and local, Federal, 
tribal level, to continue to do that.
    You talked about hubbing. We started that with the 
Department of Energy as a surge rather than hubbing, about 17, 
18 months ago in Los Alamos. It looked very promising. We have 
since that point, we have done a number of things that are both 
hubbing and surging. One is more concentrated than the other. 
Most recently, we finished one in Wright-Paterson Air Force 
Base in the Dayton area. We recognized an increased efficiency 
of somewhere in the low 40 percent positive note. In other 
words, what would normally be an hour's worth of work they were 
finishing in 36 minutes. That's a rough estimate. They were far 
more productive in that hubbing area.
    You mentioned the area around Tidewater. We are actually 
beginning a session in Tidewater on April 1st. We have pulled 
together all of our--all the Federal agencies that are down 
there, all the DOD agencies that are down there and pull 
together all of our assets, both staff and contract 
investigators, and we're going to focus on that area.
    But that is one of probably about eight or nine that I 
could mention just in the last year where we have actually done 
this and found very positive results. Certainly Dayton, San 
Antonio, out in Nevada, Tinker Air Force Base, Oklahoma City. I 
mentioned Tidewater. And one that I think is going to be very 
promising to us on two fronts. One is, we've been working with 
industry directly to find areas, not by company, but by 
geography and by program, to find those areas in the country 
where we can again focus our resources--places like Southern 
California, places again like Tidewater, like the Space Coast 
in Florida, where we can bring that together and work with 
industry to bring--to focus our energies down there.
    A second part of that is, to follow on to a comment that 
was made I believe by one of the early panelists, it's clear to 
me from both our current work and my last experiences in life 
that industry collects an awful lot of data before they put 
somebody in for a clearance, before they even decide to hire 
somebody. We need to find a way to leverage the work that they 
have already done, accept it, and build it into part of the 
process, and not having to go back and ask those same 
questions. That will by itself reduce a lot of time in 
collection and effort.
    That's sort of a high-level view. I hope that it gets to 
some of those points you mentioned, sir.
    Vice Chairman Warner. I'm curious you didn't mention 
National Capital Region as one of these areas that would be a 
recipient of a hubbing area, since it's the greatest 
concentration of the need for clearances.
    Mr. Phalen. Interestingly enough, l asked that question 
yesterday and spoke to the folks in charge of the activities in 
this area. We are in the Washington, D.C., area, for work that 
has to be done in the Washington area, we are actually pretty 
close to being up to speed in the Washington, D.C., area. It is 
other parts of the country where somebody's background may take 
them to other parts of the country where it is not as up to 
speed as it could be.
    Vice Chairman Warner. I'll be happy to send a lot of my 
friends in the contractor community to you on that fact. They 
don't believe that fact.
    Mr. Phalen. Understood.
    Chairman Burr. Senator Lankford.
    Senator Lankford. Thank you, Mr. Chairman.
    Mr. Reid, has DOD done its own background investigations 
and work before and then handed that back over to the whole of 
government?
    Mr. Reid. Yes, sir. Prior to 2005, we had responsibility 
for our background investigations at what's now the Defense 
Security Service.
    Senator Lankford. So what's the lesson learned there? So 
why is this time going to be better, because last time it was 
turned over and then now it's coming back? Give me the key 
lessons learned?
    Mr. Reid. Mr. Payne touched on one of those, sir. That is, 
having the comprehensive process in place to deal with the 
volume and the scale of investigative items. The continuous 
evaluation tools that we have now are different, the risk-
grading and automated record checks; additional tools that we 
are developing to streamline the submission process within the 
Department. If you look at the current process and you look at 
past practice, there's a high percentage of drag in the system 
between submission and investigation, just to get the 
submission clean and get all the data. We have tools in place 
already to improve upon that.
    I talked about the streamlined background investigations 
and then the centrality and the positioning of our consolidated 
adjudications facility, which did not exist at that time 
either. So we have in place, or we will have in place when we 
move investigations back, all three pieces of this enterprise--
submissions, investigations, and adjudications--all under a 
single organization, with the authority and the resources and 
the mission focus.
    I would just say currently, sir, Deputy Secretary Shanahan, 
the number one reform agenda for him is this clearance reform. 
Secretary Mattis firmly, firmly, actively involved in pushing 
us to better solutions and to make this functionality not a 
back office thing that someone does in the Department, not an 
administrative thing, but the security focus that exists in the 
leadership team now--I can't say what it was in 2005--it could 
not be any higher today, and we have the pieces aligned to put 
this into action.
    Senator Lankford. So give me two goals that are the nickels 
and noses type goals here? Will this drive down costs? And will 
this speed up the process?
    Mr. Reid. Yes and yes.
    Senator Lankford. Give me a ballpark of what that means?
    Mr. Reid. In terms of speeding the process, again, current 
timelines, we're experiencing 150 or so days for a SECRET-level 
reinvestigation. We will eliminate that requirement completely. 
So there's a time improvement there.
    Current background investigation field activities, field 
work, our studies and our pilots and everything we put into 
place now, using aggregated data tools that I've talked about 
can get us 90 percent of everything we're getting now from the 
field investigation on the front end; and then the tools can 
focus on the last 10 percent. We will still have to go out and 
do some field work, but 90 percent of the field work can be 
handled through automated processes. So that will drive down 
the capacity needed to do those field investigations, and 
therefore drive down the cost per unit that we currently 
provide to OPM.
    Senator Lankford. You had said first-time approval is still 
at 150 days. That's still your assumption, first time, new 
person, new hire?
    Mr. Reid. That's the reinvestigation. But currently it's 
about the same for the initial SECRET, at the SECRET level.
    Senator Lankford. And you assume it's going to still stay, 
that 150 days?
    Mr. Reid. Pardon me, sir?
    Senator Lankford. You assume that it will still stay 150 
days? Currently it's 150 days. You assume when you transition 
it over it will still be 150 days for a first-time hire, brand-
new investigation?
    Mr. Reid. No, sir, no. That's the current standard. I don't 
know today how fast we'll be able to do a SECRET. My 
anticipation is it can be done in a matter of days. There's 
processes in place now to gain access to certain programs and 
facilities even here in the D.C. area, that run a series of 
automated checks that are very thorough, and it takes 20 
minutes. I don't know that we're going to be at 20 minutes. And 
you always are going to have things you have to go check.
    Senator Lankford. Back to the Chairman's question when he 
talked about the 22-year-old, when he asked you specifically on 
that how long it's going to take, that's when you gave him the 
answer of 150 days. So I'm trying to be able to----
    Mr. Reid. That's the current standard, sir. I apologize.
    Senator Lankford. All right. So you're thinking it's not 
going to be 150 days; it could be a couple of weeks?
    Mr. Reid. Absolutely. At the SECRET level, absolutely. No 
reason why that can't be.
    Senator Lankford. Mr. Payne, do you concur on that?
    Mr. Payne. I do. I think some of the things that we have in 
place right now, again as Mr. Reid outlined, using continuous 
evaluation--maybe I want to finesse that a little bit: 
continuous evaluation as opposed to continuous vetting. So 
continuous evaluation, the program set up by the DNI, is 
designed to look at the risks in between periods of 
reinvestigation. When we talk about--and they have seven data 
sources that they're requiring every agency to utilize when 
they do continuous evaluation.
    When I talk about continuous vetting, I'm looking at 
expanding that into other data sources, data sources within 
DOD, other data sources within the U.S. Government, other data 
sources within the public sector, that we can pull all those 
things together, many of which are required already for the 
SECRET-level reinvestigations, and do those on a continuous 
basis.
    If we're doing those things on a continuous basis, there is 
no need to do a reinvestigation on someone at the SECRET level 
unless you come up with derogatory information. So that's where 
the significant savings is going to be.
    Senator Lankford. Thank you.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator King.
    Senator King. Thank you, Mr. Chairman.
    I've been surprised in this hearing that we haven't had to 
talk much about money. Mr. Phalen, do you have adequate--and 
Mr. Reid; are there adequate resources in terms of money and 
people? Is it just management and automation? Or are there 
shortfalls in terms of the number of people necessary to do 
these, to work down this backlog?
    Mr. Phalen. Under the current process, in our current 
operation, we operate in a working capital fund, a revolving 
fund. Agencies that wish to have an investigation done give us 
the money to have the investigation done. So from our 
standpoint, it is: Here's the money; do an investigation. So 
we're not short of funding to do these investigations on our 
end.
    I think a better question would be: Are the agencies that 
need to have an investigation conducted funded appropriately to 
identify the money to send to us to do the investigation?
    Senator King. Are there sufficient personnel? Are there 
people? Our economy is pretty tight. Are there people? Is there 
a shortage of qualified people to do this work?
    Mr. Phalen. The high-end folks to do the investigative work 
as a population are stressed at this point to hit beyond where 
we are, although we have encouraged our suppliers and ourselves 
to continue hiring. So today there are nearly adequate, but we 
still have much more work to do. And if we don't change today's 
processes, some of the things you've heard already, then we 
will still need to continue hiring beyond all that, and that 
puts even greater stress on the total number of people we have 
to do it.
    Senator King. So that's an additional imperative to seek 
technological productivity?
    Mr. Phalen. Yes. It's to make the current people more 
productive and to reduce the need for having people in there, 
yes.
    Senator King. I think this could go to any of you. I'll 
address it to Mr. Reid. Is the portability that we've talked 
about part of this sort of revamped plan, Mr. Phalen, Mr. Reid, 
to consider that factor so that we don't have to redo these 
tests? Let me ask a specific question. We heard about DHS, 
where you might have to have a whole new investigation to go 
from one job to another in the same agency. Does that--please 
tell me that doesn't happen in the Department of Defense.
    Mr. Reid. No, sir, it does not. But we have single 
adjudication facility all under one roof. In DHS, the 
aggregation of independent agencies that were brought together 
in DHS, they're still operating it differently. But we have for 
years, had a single adjudication facility within the 
Department, and external to the Department because----
    Senator King. So the clearances are portable within the 
Department of Defense?
    Mr. Reid. Absolutely, sir.
    Senator King. Is the portability issue in other agencies 
part of this reinvention that's going on?
    Mr. Reid. The interesting part is that it is mostly today a 
singular investigation. Any agency can use the investigation we 
do to conduct an adjudication. But it is up to that agency to 
do the adjudication. In the example you heard earlier within 
DHS, with the same set of facts they may decide to ask for more 
information, ask for a re-adjudication.
    Senator King. So portability isn't a part of the overall 
structure of the new system. It's an agency by agency decision 
whether they will accept, whether they will do reciprocity?
    Mr. Reid. I'd say it's less about structure and more about 
both empowering them and encouraging them to accept the 
decisions made by others in previous lives. So a decision made 
by one agency, for the second agency to accept that that first 
agency probably did a pretty good job and was honest about how 
they approached it to accept the results of that first 
investigation, and not--maybe another question, but not ask a 
lot more about it, not reinvestigate it, not--I'm sorry--not 
re-initiate an investigation.
    Senator King. Thank you.
    Mr. Reid, why is it that it's taking so long, has taken and 
apparently will take so long, to transition from the OPM to 
Department of Defense? You are talking about 2020, I think, and 
it started last year.
    Mr. Reid. The Defense Authorization Act requires us to 
implement the plan by October 2020. We intend to implement the 
plan in October of 2018. We're projecting a three-year, three-
phase plan, starting at the SECRET----
    Senator King. You're going to bring it in on time and under 
budget?
    Mr. Reid. Well, it says start by 2020. So we will start 
now. It didn't tell us how long to finish, but we submitted a 
three-year plan. So logically the expectation is we take three 
years.
    When we moved it out of DOD last time, it took more than 
five years. And it's more complicated. But the short answer to 
your question: We want to do it in a phased, deliberate, and 
graduated way. We have to keep our partner agency whole. They 
support a lot of other agencies in the government and they rely 
on us to do that. It will help them work down their inventory. 
Once we start processing new cases separately, that will drive 
down the new work that goes to Mr. Phalen of tens of thousands 
of cases a week that we are providing them now. We will turn 
off that spigot, help with the backlog, as we build up our own 
capacity and capability.
    Senator King. I'm out of time, but, Mr. Payne, very 
quickly: You used a phrase that struck me. You said: We have to 
change the standards. What did you mean when you said that? You 
mean lower the standards?
    Mr. Payne. I don't necessarily mean lower the standards, 
but we have to--the Federal investigative standards dictate 
what steps have to be taken to achieve a SECRET level security 
clearance or a TOP SECRET level security clearance. Again, as 
has been outlined, we----
    Senator King. It's the steps that might have to be----
    Mr. Payne. That's correct.
    Senator King [continuing]. Compressed, not necessarily----
    Mr. Payne. Not the adjudicative standards necessarily, the 
investigative standards.
    Senator King. That's what I needed to know. Thank you very 
much.
    Thank you, Mr. Chairman.
    Chairman Burr. Senator Wyden.
    Senator Wyden. Thank you very much, Mr. Chairman.
    A question for you, Mr. Phalen. I've made a special focus 
of my work during this Russian inquiry the follow-the-money 
kinds of questions. I want to ask you a couple of questions 
relating to that. For you, I think, Mr. Phalen, the question 
is: Should someone who fails to disclose financial 
entanglements with a foreign adversary be eligible for a 
security clearance? That is a yes or no question.
    Mr. Phalen. I'm not sure I have a yes or no answer for you, 
sir. I believe it would play a prominent role in a decision as 
to whether that individual should be granted a clearance, and 
it is not an inconsequential question to ask.
    Senator Wyden. But how is it not an up or down, yes or no? 
We're talking about significant financial entanglements with a 
foreign adversary. Shouldn't somebody who fails to disclose 
it--I mean, it's one thing if it's disclosed and you have a 
debate and, like you say, it's balancing. But failure to 
disclose seems to me a different matter altogether.
    So I gather you don't think necessarily that somebody who 
fails to disclose a significant financial entanglement with a 
foreign adversary should be denied a security clearance?
    Mr. Phalen. That is not what I meant to say.
    Senator Wyden. Well, go ahead. Tell me what you mean to 
say?
    Mr. Phalen. Under the adjudicative standards--and I would 
defer also to Mr. Dunbar to reply to this as well. Under the 
adjudicative standards, there is nothing that says ``If you do 
this, you can't have a clearance.'' It says to the adjudicator 
to take into account all that you know about this individual, 
make a decision regarding their candor, regarding their 
entanglements, regarding their families, regarding crime, 
regarding all sorts of things, and make a decision.
    I would say that the scenario you outline would play a 
prominent thought to be considered during the adjudication. But 
there's nothing in today's standards that says any of those 
things by themselves are disqualifying. It would be a very 
important piece to consider.
    Senator Wyden. Do you believe it ought to be disqualifying?
    Mr. Phalen. I would have a hard time overcoming that.
    Senator Wyden. Great. Thank you.
    Okay. Mr. Dunbar, question for you. Jared Kushner's interim 
access to TOP SECRET-SCI information has raised a variety of 
questions. Under what circumstances should individuals with an 
interim clearance get that type of access? That's for you, Mr. 
Dunbar.
    Mr. Dunbar. Senator, as we've heard earlier today with the 
industry panel, interim clearances have been used throughout 
the government for some time, many years. There are two 
specific governing documents for interim clearances and the 
guidance that's out there now allows interim clearances at the 
SECRET level as well as the TOP SECRET level.
    There are situations called out in the guidelines which 
speak to urgency of circumstances, those types of ideas about 
how when someone might be granted an interim security 
clearance. I believe an example that would be applicable here 
is an incoming Administration, which has the need to on-board 
personnel and get them in positions as soon as possible in 
order that they can perform the duties of their function.
    In regard to Mr. Kushner's specific case, the DNI sets 
policy, standards, and requirements. As Mr. Phalen has stated, 
each individual adjudication--and this is contained in the 
Security Executive Agent No. 4--is treated based on the whole 
person concept, in which every particular piece of information, 
positive and negative, past, present, all of those things, are 
factored into the adjudication.
    As Mr. Phalen has stated, in my opinion the issues which 
you've raised, Senator, would be issues which would need to be 
thoroughly vetted in the course of the investigation. I have no 
reason to doubt that the Federal Bureau of Investigation would 
not investigate each and every issue very fulsomely.
    Senator Wyden. Let me ask one other question. During our 
open hearing, in fact I think it was Worldwide Threats, the 
Vice Chairman, to his credit, mentioned security clearance as 
being central to the question of protecting sources and 
methods. I asked FBI Director Wray, with respect to Rob Porter, 
how that decision was made. I mean, when did the FBI notify the 
White House? It was clear when you listen to Director Wray's 
answer, it did not resemble what John Kelly had actually been 
saying to the American people.
    So I'm still very concerned about who makes decisions at 
the White House. With regard to White House personnel, in your 
view, Mr. Dunbar, who would make the decision to grant an 
interim clearance holder access to TOP SECRET-SCI information?
    Mr. Dunbar. Senator, that decision would be made, in my 
understanding, by the White House Office of Personnel Security, 
based on an investigation conducted by the FBI.
    Senator Wyden. My time is up. I would only say, I'm not so 
sure as of now who actually makes that decision, because we've 
heard Mr. Kelly speak on it. I understand the point that was 
made by all of you who are testifying. I think it still remains 
to be seen who would make that decision to grant an interim 
clearance.
    I'm over my time. Thank you for the courtesy, Mr. Chairman.
    Chairman Burr. Before I turn to Senator Harris: Mr. Phalen, 
since you do most of these right now, is it unusual or is it 
acceptable that if an individual who's filed for a security 
clearance finds out they left something off their application--
are they offered the opportunity to update that for 
consideration?
    Mr. Phalen. Yes.
    Chairman Burr. So if somebody left it off, they could add 
it on and that would be considered in the whole of the 
evaluation?
    Mr. Phalen. Yes, it would be, at any time during the 
investigation. What we frequently find is two scenarios. Number 
one is: I just forgot when I was filling out the SF-86 to put 
that on there as an individual issue. And there are times when 
we will go in and conduct the investigation, have the face-to-
face conversation.
    Chairman Burr. So that's actually happened more than the 
one instance that Senator Wyden referred to?
    Mr. Phalen. We find it happens with some regularity.
    Chairman Burr. Thank you.
    Senator Harris.
    Senator Harris. Thank you.
    Mr. Phalen, it's important I think for the public to 
understand why these background checks are so important to 
determining one's suitability to have access to classified 
information. Can you please explain to the American public why 
these background checks are so important to national security?
    Mr. Phalen. Yes. In taking a background check, in addition 
to both the investigative piece and then ultimately a decision 
by a government agency to grant that person access to 
information or have some level of public trust, we owe it to--I 
think we as a government owe it to the American people and to 
the American taxpayer to ensure that people who are working in 
the national security arena and in areas where there is a 
public trust, that we have done everything we can within 
reason, to determine that that person can--that trust can be 
placed into that person.
    I know in an earlier part of the conversation, earlier 
hearing, there was a conversation about should we reduce the 
number of people that have clearances? I think there's not so 
much a counter-argument to that, but when we have people across 
this particular environment and in the earlier panel where they 
have access daily to national security information, secrets 
that give this country an edge in war, in peace, and other 
sorts of things, and at the same time we have our industrial 
partners that we work with that are building all those tools 
that help us fight those wars or keep that peace. This is a 
very simple thing I've said in other venues: Do you want to 
have less trust in the guy who is turning bolts on an F-35 
assembly line or more trust? My argument is we probably want 
more trust rather than less.
    Senator Harris. And in addition to the trust point, isn't 
it also the case that the Code of Federal Regulations lays out 
13 criteria for determining suitability, not only to determine 
who we can trust, but also to expose what might be weaknesses 
in a person's background that make them susceptible to 
compromise and manipulation by foreign governments and 
adversaries.
    Mr. Dunbar. That is correct. This is a process that is both 
looking at history to ask if you have--do you already have a 
record of betraying that trust and, perhaps more importantly, 
both for initial investigations and for the continuous vetting 
or continuous evaluation portion, to say, ``What is changing in 
their lives and how do we predict whether they are going to go 
horribly bad before they get that far?''
    Senator Harris. So there are 13 criteria, as I've 
mentioned. One is financial considerations. I'm going to assume 
that we have these 13 factors because we have imagined 
scenarios wherein each of them and certainly any combination of 
them could render someone susceptible to the kind of 
manipulation that we have discussed.
    So can you tell us what we imagine might be the exposure 
and the weakness of an applicant when we are concerned about 
their financial interests, and in particular those related to 
foreign financial considerations?
    Mr. Dunbar. In a nutshell, it would be an individual who 
has entangled themselves, whether it's foreign or not, in 
financial obligations that have put them in over their head. 
And oftentimes this causes people to make bad decisions, bad 
life decisions. In some of these cases, we've found from the 
history of espionage it causes them to decide, ``Well, I've got 
something valuable here; let me sell it to somebody.''
    Senator Harris. How much information is an applicant 
required to give related to foreign financial considerations?
    Mr. Dunbar. They're required to identify foreign financial 
investigations, foreign financial obligations, foreign 
property.
    Senator Harris. Foreign loans?
    Mr. Dunbar. That would be a financial obligation, yes.
    Senator Harris. Of course.
    Mr. Dunbar. Yes.
    Senator Harris. When we talk about foreign influence and it 
is listed as a concern, what exactly does that mean in terms of 
foreign influence? What are we looking at?
    Mr. Dunbar. It would be, how am I or am I influenced by 
either a relationship I have with someone who is foreign, a 
relationship I have with an entity that is foreign? That could 
be a company. It could be a prior or co-existing citizenship I 
have with a foreign country. It could be a family member who is 
someone from a foreign country. And how much influence any of 
those things would have over my judgment as to whether I'm 
going to protect or not protect secrets and trust.
    Senator Harris. Given your extensive experience and 
knowledge in this area, can you tell us what are the things 
that individuals are most commonly blackmailed for?
    Mr. Dunbar. It is not--I'd have to go back and do some more 
research. The instances of blackmail by people committing 
espionage is not as substantial as the incidence of people who 
have simply made a bad decision based on financial or other 
entanglements. They just make a poor decision and decide that, 
my personal life is worth more than my country.
    Senator Harris. Then I have one final question, and this is 
for Mr. Payne. According to press reports last fall, you said, 
quote: ``If we don't do interim clearances, nothing gets 
done.'' You continued to say: ``I've got murderers who have 
access to classified information. I have rapists, I have 
pedophiles, I have people involved in child porn. I have all 
these things at the interim clearance level, and I'm pulling 
their clearances on a weekly basis.''
    This obviously causes and would cause anyone great concern, 
the problem of course being that the inference there is that 
interim clearances don't disclose very serious elements of 
someone's background. So can you please tell us--and we also 
know, according to press reports, that there are more than 100 
staffers in the Executive Office of the President who are 
operating on interim clearances--what we are going to do about 
this?
    Mr. Payne. I will say that the length of time that someone 
stays in an interim capacity has to be limited as much as 
possible. Just to give you an example from DOD's standpoint, in 
my area of jurisdiction right now is industry, cleared 
industry. Last year we issued 80,000 interim clearances to 
industry. Currently there is about 58,000 people on interim 
clearances.
    If you look at the timeline that they have been involved or 
they have had their interim clearances, it ranges anywhere from 
six months to two years. But if you look at just the last year 
in terms of interim clearances, and I'll give you a couple of 
statistics here, 486 people from industry had their clearances 
denied last year, their main security clearance, their full 
security clearance. They were denied. Of those, 165 of those 
individuals had been granted interim clearances.
    Now, during the process of the investigation information 
was developed during the investigation that resulted in us 
pulling the interim clearances of 151 of those individuals, and 
the remainder were individuals who did things after they 
received their interim clearances. So the risk--you could see 
the risk that is involved with interim clearances and the need 
to reduce the amount of time that we have somebody in an 
interim capacity as much as possible.
    Senator Harris. I agree.
    Thank you.
    Chairman Burr. Vice Chair.
    Vice Chairman Warner. One, I appreciate the panel, and I 
appreciate your answers, and the first panel as well. This is a 
high, high priority issue, I think, for all of us; and it is 
remarkably non-partisan. We've got to get this improved.
    I will leave you with one--because it's been a long morning 
already, I will leave you all with one question for the record, 
because it was raised in the first panel, but we didn't get a 
chance to raise it today. I'd like to get a fulsome answer from 
each of you. I would argue that, particularly in an era of more 
and more open-source documents, we have to take a fresh look at 
the need to have over four million-plus people actually have to 
go through a clearance process of any type, and particularly 
the tremendous growth of TOP SECRET clearances versus simply 
SECRET.
    So I'd like to hear back in writing from all of you, what 
can we do and what would be your policy recommendations so that 
we could not have so many people actually have to funnel 
through on the demand side on a going-forward basis, where more 
and more information is going to be out?
    Thank you, Mr. Chairman. Thank you again for holding this 
in an open setting.
    Chairman Burr. I thank the Vice Chairman. I thank all of 
the members. This is one of those issues that the membership of 
this committee has been extremely engaged on. I want to thank 
those first, the first panel members who chose to stay and 
listen to the government witnesses. I'm always shocked at the 
number of people that have the opportunity to testify and stay 
and choose not to do that. So I really respect the ones that do 
take the time to do that.
    I thank all four of you for not only providing us your 
testimony today, but for the jobs you do. Mr. Payne, you've got 
a big job. Mr. Reid, you've led this charge. Mr. Phalen, you 
walked in. Not many people would take the job, and you have 
performed as well as one can do, and that's faced with losing 
80 percent of your business down the road, knowing that.
    Mr. Dunbar, I'm not sure you knew that you'd signed up for 
this when Director Coats asked you to come in. But this is--
it's important. As we've chatted up here as other members have 
gotten an opportunity to question you, we're really confident 
that this might be a model that we're beginning to see that we 
can replicate and that the energy between you and Mr. Phalen, 
that exchange is going to happen, and that there's a real 
opportunity then for Director Coats to coalesce the rest of 
government towards this model.
    The one thing--one word that didn't come up in the second 
panel, might have come up once or twice, that came up 
frequently in the first one, was ``reciprocity,'' because 
there's nothing that either one of you are doing on both ends 
where it solves the problem of reciprocity within an agency or 
from agency to agency. I can tell you, we've got a security 
officer that got her security clearance at the State 
Department, but when she came to be security officer for us, 
the State Department said, ``We don't have accreditation with 
the CIA,'' so she had to physically go pick up her paperwork 
and take it to the agency to be recognized.
    You'd think in 2018 something like that wouldn't exist. 
It's bad enough that it does, but I think when we look at why 
are we doing this, it's really not to solve that problem; it's 
to make sure that the next generation of workers that are going 
to come through the pipeline actually want to do it and can do 
it, and they do it in a time frame that they're accustomed to.
    It always mystifies me that somebody is willing to share 
their entire life story, because they do. Right, Mr. Phalen? 
Everything's out there to be exposed, because they believe in 
what they're doing. I want to make sure the next generation has 
just as much passion about doing this.
    We wouldn't be quite as involved as a committee if it 
wasn't for the passion of the Vice Chairman. He has been 
relentless on this. I think it's safe to say that the 
committee--and I say this to you, Mr. Dunbar: I will take up 
with Director Coats--I will offer to Director Coats the 
committee being involved in the issue of reciprocity and how we 
bring agencies together to work through some of those things. 
It's not that the Director doesn't have the authority to do it. 
I think he's in full agreement with us. But sometimes having a 
Congressional piece involved in those provides the Director an 
additional stick that he might not have without us. So I'll 
make that offer to Dan, that we will be involved to that 
degree.
    Mr. Reid, I hope that your history with us, which is at 
least annual updates, if not faster, that you will continue 
those, and that this committee will have a real inside look 
into the success of the model you're setting up. Much of what 
we're able to accomplish from this point forward is because of 
the investment that you've made, not only today, but prior to 
this, and we're grateful for that.
    With this, this hearing is adjourned.
    [Whereupon, at 12:25 p.m., the hearing was adjourned.]

                         Supplemental Material
                         
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]