Feds Embrace Big Data to Battle Insiders, Terrorists

The Situation Report received a flash message from our Defense Manpower Data Center outpost that the Pentagon agency may have experienced a small problem with employees searching for their own personnel files on the Joint Personnel Adjudication System (JPAS). Sophisticated readers will know JPAS as the Defense Department’s system of record for maintaining security clearance eligibility determinations.

“Notifications will be emailed to users who have violated JPAS policy by querying and/or looking up their own record within the last 30 days as a warning to the user,” according to a notice posted to agency employees.

The issue is acutally a serious security concern. When an employee searches for his or her own name in security clearance or investigation databases it should be an immediate red flag for a potential counterintelligence threat. Sure, many are probably just curious to know what dirt might have been dug up when their clearance was granted. But does the name Robert Philip Hanssen ring a bell? Hanssen was the former FBI agent who spied for the Soviet and Russian intelligence services undetected for 22 years. One of the lessons to come out of the Hanssen case involved his ability to leverage his authorized access to a bureau database to search for his own name and determine if he was under FBI investigation.

Insider Threat Progress?

The DMDC situation certainly doesn’t paint a picture of a defense establishment that has learned the tough lessons of the past when it comes to insider threat detection—Hanssen, after all, was arrested 15 years ago. But a 2015 Pentagon report, released Dec. 23 in response to a Freedom of Information Act request by the Federation of American Scientists, contends that the Defense Department’s Continuous Evaluation (CE) program is making great strides to leverage big data to stay ahead of potential changes in an employee’s suitability for holding a security clearance.

According to the report, written by Undersecretary of Defense Robert Vickers, the department has directed pilot programs to test its CE efforts on more than 100,000 servicemembers and civilian employees. The goal of the pilot projects is to evaluate the data sources, business rules, and procedures to eventually replace the periodic reinvestigation requirement for secret and confidential clearance holders. But Steven Aftergood, the director of the Project of Government Secrecy at FAS, points out that the best way to reduce the insider threat is to reduce the number of potential insiders. And if that’s truly the best method, then the Defense Department is, indeed, making some progress, eliminating 800,000 security clearances during the last two years.

OPM Stonewalling Congress

As the Dec. 17 Situation Report detailed, the Office of Personnel Management may have multiple reasons for not providing Congress all of the documents it has related to the massive data breach involving personnel security clearance investigations.

“OPM has unduly burdened committee investigators by apply unnecessary and unexplainable redactions,” said House Committee on Oversight and Government Reform Chairman Rep. Jason Chaffetz, R-Utah, during a hearing Wednesday into Executive Branch agencies withholding information from Congress. “The extraordinary lengths to which OPM has gone to keep basic information from the committee leaves us with the conclusion that perhaps they have a lot to hide.”

Our Capitol Hill observation post picked up some encrypted signals that OPM is concerned about IP addresses and user names of “users” who were on the agency’s network at the time of the intrusion and exfiltration of documents. The concern is so high that OPM opted to deliver reams of documents containing nothing but blacked-out redacted pages.

“These redactions are consistent with those employed by other Federal agencies, and were based on security recommendations from OPM IT security professionals and in consultation with interagency cyber experts,” said Jason Levine, the director of the Office of Congressional, Legislative, and Intergovernmental Affairs at OPM. “Additional redactions were also made for reasons of longstanding Executive branch confidentiality interests.”

Levine testified alongside officials from the departments of State, Justice and Homeland Security—all of whom were taken to task for their agencies’ failure to provide Congress with documents and answers to questions.

“I have to question whether or not you guys respect the constitutional authority that’s invested in this committee,” Rep. Gary Palmer, R-Ala., said. “There’s a pattern here.”