CHAPTER 7. A JOINT INVESTIGATIVE SERVICE
The Commission has examined the organizational arrangements in the Department of
Defense and the Intelligence Community for the performance of personnel security
background investigations and industrial security functions. The Commission believes that
the effectiveness of these activities can be substantially improved by the establishment
of a new joint investigative service.
For the DoD, virtually all personnel security background investigations for civilian,
military and contractor personnel are conducted by the Defense Investigative Service
(DIS). In the Intelligence Community, personnel security background investigations are
conducted by the DIS for the DoD component, including the NSA and the DIA. The CIA and the
NRO have their own internal organizations that conduct or contract out background
investigations for their employees and contractor personnel. The NSA also has an internal
investigative organization that performs a limited number of background investigations.
The DIS also performs, for the DoD, all initial industrial facility certifications
which establish that a contractor facility is eligible to receive classified information.
The DIS then performs a full range of industrial security functions, such as periodic
inspections and assistance visits, for all cleared facilities except for all Navy special
access programs and for certain Air Force special access programs. This contrasts with the
Intelligence Community's decentralized approach that emphasizes integration of security
with program management teams.
Personnel Security Investigations
The Commission believes that one of the more effective means of reducing overall
personnel security costs, while enhancing the security posture of our nation, would be to
reorganize current investigative resources and thoroughly modernize the process of
gathering, investigating, reporting, and storing background investigative information. A
previous section of this report outlined the substantial savings to be realized through
improving the timeliness of the investigative product. However, we also heard from the end
users that the investigative products they receive are uneven in quality and completeness.
Because of this, organizations often upscope investigations completed by other
investigative organizations, or otherwise invest in additional types of vetting mediums,
to establish greater confidence in their personnel. For example, a major SAP contracts out
investigations rather than take advantage of "free" investigations provided by
the DIS because of concerns about quality and timeliness.
The Commission believes that establishing measurable objectives to improve the
timeliness and quality of investigations offers a solution to at least part of the
problem. However, the current deficiencies and impending budget reductions casts doubt on
improving the situation under the present organizational structure. For example, the DIS
faces a 25 percent budget reduction over the next 4 years. Therefore, the Commission
believes decisive and innovative action must be taken to resolve these problems.
The Commission proposes forming a new joint personnel security investigative
organization for the DoD and the Intelligence Community. A new organization is needed to:
establish progressive leadership; realize savings in manpower and personnel; maximize
economies of scale; achieve commonalty of product; provide a single focus for implementing
technological improvements and efficiencies; and enhance professionalism and career
opportunities.
The new joint investigative service would be charged with conducting all personnel
security background investigations for military members, civilian employees and
contractors of the DoD, the CIA, the NRO, the NSA and all other entities reporting to the
Secretary of Defense and the Director of Central Intelligence. The only exceptions to the
investigative jurisdiction of the joint investigative service should be: 1) investigations
of cabinet officials and political appointees currently performed by the FBI; 2)
investigations of new civilian employees hired into the DoD and the Intelligence Community
who occupy nonsensitive positions and, therefore, fall under the jurisdiction of the OPM,
and; 3) personnel specifically exempted by the Director of Central Intelligence.
The Commission proposes that the joint investigative service be established by
incorporating the personnel security investigative elements and resources of the DIS, the
NSA, the NRO and the CIA. The Commission further recommends that the joint investigative
service be staffed with both full-time investigators and rotational personnel from the
security offices of the various agencies that it serves. This would facilitate
communication between the investigative agency and its customers, and would provide
government security officers with an opportunity to gain valuable investigative
experience. The joint investigative service should also establish specific units to handle
individuals with cover considerations, reporting these investigations through secure
channels. Moreover, the joint investigative service would contract out domestic
investigations when appropriate, such as priority investigations, and pursue overseas
leads using in-place military and government resources on a reimbursable basis. However,
individual agencies would continue to conduct their own special investigations, such as
counterintelligence and criminal investigations, and perform their own adjudications.
The Commission believes that the joint investigative service should be industrially
funded. The most efficient and customer responsive agencies are those that operate on a
fee-for-service basis. For example, the Commission learned that until the OPM became
industrially funded, it had a relatively poor reputation for delivering a timely, quality
investigative product. Since instituting a revolving fund mechanism, the OPM has cut
investigation times dramatically, initiated many innovative automation linkages with
customer agencies, and, according to customers, improved the quality of its
investigations.
The Commission recommends that a joint investigative service be established that
performs all personnel security background investigations on a fee-for-service basis for
the DoD, the NSA, the NRO, the CIA and other organizations that report to the Secretary of
Defense or the Director of Central Intelligence.
Industrial Security
With respect to industrial security, the Commission found two distinct approaches to
the protection of classified information by contractors: centralized and decentralized.
The CIA, the NRO, the NSA and some of the DoD special access programs integrate security
into program management. This decentralized approach integrates small security elements
into program management teams with core security functions provided by a centralized
service. Security is part of the program management team and provides direct support to
organizational goals. The disadvantage of this approach is that it has, in some cases,
worked against standardization and reciprocity. Particular SAP program offices have
adopted their own security procedures. The centralized approach embodied in the DIS seeks
to leverage limited resources through standardized practices and procedures, generally
independent of specific contracts or programs. Disadvantages of a centralized approach
include inflexibility, distance from the customer, lack of direct accountability, and a
system based on achieving security goals independent of organizational goals.
On balance, the Commission has found the programmatic approach to industrial security
to be superior to the traditional centralized approach of frequent inspections to measure
compliance with a detailed manual of security rules. The program-oriented approach brings
security closer to the customer and provides greater flexibility to handle program issues.
This structure also makes security directly accountable for the quality and timeliness of
its service. Contractors appear to prefer the flexibility of a programmatic approach, but
insist that common standards are needed for reciprocity.
The Commission believes that a core industrial security function located within the
joint investigative service would benefit the Defense and Intelligence Communities. The
new organization should be responsible for initial facility clearances, for the previously
recommended facility registration data base, and for all determinations concerning foreign
ownership, control and influence (FOCI), as discussed earlier in chapter 6. The new
organization should provide an industrial security service to those Defense and
Intelligence Community program offices for which a joint industrial security program is
most effective. It would also provide this service to non-Defense and Intelligence
Community agencies, as the DIS has done in the past. It will centralize, as a core
service, the staff to provide accreditation of facilities, technical and computer security
expertise, guidance to handle treaty inspections, central records, and representation to
industry and government forums. The new organization should promote standardization and
responsiveness to customers and coordinate the industrial security inspections previously
discussed in chapter 5. It should draw upon the experience of the industrial security
program of the NRO, which has made great progress in recent years in combining a
programmatic orientation with greater standardization.
The Commission emphasizes that the new organization must break with the past practices
which have tended to focus on frequent inspections for compliance with a detailed
regulatory manual. Industrial security should be a service to the contract program office,
with security performance measured in terms of mission accomplishment rather than
adherence to detailed security rules. The joint investigative service should view its
industrial security functions as a service to be used where a joint organization is more
efficient and economical. The Commission does not intend to force into joint organizations
those program offices in the CIA, the NRO, the NSA and certain SAPs that function better
by maintaining their own industrial security capabilities. The Secretary of Defense and
the Director of Central Intelligence will retain the discretion to authorize separate
industrial security offices for specific programs.
The Commission recognizes that this decentralization of execution of industrial
security runs a risk that general standards will not be applied uniformly. Indeed, a major
disadvantage of the separate SAP industrial security programs in the past has been their
adoption of unique security procedures that added multiple burdens to industry which
translated into increased, unjustifiable costs to the government. One purpose of
establishing a single classification level with two degrees of protection is to
standardize the security requirements for the controlled access programs. The security
executive committee should ensure that the standards are applied properly, and the joint
investigative service should provide a channel through which industry may bring concerns
to the attention of the security executive committee.
The Commission recommends that a joint investigative service perform industrial
security services of common concern for the Defense and Intelligence Communities, as
determined by the security executive committee and in accordance with a programmatic,
customer-service approach.
Establishment of a Joint Investigative Service
For the reasons set forth above, the Commission has concluded that the Secretary of
Defense and the Director of Central Intelligence should establish a joint investigative
service to conduct all personnel security background investigations and updates for
components of the Department of Defense and Intelligence Community, as well as their
contractors, and to perform those industrial security functions that can better be done
jointly. The advantages include economies of scale, greater commonality, more uniform
implementation of standards, and increased professionalism and career opportunities.
The new organization should draw its personnel and resources from existing security
organizations in the Defense Department and Intelligence Community. It should take its
policy guidance from the security executive committee. While the Commission does not wish
to prescribe the organizational details for a joint investigative service, one model is
the Central Imagery Office (CIO). The Director of the CIO is appointed by the Secretary of
Defense on the recommendation of the Director of Central Intelligence. Consideration
should also be given to other joint DoD-DCI models that have been adopted for different
functions. The joint investigative service could report to the Secretary of Defense and
the Director of Central Intelligence directly or through a senior official designated by
them. Above all, the Commission urges that the establishment and direction of the joint
investigative service receive sustained, high-level attention, which has not been the case
with the Defense Investigative Service over the years.
The Commission recommends that the joint investigative service be established by the
Secretary of Defense and the Director of Central Intelligence, that its resources be drawn
from existing security organizations, and that it report jointly to the Secretary of
Defense and the Director of Central Intelligence.
To proceed to Chapter Eight click here.
| |
Report
....................
Chapters
|