Approximately 3.6 million people – military, civilian personnel and contractors – with up-to-date security clearances have now been enrolled in the Defense Counterintelligence and Security Agency’s current continuous monitoring program.
Continuous monitoring will eventually replace periodic re-investigations, which are conducted every 10 years for employees with a secret authorization and five years for those with a top secret authorization. It will also include DOD staff who do not have authorization, according to Heather Green, deputy director of risk control operations for DCSA.
This brings the agency and federal government closer to its Trusted Workforce, or TW 2.0, the goal of providing ongoing monitoring to the entire DOD, as well as other members of government outside of it. of the department, she said. TW 2.0 is expected to be phased in over the next few years.
Continuous verification is now at the TW 1.25 stage, which means that the DCSA receives automated records from government and commercial data sources based on federal survey standards. The national background investigation services, a component of the DCSA, then operate an automated system that analyzes the data for alerts that may point to potential problems or other suspicious or criminal activity. she declared.
âWe developed this to provide this initial version of continuous verification, focusing on high-value data sources through automated record verifications. These ongoing records checks that are enabled right now mean that potential risk issues to an individual’s reliability that may have taken years to uncover in the past are now identified and addressed in very close to real-time data â , Green said.
An example of the success of TW 1.25: The DCSA team received an alert on July 31 that there was a fugitive arrest warrant for attempted murder, felony assault and other charges related to an incident that occurred the day before, said Green.
The team immediately validated the alert, then shared this information with the subject’s security officer and law enforcement. This person was apprehended and removed from the security gate, she said.
“If we had not registered this person for continuous monitoring, it is very likely that we would not have been made aware of the situation until the next periodic investigation, which would have taken place 5 and a half years later,” said she declared.
While continuous verification is now operational, Green said she would encourage anyone with issues, such as financial issues, to proactively report it to their security manager. âSelf-report is an essential part of continuous verification and we prefer to have knowledge of the incident already before an alert is generated in the system,â she said.
Green also said that the person who shares their concerns with their security official will most likely receive some sort of help so that the issue does not escalate and become a potential insider threat.