Security Clearance, Cybersecurity Among GAO High Risk Areas

Every other year, the U.S. Government Accountability Office (GAO) releases a report identifying and updating the status of numerous high-risk areas across the federal government. According to GAO, the report has led to savings of nearly $350 billion over the past 13 years, or approximately $27 billion a year, because of the implementation of solutions recommended within it.

According to Oversight Committee Chairman Elijah E. Cummings’ opening statement on March 6, “improving high-risk programs can have a very real impact on Americans’ lives. If implemented correctly, this year’s recommendations would improve healthcare for veterans, protect Americans from toxic chemicals, make our food safer, and help stem the deadly tide of opioid addiction.”

One new high-risk area included in the report this year is the governmentwide personnel security clearance process. Another area, which GAO has identified as needing especially focused executive and congressional attention, is cybersecurity.

The governmentwide personnel security clearance process was identified as a high-risk area in January 2018 because the process is complicated by the need to process clearances in a timely manner: “The executive branch has been unable to process personnel security clearances within established timeliness objectives, contributing to a backlog that the [National Background Investigations Bureau] NBIB reported to be approximately 565,000 cases as of February 2019,” the report stated.

The executive branch has focused on reducing the backlog of cases, but there has been no corresponding measure to secure the quality of background investigations.

Additionally, the administration proposed transferring background investigations from the Office of Personnel Management’s (OPM) NBIB to the Defense Department (DoD) in June 2018.  DoD has resources in place to develop National Background Investigation Services (NBIS), is looking into needed system capabilities and is starting to pilot its services on a small scale. However, the resources to fully implement NBIS remain undefined, according to officials.

A Jan. 28 memo from David L. Norquist, who is performing the duties of the Deputy Secretary of Defense, directs the move of NBIS from the Defense Information Systems Agency to the Director of Defense Security Service (DSS). (You can read more about the realignment here.)

The GAO report also pointed to the lack of a comprehensive strategy to tackle cybersecurity issues across federal agencies. The cybersecurity coordinator position at the White House was terminated in 2018, so there is a vacant position for a dedicated leader to address cybersecurity.

Since 2010, GAO has made over 3,000 cybersecurity recommendations to agencies, 35 of which were designated priority recommendations that included addressing cybersecurity workforce management challenges and developing and carrying out a more all-encompassing federal cybersecurity strategy. As of December 2018, 26 of those priority recommendations were not fully implemented, and 700 overall recommendations were not fully addressed.

The report “provides a roadmap for improving our federal government,” Cummings stated. “But GAO’s recommendations can be turned into effective reforms only with cooperation and leadership from the President and the Executive Branch agencies.”

Leave a Comment

One Comment

Leave a Reply

Uyen Nguyen

Very interesting! Do you know why the White House cybersecurity coordinator position was terminated? Does it have anything to do with the the lack of a comprehensive cybersecurity strategy? Or is that a result of the termination?