By: Tom Miller
Anyone who has pursued a job in security, whether in the public or private sector, is aware of the thorough and lengthy process it takes to attain a government security clearance even after being hired for a position. A trusted workforce is key for security organizations and companies.
The Defense Counterintelligence and Security Agency’s (DCSA) most recent numbers show that it currently takes 121 days to obtain a Top Secret security clearance, and 95 days to obtain a Secret clearance for the fastest 90% of DoD/Industry applicants. These statistics underscore the need to make sure that once an employee makes it through the process, they are supported and monitored in a way that ensures they do not jeopardize classified or confidential data or engage in any other risky behaviors that could compromise their security clearance.
In order to make security clearance and federal workforce mobility more efficient, secure, and safe, the Office of the Director of National Intelligence (ODNI) National Counterintelligence and the Office of Personnel Management (OPM) launched Trusted Workforce (TW) 2.0 in 2018. TW 2.0 is a whole-of-government background investigation reform effort that is overhauling the personnel vetting process by establishing a government-wide system to enhance security. The result is an innovative and transformational model that is built to handle today’s “complex missions, societal norms, threat landscape, changing workforce, and evolving technology.”
TW 2.0 replaces the aging, often cumbersome process of issuing security clearances and monitoring cleared employees only at the workplace or with periodic reviews (PR). An anchor of the initiative is the move from time-based employee check-ups to an automated record-checking system providing a Continuous Evaluation (CE) model in real-time.
With this system, DCSA is able to collect employee data with automatic records checks to evaluate employee suitability to hold their clearance and access classified data, rather than having periodic time-based background checks. A Continuous Vetting(CV) solution provides real-time event-based alerting of behavioral indicators of risk and enables organizations to better mitigate risk early by connecting employees with the resources they need to help them course correct.
Especially in security jobs, where clearances take time to be fully adjudicated, and time-based checks open gaps. Continuous vetting lets companies identify and address potential employee problems before they become a greater issue that may result in their loss of clearance, thus forcing the company to begin the process all over again with a new employee. TW 2.0 seeks to address this issue and leads to reduced risk and greater employee retention in the long term.
An Intelligence and National Security Alliance (INSA) study found that the government lost talent, productivity, and taxpayer dollars because it took months to re-investigate individuals that were sometimes already cleared. TW 2.0 better supports agencies’ missions by reducing the time required to bring new hires on board, enabling mobility of the Federal workforce, and improving insight into workforce behaviors.
As we approach the new year, many companies are conducting end-of-year evaluations and reviews and looking at ways to better monitor and support their workforce. Trusted Workforce 2.0 presents one such solution for cleared companies and organizations to address these issues that many professionals face, especially in the cybersecurity and governmental sectors.
In advance of the complete Fiscal Year 2024 rollout, the federal government has set concrete intermediary milestones while rolling out TW 2.0 so that companies can begin to implement continuous evaluation while the few remaining pieces of the program are being rolled out.
Yet, Zero Trust models have dominated the cybersecurity space, requiring employees to reestablish trust every time they enter the network. It’s a one-sided approach that asks employees to trust that their organizational processes are open and nonbiased, while not receiving the same trust and transparency in return.
Innovative thinking such as TW 2.0 that deploys systems anchored on compliance and privacy-focused on protecting the organization and workforce are key as we move into 2023 and beyond. TW 2.0 is ultimately designed to deliver what its name promises: A trusted workforce that affords managers, cybersecurity professionals, and other stakeholders greater peace of mind.
ClearForce is a proud supporter of The Cyber Guild’s mission to engage and inform policymakers, practitioners, and professionals about forward-leaning ideas and good practices in the cybersecurity space for a more secure world. The overarching focus of The Cyber Guild’s mission is to form a powerful coalition amongst those who share the common goal to establish a sustainable and more diverse cyber workforce. Check out other articles written by ClearForce here.
Tom Miller is co-founder and CEO of ClearForce, a cyber and employee risk management company based in Vienna, VA. Tom has more than 25 years of analytic and risk management experience, having consulted for many of the top U.S. banks, published numerous articles, and presented topics at industry events and conferences related to risk management, insider threats, and the application of analytic technology and policy.