now browsing by tag
Source: Rapid7 – Security Street
I read this post on Rapid7’s Security Street today, and it made me think about all the hardships, and difficulty I’ve had working with clearances in the past. Not to mention the contractor -> civilian -> contractor -> civilian -> contractor messes I’ve seen in regards to clearances.
This article covers the very tip-top of issues associated with getting a US Government security clearance, and doesn’t dive much deeper than the wading pool of issues associated with getting a government security clearance.
So, with my past experience with government security clearances, here are my issues, with them, in no particular order; and these are all associated with either me, or close friends of mine.
1. Lack or reciprocity between clearances. For this example, I bring up something similar to the Department of Energy (DOE) Q clearance vs. the Depart of Defense (DoD) Top Secret (TS) clearance. On paper, and responsibilities, many similarities between the two, many say they are 100% reciprocal with one another. However, that is not the case. Many security officers in the DoD are completely unfamiliar with what a Q clearance is; and are completely unaware of any reciprocity that exists between the two clearances. But the big question is, why is there 2 different clearance systems associated with the U.S. government? Why is there not a single standard (I’m guessing since the Top Secret clearance in the DoD is much more well-known, that it would be the predominant one)?
Many might say, the access I have with a DOE Q is different than what I have with a DoD TS, which is true, however, there are many different categorizations of each of these individual clearances that a person must get cleared for as well (You can read more about SCI here).
Not only do you have the differences between the DOE Q vs DoD TS, but you have differences between TS clearances. Completely theoretical here, but if you have a TS clearance that you received as a DoD contractor and then you were to go work for the FBI, with your TS clearance, they would need to start the entire process over again, to get you vetted for your FBI TS clearance. I’m not even talking any of the SCI programs here, just clearances in general.
So, specifically relating to the article at Rapid7; if a person has their Q clearance (because their primary business role is associated with the DOE), and the FBI wants to talk to them, about a sensitive subject, that requires a TS, they would be unable due to differences in clearances. Same could also apply for a DoD contractor in speaking with the FBI or the CIA.
2. Time to get clearances. When I original got my clearance, it took well over 18 months for them to process the paperwork, do the background information checks, and everything else associated with my clearance. Why would it take so long? At some point, you are going to blame government bureaucracy; and you’d probably be right.
Time becomes a very critical issue when you’re dealing with computer threats, and if you need to wait any significant amount of time, in order to get vetted for what the government is going to tell you, then it’s already taken far too long.
3. How about all the issues needed to get a clearance in the first place. How easy is it, for a “regular” non-governmental business (or employees of) to get clearances? I’m going to go out on a limb here, and guess extremely difficult. I found it hard enough to get clearances when working for contractor, that required clearances, let alone, a business that doesn’t specifically require clearances. I can only imagine the entire vetting process for a business like this to get clearances would be pretty extreme.
4. After the Snowden revalations, the government began to cut-back on the number of clearances they issue. How does this affect “regular” businesses attempting to get clearances? You’ve began restricting clearances to those people that need them, through their direct work with the DoD or the DOE, and now you want to offer them to general businesses that may, or may not have direct ties to any government agency?
5. What are the actual requirements to get a clearance anyways? Who knows all the guidelines? If you want to see the official cases on why people are denied or granted clearances, you can check out this website: Industrial Security Clearance Decisions
Are these reasons for people not getting clearances acceptable in your mind, or are they too stringent. That’s not for me to decide, but should be something you think about when applying for a clearance.