Jan Kallberg, PhD

Federal Times' Jan. 8 editorial ["Time to overhaul security clearance system"] proposed changes in the security clearance system.

Many of these proposed changes are straightforward: one unified government body that handles clearances, reciprocity among agencies to honor the clearance, and increased automation.

I would like to add another recommendation: peer reporting during the period the security clearance is held.

The process of clearing personnel would be faster if we could rely on automated vetting with limited additional manual research, and then add active peer reporting.

A structured clearance process at the entrance point can be trespassed, but peers watch and see things every day.

The weakness of centralized security clearances is the lack of proximity to the individual and the behaviors of the person. In a centralized vetting process, there are rules and parameters the person in question needs to pass.

The structure and processes of these procedures are often identified and well known. This opens the opportunity for a number of individuals to "fly under the radar" because they know how to play the system.

Once a culture of "flying under the radar" is established, bad behavior, deviation from policy and unacceptable security breaches will be a subculture in an organization. The bad behavior prevails over the vetting mechanisms.

The higher degree of automation, the less the authorizing agency knows about the behaviors of the individual.

In general, inside threats are seldom detected early enough to avoid a major breach of trust.

After an insider threat has been revealed, fragments of information circulating in the perpetrator's work environment suddenly fall in place. No one has stepped forward and reported their concerns as the threshold to report is high.

As an example, after the fatal shootings at Fort Hood, Texas, it was obvious that the shooter was not mentally stable before the fatal event and his condition had been observed by peers.

WikiLeaks' release of classified documents is another example where there were indications that the accused, Pfc. Bradley Manning, was troubled.

The defense in the Wiki-Leaks case claims that Manning was so emotionally distressed that it was careless of the Defense Department to give him access to classified documents. In a peer reporting environment, it is likely that Manning would have been identified as a risk.

Why do we need peer reporting? The problem is that the collegial bond is stronger than the concern. The threshold to report unacceptable or risky behaviors among co-workers is too high.

We need to establish alternative thresholds that are lower and catalyze increased reporting and self-disclosure of behaviors that are potential or existing security threats.

But if the threshold is too low, it will create noise in the reporting channel with office politics and backstabbing. If we can place a man on the moon, we can figure out a balanced equilibrium for the threshold.

Reporting and self-disclosure is based on trust. If the security management is trusted, it will prevail over collegial bonds and minimize internal threats and security breaches.

If we establish active peer reporting of security concerns and obvious deviations from rules, and maybe also add positive information, it could open an opportunity to reform the security clearance process and increase government efficiency.

Peer reporting fills the role of long-range monitoring of behaviors and conduct, leading to personal profiles similar to credit reports.

Characters are formed, tested and changed over time. The only feasible way to address these changes is to utilize the peers' ability to witness and identify character failure.

via www.federaltimes.com