The Defense Counterintelligence and Security Agency (DCSA) is implementing an ambitious plan to transform the nation’s legacy personnel vetting process to ensure a trusted workforce throughout DoD, government and industry with a state-of-the-art system continuously vetting the nation’s cleared national security population.
The plan requires a massive communications effort through the agency’s internal and external media venues and social media platforms to publish press releases, news announcements and information updates apprising U.S. clearance holders and the public about the latest developments related to the reformed security clearance investigation process known as Trusted Workforce (TW) 2.0.
DCSA Director William Lietzau – in concert with senior leaders from the executive branch’s Performance Accountability Council (PAC) – leads the effort to inform and explain the Trusted Workforce Program and its continuous vetting capability to military, government and contractor personnel at various events and symposiums in addition to briefings and interviews with broadcast, print and digital news media, including journalists representing trade and defense publications.
“Well before DCSA's stand up in 2019, U.S. policymakers worked to design a reformed personnel vetting policy based on a single secure vetting system for the country,” Lietzau told reporters at a press briefing held at the Pentagon. “The central component to that system is the continuous vetting of individuals in positions of trust who require a security clearance. That policy, called Trusted Workforce 2.0, is the culmination of a whole of government personnel reform effort that is overhauling the vetting process.”
Trusted Workforce 2.0
The TW 2.0 reform effort transforms the personnel vetting process and realigns it as one, government-wide system enhancing security while allowing reciprocity across organizations.
Moreover, the continuous vetting within TW 2.0 will fully replace periodic reinvestigations by employing a full suite of automated record checks; time and event-triggered activities; and analysis of agency-specific information through the National Background Investigative Services (NBIS). It fundamentally changes how the government establishes and maintains trust in the workforce with a continuous risk assessment model enabled by a new end-to-end suite of technology to meet the dynamic needs of the 21st century in support of the national security mission.
"We have been charged with implementing the Continuous Vetting Program and truly driving what that policy reform looks like," said Heather Green, DCSA assistant director, Vetting Risk Operations. "This includes our designs, plans and processes coupled with the secure information technology required to deliver that reform effort – specifically, continuous vetting. Our goal is to get ahead of potential insider threats through timely information sharing and mitigation actions."
The PAC – continuously advising DCSA on Trusted Workforce plans and policies – is comprised of the director of National Intelligence as the security executive agent, the Office of Personnel Management director as the suitability and credentialing executive agent, the Undersecretary of Defense for Intelligence and Security, and the Office of Management and Budget’s deputy director for management as principal members. Their guidance and collaboration with DCSA resulted in the risk-reducing phased approach of TW 1.25 and TW 1.5.
“We are incredibly grateful to DCSA leadership for bringing us to where we are with Trusted Workforce 2.0,” said Matt Eanes, director of the PAC’s Program Management Office, which coordinates the government-wide TW 2.0 transformation. “There are over four million people enrolled in continuous vetting capabilities who won’t have to complete a periodic reinvestigation again. That could not have happened without DCSA’s implementation efforts. I don’t think anyone could have imagined a year ago that we would be here in 2021 with the DoD, government and industry national security sensitive population fully enrolled.”
Trusted Workforce 1.25
DCSA accomplished the first step toward TW 2.0 in October 2021 by enrolling all of DoD and some federal agencies into an initial version of the Continuous Vetting Program via TW 1.25, which deferred the requirement for periodic reinvestigations by applying a risk-managed approach with select automated record checks.
Within a week of that step, Lietzau and Green held separate interviews with the media to announce the DoD full enrollment milestone while explaining how the TW 1.25 and TW 1.5 transitional phases will provide continuous vetting for all national security sensitive positions until the full TW 2.0 capability is ready in 2023.
“The speed to capability for Trusted Workforce 1.25 high-value automated record checks is a great example of a diverse group of folks within the agency coming together and focusing on a single mission-oriented goal,” said Program Executive Officer Terry Carpenter. “The acquisition program coordinated and collaborated with five or six agency offices leveraging existing technology for a secure operational capability that supported both DoD and federal components. This really demonstrates how agile IT system development can support meaningful and incremental mission outcomes to reach Trusted Workforce 2.0 capabilities.”
The TW 1.25 capability enabled early adoption of important TW 2.0 reforms, particularly the continuous vetting of personnel with high-value data sources. The service performs continuous automated record checks against terrorism, criminal and eligibility data sources on a daily basis. It also delivers alert management, real time threat analysis and reporting.
“Designing and implementing a new Trusted Workforce service in a short timeframe required coordinated effort across the agency,” said Juli MacDonald, senior advisor for Change Management and Strategic Planning in DCSA’s Chief Strategy Office. “Our Vetting Risk Operations and information technology folks worked hard to establish processes and solve every problem while the financial management team designed and initiated a new billing concept with procedures to make our vision become a reality on time.”
The financial management team’s communication to customers regarding the billing and price structure includes guidance about a new way they will pay for the Trusted Workforce service.
“The agencies will subscribe to a monthly service and have to know how to budget for it,” said Jack Jibilian, DCSA Working Capital Fund Operations chief. “There’s a lot of change management involved while working with our stakeholders to understand the new funding and billing methodology as we communicate the new way we’re doing business to our DoD, other federal agency, and industry customers. Although we are still analyzing our customer’s future costs for the full TW 1.5 service versus legacy background investigation products and services, they will certainly need to build their annual budgets much differently.”
Now that DoD and federal agencies are enrolled in TW 1.25, the next milestone is to work towards full enrollment in the second phase, TW 1.5.
“This is an incredible accomplishment and a major milestone for the national security community,” said Lietzau. “Not only does this allow us to help ensure the trustworthiness of the national security workforce, it helps identify and address factors that may lead to insider threat incidents, all while maximizing efficiencies across government. This is a major win for the security community.”
Lietzau – speaking about the progress and impact of the TW 1.25 and TW 1.5 phases to TW 2.0 – told the Defense Strategies Institute Counter Insider Threat Symposium on Oct. 20 that "we are on a good trajectory with Trusted Workforce 2.0," adding that “it’s a major improvement of how we identify people and prevent potential threats."
When DCSA receives an alert about a possible threat, the agency assesses whether the alert is valid and requires further investigation and adjudication. The continuous vetting system via TW 1.25 has issued a multitude of alert information to the DCSA team for investigation and validation years before clearance holders’ next periodic reinvestigation.
Lietzau cited recent examples where continuous vetting alerts enabled DCSA to take appropriate action.
In one case, the system identified a security clearance holder under “an active investigation by another agency for potential terrorism activities, including a plan targeting United States facilities and ties to known or suspected terrorists.”
Lietzau recalled another case that involved an arrest warrant. Once alerted by the continuous vetting system about a federal employee accused of attempted murder and felonious assault, DCSA contacted law enforcement to confirm the individual’s identity and provided information that helped police apprehend the suspect.
Trusted Workforce 1.5
Currently, select agency clearance holders are being enrolled into the automated TW 1.5 compliant capability that expands on TW 1.25 capability by continuously checking additional record sources comprising eligibility, terrorism, criminal activity, foreign travel, suspicious financial activity, credit bureau and public records.
TW 1.5 also features agency-specific records ranging from insider threat programs and security violation incidents to self-reported information and investigative work such as local law enforcement, employment conduct and subject interviews.
Meanwhile, the agency’s NBIS team is transforming the background investigation process to deliver stronger security, faster processing and better information sharing – replacing a suite of outdated, legacy IT systems.
NBIS
“I have a team of heroes who figured out how to conduct design and development activities virtually during the pandemic,” said Jeff Smith, NBIS executive program manager, regarding the new personnel vetting information technology system’s development. “We positioned people in areas where they could develop, sanitize and promote the code adhering to cybersecurity best practices. Writing code at home can be done and dispersed in a virtual world but we had a responsibility to coordinate and make sure when we brought back in all the code – that it was integrated, cleansed and passed various cybersecurity checks to make sure it was production ready. From this position, we were then able to promote code into test environments to fully verify and validate NBIS functionality prior to deployment.”
NBIS and its advanced functionality to coordinate and connect the systems, interfaces and databases supporting continuous vetting, serves as a critical shared service enabling the future state TW 2.0 capabilities.
“Our team had to be transformed into an acquisition competency aligned organization in order to apply and focus resources towards the objective – transforming the personnel vetting mission via NBIS,” said Smith. “We, DCSA have actually developed our own acquisition command within the agency to develop and manage acquisition programs such as NBIS. This is a unique construct – to have an acquisition command placed within an operational command to meet mission objectives.”
Smith and his team are planning and deploying iterative NBIS capability deployment that involves onboarding and adoption in a phased approach. This gradual rollout is designed to ensure NBIS capabilities have gone through significant government and user acceptance testing while DCSA fine-tunes the onboarding process for the best customer experience.
"The DCSA team's dedication and hard work to overcome obstacles enabled personnel security reform efforts via continuous vetting to become a reality for the federal enterprise," said Green. "The team met our challenging continuous vetting enrollment goals while developing a new capability to identify derogatory information earlier than the traditional periodic reinvestigation. I'm very proud of their accomplishments to grow and build a very robust vetting program that will protect national security."
Benefits of Trusted Workforce 2.0 and Continuous Vetting
TW 2.0 is a bold, transformational approach that fundamentally changes the way the government establishes and maintains trust in the workforce. It shifts personnel vetting from evaluations every five to ten years to a continuous risk assessment model enabled by a new end-to-end suite of technology. It is designed to meet the dynamic needs of the 21st century in support of mission:
- Responsiveness to the mission will drive every aspect of personnel vetting. At its core, TW 2.0 reform is focused on delivering and maintaining a trusted workforce consisting of federal employees and contractors who are trusted to deliver on the mission, provide excellent service and demonstrate effective stewardship of taxpayer funds. Everything is accomplished through a mission-centric lens to deliver a trusted workforce to support the mission.
- The mobility of the trusted workforce is enabled as trusted individuals are available to support the mission where and when needed. This mobility unlocks the government’s ability to deliver better services to the nation. It is accomplished by reducing complexity – removing friction from the process – to accelerate employee onboarding and knock down barriers to workforce movement between and within federal agencies and government contractors. Mobility is responsive to the mission, allowing individuals to move in and out of government seamlessly, driving innovation and making trusted individuals available to respond to agency priorities.
- Generating insight for decision-makers through earlier identification of indicators regarding behaviors of concern. This early awareness enables mission accomplishment by helping individuals who need assistance or by intervening in a situation when necessary. Continuous vetting in lieu of periodic reinvestigations, advancements in data analytics and improved information-sharing promote employee engagement before concerns evolve into more serious issues and enables decision-makers to make more timely and informed responses to potential threats. By helping individuals earlier, we keep trusted individuals on the job while removing those who might negatively impact the mission.