Think the islamic people who are not terrorists do not condemn them . They dont openly condemn them . Why is that . You have not heard any examples of that . There are stories in the paper that areut groups forming, muslim groups that are forming International Groups to criticize and denounce what isis is doing. Georgia, democrat, good morning. Caller good morning to you. I think the president s speech was on point. We are not going to militarily be able to destroy terrorism. We can slow them down, stop them from coming here, but we are not going to destroy terrorism altogether. Host i have to leave it there. Sorry for the abrupt stop. That brings in and to todays washington journal. We will be back tomorrow at 7 00 a. M. And now i want to bring it to the Wilson Center discussing the Government Security clearance process with a group who worked for previous administrations. I am very excited that we are doing something truly useful as host a panel is to discussion on security clearance, a next gen overhaul and if you dont know what next gen means, you should probably leave the hall. Todays problems are digital but our policies and politicians are analog. Anyone who has held a secret or topsecret clearance knows what i mean. Parts of our system fit the 19th century like the paper timecards we are stuck with at the Wilson Center, not kidding. Bottom line, if we want to work toward security, our approach to security clearance needs an overhaul asap. The way we do business right now has at least three serious problems. First, we are not getting the right people in the door. More than ever, we need individuals with Language Skills and cultural savvy working in National Security. Its too hard for a native arabic speaker to make it to the fbi. We also need folks another way around a keyboard. James komi has pointed out, its hard to attract that talent when you have zero tolerance for past marijuana use. Second, we are not catching the people who really do pose an insider threat. Whatever you think of edward snowden, and i dont think well of him, everyone can agree that it was too easy for him to get the access he got. We have to get smarter about using big data, open source collection, and behavioral analytics to flag possible security risks. We are getting smarter but are we smart enough . Third, after people make it into the system, we are not securing their information. That is a disservice to our dedicated Public Servants including some who are under deep cover as we speak. We must do better. And thehe rightech right approach, we can. We have a phenomenal panel here to suggest some 21stcentury solutions. Is aducing our speakers close friend of the Wilson Center, chris c who recently chair the nationalojum Security Council and now serves as a at the georgessor washington Elliott School for national affairs. He also contributed to a fabulous book on intelligence oversight that we are putting together with the nyu center on law and security and it will be released soon. From Oxford University press. Years,that, chris had 25 a quarter of a century with the vaunted lee hamilton, my predecessor here for 12 years. Before that, he was the chairman ofalued the House Foreign Affairs committee and recently received the president ial medal of honor. Chris was on the House Foreign Affairs committee for 15 years. And worked on the Iraq Study Group and was Deputy Director of the 9 11 commission with lee hamilton. Please join in welcoming him now. [applause] thank you. With profound thanks to the Wilson Center and president sponsoringpop for todays discussion, i believe that if we have a national on thisn the vegan issue that the views today will prevail. The case is compelling. Its my honor and pleasure to introduce the members of the panel. First a want to start with direct the honorable Charles E Allen who currently serves as the Security PolicyReform Council chair at the intelligence and National Security alliance and for the past six or so years, a principal at the chertoff group. It would be remiss for me to stop there. Mr. Allen has over 50 years of government service. He served as an undersecretary at the department of Homeland Security and assistant secretary before that and was the assistant director of Central Intelligence for collection. Tni worked closely and i have the highest regard for him. Further, to my left is the demps thejoan executive Vice President of Booz Allen Hamilton and served as theey, executive director of Central Intelligence for Community Management under president clinton and the executive director of the president s foreign intelligence advisory board. Given her responsibility for Community Management, her direct successor in that function is the director of National Intelligence. Right here,o my immediately to my right is the fort who isndall the director of Program Security in Cyber Security at raytheon and formerly, he was the assistant secretary of state and the bureau of intelligence and research at the department of state, a very fine organization. Right isay to my Douglas Thomas who is the director for counterintelligence operations and Corporate Investigations at Lockheed Martin. He is the principle that he director he served as the Deputy Director for counterintelligence and the u. S. Government. He has 35 years of Service Working on counterintelligence issues. He chaired the National Counterintelligence operations board. The case i would put to all of you is that the experience and the depth of perspective of those represented on this panel i think deserve attention. With that, why dont we begin with the first question. The question is, why do we need security clearance reform . Its simple and straightforward. I will ask everyone to speak for roughly three minutes to the question. I will begin with randy fort. Thank you very much and thank you for posting this event which i think is an important dialogue to have. People in the audience how many of you drive a 1950s automobile today . Anybody . Does anybody have a 1950s telephone you use . Is there anybody whose Television Set is a 1950s model . Anyone . When you go to the dentist, you or are1950s dentistry you looking for a little bit more advanced . 1950s as a Business Model is pretty much over except in the security clearance business area which is still mired in that decade in terms of the fundamental processing and mindset of how security is done. Hand toolhis bespoke we will go around and knock on doors and talk to people who dont know who you are and check those boxes and assume somehow that is yielding something. When it does not. For many years, that process has been all but oblivious to the changes in technology. Its not surprising that federal government was slow to recognize and respond to the pc revolution in the 1980s. They were slow to recognize and respond to the World Wide Web developments of the 90s, they were slow to recognize and respond to the social media revolution taking place in the early 2000s and we are seeing the same pattern today when it comes to mobility. Not a lot of ability to grasp and understand the impact and influences of these technologies which continue to double relentlessly in their capacity ands in speed and effectively. Ishave a system today that old, inefficient, ineffective, obsolete, slow, inaccurate, and, as weve learned with the opm announcements of the last several months, it is corrupt. We cannot even trust the information which is held in the various databases. Foreign powers have allegedly had access to that, not just taking it, but whatever they have been able to do to manipulate it. We are looking at a broken system. Its fundamentally broken and unreliable. This should be the opportunity 2015 andize that it is in a few weeks, it will be 2016. We are 15 of the way through the 21st century and yet we still are relying on the system which is mired in the middle of the last century. I think there is a good case to be made that its time to start looking to the future and these new technologies and figure out a better way to do business. Thank you. I want to mention that we are live on cspan. Next, i would like to turn to Charlie Allen. Thank you very much. Its a pleasure to be here at the Wilson Center again. I think what randy just outlined kind of sets the stage for the rest of the discussion. Its the broad framework we have to use with better technologies. That agencyt cia, worked reasonably well, not totally efficiently, trying to transfer nsa cleared officers get them assigned to my staff. An intervention by the executive director or by joan dempsey to make things happen. When i went to the department of Homeland Security where i would be undersecretary chertoff, i found the process slow and difficult. When i left government in 2009, it was my view that it was vital that the intelligence and National Security alliance through ellen mccarthy, i said i really want to form a task force. , ahas turned into a council more permanent body because we found the problems were really very difficult. We found there were great inefficiencies in the way we did costs werehat the truly high, whether you are in government because the and reform in terrorism prevention act, the office of Personnel Management in 2005, took over on the department of defense. Most of the responsibility for security clearances, the process in government improved because we did mandate some expedited processes on the government side. On the contractor side, and we have tens of thousands of contractors, we would not have weapon systems or payloads in space we do not have contractors with great specialties. Slowund that was extremely and very difficult and that the government really was moving at glacial speed. Is peoplee problem who had clearances, it was mandated they had periodic investigations every five years. We had a huge backlog when the office of Personnel Management took over the responsibility. It had been worked on hard by jim clapper was the undersecretary of defense for intelligence. It improved on the government side but not at the contractor side rate we published a paper in december, 2011 which said contractors who were to be put on a contract could not work because their pr ironic their periodic re investigations were out of date and i caused billions of dollars in you think of the vastness of the Intelligence Community and Homeland Security. I found that very staggering. I had one experience where we had a topsecret seicleared officer from dia had relatives in vietnam. He had been polygraph for counterintelligence. I wanted to transfer him from dia to the department of Homeland Security. Months to get approvedrance past and by the director of security and Homeland Security. When i arrived at these National Security alliance, and is burning issue and it has now turned into a council, a Permanent Council of subcommittees. Im greatly honored we have randy ford here who has worked on the Technology Subcommittee and talk thomas who was working today on a new subcommittee on the insider threat. It has expanded and become permanent, improvements have been made, but we have oceans and oceans of places to go before we have this efficient. Policy and security do not align. Acquisition and security do not align. The way we do our business and government as well. That is the background. I wanted to give a little history before we move on in our discussion. Thank you. I would like to turn to joan, please. Thank you. I agree with the way randy put the challenges today in context. He is absolutely right, we need a new approach to personnel security inside the government. I also want to give a couple examples of what Charlie Allen was talking about. Like most successful organizations, the government has to Pay Attention to cost which is a big driver. The cost to personal security is normally hidden. The government does not know what personal security costs. I have a couple of specific examples i want to give you. While this story is true, the name was changed to protect me. Its privacy information. Everything else in the story is true. John smith is a technical ask expert in quantum computing, hard to find american citizens are willing to subject themselves to security clearances and work for the government who have these kind of skills. Hes in expert in quantum computing cleared at the qs level within the department of defense. To be billed to the government at 195,000 ,nnually, very specialized skilled individual with a very high clearance. That number breaks down to 15,000 per month, 3750 per week, and 93 . 75 per hour. John is scheduled to move from one Intelligence CommunityOrganization Contract to a different Organization Contract. , remember he is fully cleared, his clearance has been submitted to the gaining agency so that he can be crossed over to work on the new contract. His company will carry the cost of employing john, roughly 15,000 per month for this highly skilled, highly educated individual for the duration of the cross over time. Who ultimately pays that bill . Its the u. S. Government because that cost is embedded in the rate that the government pays for those individuals. The agency to which he is moving needs only to execute a polygraph to move him. We estimated six months for that crossover. Unfortunately, it took 10 months. We paid the bill, 150,000 to keep john on what we called the bench while we waited for his polygraph to be scheduled, which it was, but we did not know whether it would be. That is a huge cost of one individual. That was a fairly simple process. The second one is harder. We had an individual who is also for the department of information with a polygraph but who was married to a foreign national. His wife was indian. Technologydvanced office in dod and wanted to move him to an it advanced office. Phd ina degree and Engineering Physics from cornell. There are not a lot of american citizens that have those qualifications. He was also the author of more than 40 technical papers with over 5000 citations. His clearance, he was fully cleared, took 294 days to cross over because he had an indian board wife. She got american citizenship before his clearance crossed over and she started the process after we submitted his paperwork. These are two individuals out of whothousands of contractors do highly specialized, highly skilled information for the Intelligence Community. We have to fix this problem. With that, i will turn it back over. Thank you. Doug . Morning, one thing we are going to see is a common theme from this panel and that is that we need to start leveraging technology. One of the things that has changed dramatically in 50 years someone mentioned the opm breach, that is a big deal and it sent shivers up my spine because thats about sophisticated systems and the bad guys have more information at their fingertips than they ever had before. It will make our job harder. And noat this panel offense but its decades of experience in the government. Looking at this problem set, i think all of us could probably be embarrassed with why we are and where we are today. As randy said and joan said and charlie said, we have been approaching this problem for 50 years now. It is time to start leveraging technology on the front and when you get clearance and throughout the whole process of having clearance. Thank you. I will finish up with a few points as to why we need reform. Costset clearance 400,000. A topsecret security clearance costs 5,000. The direct cost of security clearance im any given year are 1. 6 billion. Thats a lot of money. We do hundreds of thousands of clearances each year. Technology, yes, there will be a cost upfront but the cost of doing those clearances and monitoring people going , what is the cost of a Bank Transaction . Its a fraction of a cent. Thats the model we need to move to. Ok, lets start the next round and i want to turn it back to doug. What changes to have to make . Doug is the middle of making them so he is our speaker to start. I am trying to remain optimistic. [laughter] breach, thereopm was a 90 day review study set up in the principles are being briefed on that this week. That theyre going to stand up a new agency call the National Investigative service agency. Im not sure where it will land yet. It will have a new director, new focus. Im trying to remain optimistic about that. What really needs to happen as i mentioned earlier, on the front end, we probably need something before we hire someone like with the Insurance Companies do and what the Credit Companies do to give a risk score and someone then dont stop there. I think what you need to have is continuous evaluation of the people you grant to clearance to who, by virtue of that, has access to the keys to the kingdom. It is not that hard. We have been doing it in last two years. Quite frankly, some people might get concerned about the cost upfront. They are not that big of a deal. The money you save overtime with continuous evaluation, 24 seven on your employee population is phenomenal. Ok, why dont we turn to randy . First of all, lets acknowledge the government needs is like going to aa, you need to ignore knowledge you have a problem. The problem is this obsolete system which is an effective. To make a thing is clear decision that we are going to move forward with a Technology Platform to solve this problem. Used,mbers that are being 100,000 of this are a million of that, maybe a total of 10 Million People government and contractor, has some sort of clearance. I have heard that number. When you go to the private sector, that is a small number. 10 million is not a big number if you are visa, american express, mastercard, or Insurance Company or amazon or google. 10 million . If you use their systems, you would have to dumb it down to get to a number as small as 10 million. This is something where there is a lot of technology that is available. We are hearing about these days, weeks, months and in some cases years to get these issues done. Security clearances should take a fraction of a second the literally. How long does it take would you take your visa card and swipe at a point of purchase . You stand there for 298 days and wait for a green signal . No, it comes back literally in the blink of an eye. Those systems are being correlated with specific algorithms. Issue of crossover, periodic review, the delay, all these things if security clearances took one second and if they cost one cents, we could dozens of times per day because it would not matter. We have to figure out how to use intermediatey to and change the fundamental structure of how these processes go forward. If yes there will be upfront costs. We have to come up with that it layer. Thats an investment. The one point 6 billion is not account for the delay in the down that people are sitting twiddling their thumbs waiting for the clearance to come through. That is billions and billions of dollars wasted. The time value of money is never calculated in this. Moving to a complete digital platform and yes, there will of the individual cases that will require some handson treatment. Australia in an ashram when they were 18 years old and i will take more attention but the vast majority of the population are talking about can be done using an alldigital modern technology that would give you a considerably greater insight into the behavior and the future behavior since these algorithms are becoming predictable. Google knows if you are getting sick before you do. Target knows you are pregnant before your pregnant. Telcos know where you will be tomorrow. Thats todays technology which will double every 1224 months as we move forward. These capabilities will become increasingly predictive and we will be able to flag the snowdens and the mannings early on monday start to go off the rails, not after they have taken the train over the gorge and annihilated it. We will end up with a much more secure outcome and security dividend once these things are actually implemented. Thank you. I agree with the way randy characterized this. Every director of National Intelligence has come in with an agenda to improve personal security. A lot of them have spent time and effort and money trying to do it. We have had a lot of reform initiatives. I think what we never come to grips with his we see security as really a supporting function. Inimical to it as getting our jobs done or allowing us to get the jobs done if it is done correctly. Traded personal security as a Mission Rather than as an administrative function that we have to deal with, then i think we would be able to spend the money and solve the problem. We are pretty good at solving ic butproblems in the because we dont think of it as something that either hinders or helps our mission, we dont treat it with the same seriousness as we do mission issues. I think that philosophical issue affects us in our ability to deal with this problem. Thank you. I want to reinforce what they said. We are in a new air and have new technologies. Monitoring is something the director of National Intelligence supports. Search and agencies like cia and nsa are moving ahead in that realm as well as others. The department of defense has a vast population of people who have clearances that are secret or top secret. The progress is quite slow. I think we have to align the policy level as well as the security levels as well as the contracting. Today, it is separated and segmented and the Security Officer or a chief information Security Officer that monitors fromrks seems far removed some of the very rapid and more efficient ways we can do this. Trust doug and his a thatent his judgment the independent agency will be stood up to replace with office of independent Personnel Management did. It did not have the infrastructure capabilities or the resources i think when this was decided back in 2004 and dod handed the responsibility in. 005 2 oh p. M. To execute this they did not have the security and counterintelligence expertise to handle the problems we face today. Belief, however, that we have the opportunity not to build in all of the former build these of the past where the wholecurity, and practical business of doing security clearances seemed to be separated and divided. They have to be a unified way. In two thousand eight, there was a performance accountability board established. There has been continuing effort to continue accountability. As we have seen from the snowden and manning events, we have not been successful in doing all of this. I think right now i am undergoing an update of my topsecret sei clearance. I had to fill out and ss 86 with the help of a special assistant who understands all of the technology to fill the thing out. 127 pages. You would think since i was investigated by cia many times starting in 1987 that perhaps i could have a shortened form, but i had to do the entire thing again. Will interviewne me and read back to me the 120 odd pages and say is this correct or incorrect . That seems very obsolete. Neighborhood checks seem very obsolete. We do not know the neighborhoods the way we once did. Requires a little bit of Risk Management, but it does unification between the security gurus and policy decisionmakers. On a hope we will embark new generation way of doing security clearance reform. Charlie. Hank you, thek lets me round of talk of security reinvestigations. Once you get a clearance, you are supposed to be reinvestigated every five years. Top secret clearance, every 10 if you have a secret. That is just not very effective, because peoples behavior changes. Even if you were clean as a to peoplehings happen over time. There are changes in relationships, drugs, alcohol, personality changes, and in our , unlessthere is no way you to come upon it on the tenure anniversary, of checking on the people. The system of continuing checking ive enables you to continue checking on problem employees. Most of them are not going to be spies. Most of them are people with trouble in their personal life that will affect work place performance and will leave them vulnerable to potential intelligence operations by hostile powers. The point is with the continuing valuation system, we can do much better by the employees. Throughdentify problems Human Resources and give them the help and services they need to get good employees back on track so they are productive, our people. Protect by protecting the people, we can protect our secrets far better than we do today. Moving on to the next round of questions. That would be, what has to order for the ideas to be successfully implemented by all parties . Are can go because mine very simple. The designation and organization that understands how important this is, securing the network is pretty critical. Enhancing technology, and aggressively pursuing continuous evaluation throughout the entire process. Those are the four basic tenets that will keep us alive and well. When i look at this issue, we are not trying to find a cure or cancer. Were not trying to solve peace in the middle east. This is not a heart problem. There are 20 of examples and exemplars that exist in the private sector today right this minute that would solve . 99 of this album, which is what makes it so maddening when charlie is been leading this for more than half a decade and i have been contributing and others that have dissipated in this. We have a solution sets out the. Doug has created an atraordinary Program Lockheed Martin on continuous evaluation and Continuous Monitoring. They have gone through the hoops , figured out how to handle private issues, look at the technologies that called and come up with the mechanisms. The u. S. Government just went and took rocky model, we would have more security today than yesterday. Credit Card Companies have been doing this for decades. Insurance companies doing this for decades. We have to figure out how to get to the moon. We need to go copy people who know what they are doing and do it effectively. I think there a lot of companies would be willing to do that. . Hat is the critical need simple, leadership. We need Senior Leaders involved in this. Make it priority. The top two or three aims they are going to do. People, if we really do believe people are the most important asset, and i happen to believe that, coming up with a system that will better protect the people from the kinds of challenges and threats that are being directed against them in the 21st century, and if someone does have an issue, to identify that early on before they go badly off the rails, to get that person on track and keep them on track keep the values so we do not have to go through the worst case where we spend years and billions of dollars doing damage assessment, but taking adverse action against someone trying to fire them and energy we burn up only becausehen this would better protect and better serve the people will the people and organizations area that, to me, is the best system to go forward with the system. It is a business process that joan said when we were this on ther to formal session. We have to improve as much of. His the policy side, security side, the contracting side all has to come together in a more unified way and has to be strong, great leadership. Ill take leadership in this administration and the new leadership coming into begin to change this and change it dramatically and do the Risk Management required. I have been investigated many times. Checkve to always do the when they are updated. Periodic updates are needed. One thing we have been asked to do in the reform counsel was to thatetrics to demonstrate certain crossovers, contractors, that it differs widely among agencies. , we have a number including a member on this panel. Some agencies can do crossovers very quickly. One in particular. Others, some that you would think would do it in a hurry, and it drags on. Not just days, but sometimes months. That is hard for me to comprehend. So continuous leveraging the technology, changing the policies, updating policies, and when you are being updated for the 15th time, find ways to focus on what may have changed in individuals that would be an issue of concern. Lets not figure out when parents were born and when they died. There is really nothing more to add to that. In my opinion, this is not about reform but a fundamental change. A recognition that security is essential to accomplishing the nation security. We can do this. It is not as hard as the many years of trying would indicate. I think if we treat it as a Mission Challenge and problem, we can solve this problem. Lex thank you. Thank you. The one problem i would like to speak on on how to successfully implement, the question of why the sea in civil liberty always arise, and they should. I would be to them as follows, when you have a background check and live for a security clearance, you agree to have your background investigated. What we are proposing here is the nature ofte the Background Investigation to the 21st century. Instead of 127 ages of forms, listing your dead relatives, submitting your neighbors and colleagues to a background interview, thats we move to digital Background Investigation. And should be only publicly available data. There are a lot of data set that are publicly available. The government should not in lookendeavor at any rate to data records that are other than those that are available to the public at large, but the power of assembling and integrating and analyzing those with algorithms is a very powerful tool for evaluating people, both when they first get , to evaluatece them continuously as employees thereafter. Amazon knows more about you, google knows more about you. Knowing how Political Campaign works. Sophisticated databases looking at voters look at you and know a lot about you. I would submit those entrusted with our nation secret should be analyzed with the same public data sets, and we can do a much better job of protecting our secret and our people who protect our secrets. So any other comments from the panel before we open it up . Public theadd that available information, but also, information people willingly decide to disclose or access when they use their business computer system. A government or private sector you are a contractor. Once you log on, you have no expectation or privacy in that regard. A few years ago one of the true heroes in the security reform stokes managed to get a Pilot Project where they ofld look at a subset cleared people in the army. They went and looked at the online behavior look at the Army Internet address. , if you arethat logging on to some other personal account, all other bets are off, no expectation of privacy. 10,000 or so. I will not get the numbers exactly right, but the number of magnitude was 125 people who were otherwise perfectly inbound of all the security within five years. Suspendedinstantly because they found serious violations of security. A guy was looking online to find a hitman to kill his wife. Another guy was bragging i just passed my urinalysis test, where can i score some pot . Another 100 25 people instantly suspended from access because they took a look at what was going on digitally that they had never looked at before. That was one tiny example. 10,000 out of the 10 million we are talking about. These tools are very powerful. That was 10 years ago. I think if we leverage it, we will get even more insight than we have before. Absolutely the privacy and those issues have to be results, but i think in the example of what doug has done, they has resolved that. There are other institutions that have figured out how to do so in a way that is respectful of institutions. I have spent half my time in my career there. You sign the documents in there is a two or three page very tiny number list of all the things you are waiving and giving the permission for government to do. Now we are just taking that into the 21st century. It will be a digital investigation going forward. Question for jane. Thank you. Thank you. Very good discussion by all of you. I want to add to your to do list fixing paper timecard problem. Job, i haveto the failed. My comment is there was very little mention of a former employer the United States congress who employed you, to and maybe others of you fortunate people. How much does Congress Gave to do you go for how little can congress to and still have to that is a of car . Great question. Congress can play a very Important Role of helping to set the agenda if someone on the right Committee Makes this a priority, full steering, draft legislations to create a 21st century knowledge is not formed for clearances, it will drive the process. He pointed to his it has been too little public discussion. That is why we have not had changed. Under chef has brought us to 2015. Inertia has brought us 22015. Public discussion starts right here at the Wilson Center. Let me call on john gannon. Thank you very much. Great to see you all here. You are all aging gracefully i might add. Pointer of you made the the Intelligence Community overall has been he had the Tech Knowledge he could for at least 50 years. I find that. You also said with regard to the issues associated to security clearances, we have known about these for at least 30 years. I would say at least 20 years i know some of the issues you raised about the cost, both the financial cost, and the cost of of theertise Intelligence Community, we were working on those 30 years ago also. Having spent 14 months with the fbi recently, the point i would make, to some degree we have with back from where we were 1520 years ago. Partly because you are dealing with a very strong head headwind with the wiki link notification. Thes surprised to lead agency do not accept as a security process. That adds to the cost. You get a polygraph and clearance test at the the i dia will not accept it. Boy would i love to see the instant you are describing with the alignment of the Intelligence Community with the digital world, but i just do not see it. At the congressional level, i think there is a reluctant thans to deal with the issues or to spend any money that will fix them. I see the administration level, not enough concern to pick up the issue and run with it. Randy made the point, and i think very well, that the inefficiencies in the current system, the inaccuracies represent a heavy cost. What happens to the leaders, and the leaders are critical of all of this, they are able to convince them that while there are inefficiencies, what we do discover do protect us, and it is not worth the risk of changing. I think if you are going to get anywhere, there will be an alignment of leadership. There has to be a coalition of the willingness. I think congress is willingness for all of this. Critically the leadership in the Intelligence Community not biting into the fundamental change that is necessary and you have described so well. Charlie, please. I would like to respond a little bit to what john has to say. In some respects we lost ground in the digital revolution that randy described so well accelerates. We have moved at glacial speed in many respects in modernizing our processes. Better policies and particularly our security processes. We spent about three years trying to decide. 2011ok three years from two 2014 to get suitability requirements defined by the administration. On the dates,ng but it took a long time to determine pretty elementary stuff. We are working on parts of it, and working very hard and very laboriously. Homeland security of defense communities, security and administration of congress is really lacking. We get interest from democratic staffers occasionally, but very lady little leadership on this issue. There was a lot after the snowden events. And after the opm breach. The administration of it defensive. The administration very critical. Then it passed. We have this major thing we are all concerned about. My wife just got her letter from opm on friday. Sf 86. O put in my we are moving slowly. I would add that i agree with you and think you are absolutely right. The other area we have dysfunction inside the government. Security and acquisition are rulebased processes and environments. Those rules have evolved over 506 years. It is very hard to get off of that. Very important functions the government needs done. I agree with you 100 . I have seen it backfire so many times when they have tried to all partspartisan and of the government working together. You begin to despair we can actually do this. I would like to investigate johns comments because i thought they were very good. You talk about congress and the white house and Intelligence Community, you would be very surprised how far along some of the companies are with regard to the problems. Is my chief lawyer reminds me often, the Fourth Amendment applies to the government involvement with citizenry. So there are things we can do in the are that moves the problem further down the road. Ok. We will take a question in the back and then come back of front. With the blue tie. Mike with senator warners office. Thank you very much for the very important discussion. Topic of a great concern. Especially regarding the loss of productivity, taxpayer dollars in terms of the lack of we could, and also maybe defend congress a little bit. Intelligencehe authorization act for 25th team had a whole section title five of authorization legislation dni to conducthe to be sure Continuous Monitoring takes place and to report on clearance. That was passed into law on two years ago. It is clearly an item of concern on the hill, maybe not as public week. I wonder if part of the problem securityan to cyber where in the private sector we have seen Cyber Security relegated to the chief information officer, and not the ceo, which is fine, until there is a breach, which causes the loss of personal data. Maybe i dont know what else it might take to get that level of promise. Clearly we have had the reaches and opm. Den as you point out, as far back as 2011, the cost. Agency. Is this new i somehow do not hold a lot of hope for it. Maybe that is the first. There has been a bifurcation between the Intelligence Community and private sector on this as well. Well, clearly congress has made their views known on this. Unfortunately i think there needs to be an additional amendment to the next that says by date certain, and i think you can change choose the date. Lets say three years to allow time. E mutual by january 1, 2018, the Intelligence Community shall employ a fully digital, fully automated secure Background Investigation system for all security rinses for u. S. Government and related contractors. Where now you are this new agency. I have to start in january 1, 2018 and walking this back. What do i need to do to get to this point . The hangingng of fate is to concentrate the mind. You might see, and also, if there is a date certain, the Oversight Committee, how is the deadline going . You only have an x number of days in the week . Anything we can do to help . That would keep the focus and attention on this. I hate that. I dont like to see congress have to be that micromanagement in anything, but i think the executive branch should use their own authorities and risk abilities to reach the conclusion because it is the right thing to do and makes sense for all the things we talked about. Charlie talked about risk in intimate. One of the iron laws is risk aversion. They will keep doing the same things over and over again until someone tells them not to because it is safer to do the thing that has always and done. I think it will take outside influence by the likes of the Oversight Committee to really be the action forcing event. Say thank youo very much because we recall the legislation and the authorization bill, and that did help to move things along. The director of National Intelligence elites very much and various projects and processes and private efforts underway. We have still not moved fast enough. Theat the same time, Intelligence National security planning a spring event where we would like to have senator warner speak again about the importance of this. The incoming president will be in touch with you and the senator. Thank you. Question up front. My wife got her Christmas Card friday as well. There is a lot of frustration among all of us about how slow the process is. It is probably am watershed moment. Sf 86 was the key to getting a new credit card. It is not that we cannot act in emergencies but we choose not to act. I was wondering if you could talk about the divergence of those actions. That is a good point. A couple of us wrote an oped, and had to do with what we were reading in the hill and it was focusing on Identity Theft relative to the opium breach. That had nothing to do with Identity Theft. It has everything to do with the most granular nation. The sophistication, spear fishing and human approaches. This is a 30 year problem keeping people interested and would be somewhat difficult, but that is exactly what this is. I am elayne middleton. I have to mention the hamilton. Indiana anduthern have known him my whole life and very Close Friends with my parents. I sent him an email to congratulate him. And i know he was pleased to be named. We should congratulate him for that. Anyway, i am happy to be here today. I am a victim of the opium process. I testified some years ago before congress when john edwards testified about due process for security processes. I did not get denied a security clearance but stop the process in midstream. They traded this file that congressman edwards held that this file that contained a noxious and full information, and i never got the chance to rebut it, and i was in court. I am saying this system has never worked. Disloyal. Said i was i had other socalled faults. And never had any opportunity to comment. They did not interview me. The process has never worked. I think the people it did not work for are the ones that are like the snowdens. It did not work for me either. This is a nonfunctioning system. Are astronomical in terms of human x and richer, etc. I would like to participate in, because i think i could put a face on what is wrong with system. It just simply does not work. Thank you. Thank you for your comments. Over here on the left. Then to the back on the right. I am just a beneficiary of the system in the next defense Intelligence Community participant. Whatought is focused on many of you have mentioned with the illustrations of marijuana and the rest, the implication of how much risk we are willing to bear as we move to this automated process. I understand it is a wonderful notion that will drive the policy as we go forward. In the algorithms are the notion of risk. Studies in theof business that deal with the issue of trust. Is the notionhear of how the ultraconservative Intelligence Community people and how tosk overcome that the issue drive forward with automation. Thank you. Doug, would you like to speak to that . I think it is a good question about risk. It is not that much different i have found. They all have very strong privacy concerns. What we did in our company is we set up a program lockstep with the lawyers and privacy side to it is not a security issue but it teams fort. We put privacy at the top of the issue. The program does is a looks at behavior. It profiles a hader. A looks at the digital behavior and the Human Behavior baseline. Onether, we make a decision whether or not we will act on that. If you think about the data, it is all objective. It is all public the available information. The subjectiveness are the red flags or triggers that you come up with. The weight you assigned to that and what do you do with that information . The folks we have hired is we are trying to very much look out or the employee, as opposed to just looking out for badness. If you look at insider threat, work place five and, they all have concerning behavior going on in someone life. The program we have developed for looking up that kind of behavior that is a typical and someone like force on how to act on. Can we transect can we transfer that . Shirt. We come back to leadership. We talk about Risk Management. The risk that any security establishment will ever accept. Single time. Ery singlent zero every time. There can be no compromise. Hasexecutive leadership just basically listened to that. If you go to the headquarters and look at the rogue hall of roads e has been rose of scores of failures. There has always been spies and failures. To use that as an excuse is truly ridiculous. The executive leadership differs. You will have real Risk Management and make real decisions about risk tradeoff when a Senior Executive level kind of decision. All of the agency had sitting around the table. On the table, and what are we going to accept . We cannot have zero risk but we do not want 100 owner ability. . Hat are we willing to accept how do the new technologies allow us to have better insight into patterns of behavior and so on and so forth and figure out the various standards for these things, and then make a decision. Work with the congress. Go to the hill. Here is what we have decided on the what do you think . It will not be 100 . There have always been people to slip through the net. Snowden and manny. Will end ups system because of the benefits we are talked about and will give us true more truly more security at the end of the day and then move the system forward and we will learn. And move thisheir one out. Then you get on with the new process. If we dod like to say have emerging technologies, i believe we will see a change not only in business and Technology Efforts and the ultraconservative top counterintelligence, that person, he or she, has a real responsibility. People,hat current prominent counterintelligence in and Intelligence Community welcomed this as a way to do better Risk Management. There is more enlightenment. They have to be hardnosed whether it is the bureau or cia or in defense. Gives us hopehis for the kind of change that you want. One comment. We have to ensure we are not parochial. Not only in the United States of america where people are engaged in this question. I can ensure you hostels services are looking at digital evaluation tools, key u. S. Government employees, and i think it is really important that we have to protect our people first before other people take action. That is a very good point. Even if the Intelligence CommunitySecurity Community and counterintelligence did not believe a single word we had to say, the rest of the world they. Best ofs you want the the world using the technology against our people, and they will, you better understand them enough to understand against attacks of the russians and iranians and fill in the blanks. Everyone is so is looking to penetrate or otherwise do harm to the u. S. Government. Syriay on those grounds should be predicate enough to want to move forward on this. A woman in back please. I was wondering if you could tell us a little bit about what continuing monitoring is an and howork at lockheed the employees are trained or how they are told their data is being used . What publicly available data you are using and how the employees are trained about it . I look at more of a continuous evaluation, as opposed to Continuous Monitoring. The program i was asked to stand up was Lockheed Martin across the enterprise. Cannot do that with a handful of people. You have to Leverage Technology for that. As we wente didnt out with a very we did is we went out with a very Robust Campaign to inform people why we need Something Like this in our campaign. The government should have an expectation that the project product we are providing is for their benefit. Do is we we did not did not use the report. We did not want employees reported to us that our employees to be engaged. You want employees to buy into the program for their benefit, for the National Security benefit. Offar as the type information, some of it has to do with a suite of tools we have on our network. Some of it is Human Behavior baseline. Ares the type of stuff we to collect within the existing data. Arrests, liens, bankruptcy. It is all publicly available information. I think selling this internal to was a little bit wrong quite frankly. Is it in line with corporate values is the biggest question to answer. Three people here. The gentleman here and there and up front. Appear. Up here. I am waiting for a security clearance. Not from your government of my government in italy. It was not 226 pages but only five pages. , what is thes collaboration between your government and foreign governments . Practice isr best some kind of overlapping between countries that collaborate in the organization. Thank you. Thanks. I am really not an expert. Do not have the experience of looking at the security practice. The u. K. In particular and our close intelligence partner countries have similar systems that have been along the same lines. But how much to elegy they have introduced is not something we have looked at. We have been so focused on trying to drag our own process into the 21st century that we have not done the benchmarking. That is an interesting idea to check with nato allies and the other countries for which we have close. Australia and japan with which we have Close Relationships with and maybe learn something from them as well. You only said you had five days paper ahead of you. Over here. The lady in front. Name is human and im the Senior Intelligence officer. And i am interested in, have heard allusions to it, where we had more new ones in the adjudication of information that has turned up. We have the vision the adjudicator is the straightlaced presbyterian and does not understand why you would not be interested in vacationing in the asiet union and advocation an exotic dancer on the side. In my last job i was trying to clear a hedge of wearing oh woman phd mathematician. Can you address that . That is a great western. Know that we have those kinds of examples, but having done a classified study for one agency classified processes and including adjudication and all of the other aspects, there was one i did alone know over a year, i found adjudication process very nuanced and enlightened. It is very sophisticated. It has to bencies a senior officer that does a final decision on the adjudication. What yourt accept neighbor or so does that does not really like you has said during the interview process. Sophisticated and very mature. I went away very pleased and surprised by what i saw. I would add that you can add the parameters whatever way you want. One of the parameters is we will be able to take in so many more types. There is a big data set for a group or individual. We will be able to have a much. Icher basis of a decision we will also be able to set up individual norms. Intelligence community access. Your norm is different from my norm. You leave at a certain time. Your travel, expenditures and behavior is unique to you. Mine is unique to meet. Deviation,re is a and are suddenly showing up 2 00 a. M. On a sunday morning, and you never have before, a light goes off. Maybe there was a crisis in your area and you got called in and maybe yourct the ok supervisor says i dont know why, he is never done that before there is no good reason. Issue, you can build adjudication into the algorithm, as long as someone is behaving within the norm. When there is deviation from the established understood pattern. There may be certain websites. That should go off for everybody , not just a particular individual. This will give more clarity to an individual behavior. At the end of the day, when the little red lights go off or alarm bell rings, you want a human in understanding the tech understandingn what the applications are and how the system works to make a human judgment to get to the latest issue that she mentioned that at the end of the day, you ist to have due process that built in. Automation will only take you so far down the road. I think the tools will get a lot of that. Plug it in and let her do her job, and as soon as it deviates, then look at her. Himif i could add to that and one of the success stories, and there have been improvements, but one of them have been the time for initial clearance adjudication for people who have never had a clearance before has gotten much better, unless you have had any extensive foreign overseas time or unless you have relative overseas. The very people we would like to have led the next areas and cultural understanding to be intelligence officers, almost impossible to get them through. They go through Something Else because they get so strung along by the process. That is still a big issue for us. Point, the reason i am here before you today is because my frustration came to a boiling point on this session because of former student of mine who had a grandma and the former soviet union, it took him four years to get a good to get clearance. That is not good Business Model for anybody if it takes you for years to bring on board the talent you otherwise would want to hire today. Hello. I have been a Foreign Service officer for about 30 years. Thinking about the Navy Yard Shooter indians scented the companies have in that case to andPay Attention the hotel the guy is in the migraine and there is this pressure, just get the back down, clear everyone, the bride for the investigation so the that were working with investigators were pressured to get through them as quickly as possible. Perverseeal with the incentives . , the new in the past digital approach is the new way to do that. Inre were securities defense. I remember general cunningham had a periodic reinvestigation to conduct. Hopelessly behind. That is one reason that when it occurred, we felt we had to find a way to improve the process and give it to opm, which was not equipped to take on this responsibility. , i believe the answer ies in the future, because think as of now we are not where we have to be but where we have to go in the future. I think the private sector, i know the company and a couple of other companies are trying to do what hockey martin was doing. For onenk we have time more question. I saw the gentleman in the back. We went close with that. Work name is andrew and i for the navy. Does the fact that the manning and snowden leaks seem to be motivated by politics versus financial consideration or coercion affect the type of information we collect is part of us process . Andg you to ask more rest like have you ever tried to overthrow the government or is the current information enough . Do we need to ask additional questions or more computer auditing . To be need to look at perceived loyalty . I think it will wire changes. I have seen postmortems where he looked at what they were doing digitally, and there were half a dozen warning signs that any one of which alone may have seen minor or for nine, but when you put them all together, there was that ifa pattern someone had had that entire set of actions and behaviors, they might have reached a conclusion that something aberrant is going on here. I think we need to think of the threat across the spectrum. Having some technical problems with about broadcast. Coming to us on the discussion about security clearances. We will work to fix the problem. We heard from the audience that will be the last question. We will work to get back to the Wilson Center. Stay with us shortly. We are going to bring you the last of the questioning from the Wilson Center on security clearances later in the program. You can check www. Cspan. Org. We will take a look at president obama speaking to the nation last night on National Security and terrorism issues. He spoke from the oval office, and his remarks lasted about 15 minutes. Obama good evening. On wednesday, 14 americans were killed as they came together to celebrate the holidays. They were taken from family and friends who loved them deeply. They were white and black and latino and asian, immigrants and american born. Moms and dads, daughters and sons. Each of them served a citizens, and all of them were part of the american family. Tonight i want to talk with you about this tragedy. The broader threat of terrorism our nationcan keep safe. The fbi is still gathering facts of what happened. Victims were brutally murdered and injured by a coworker or and his wife. , no evidence of the killers were directed by a terrorist organization overseas or that they were part of a broader conspiracy at home. It is clear the two of them had gone down the dark path of radicalization, embracing a perverted interpretation of islam that calls for war against america and the west. They had stockpiled assault weapons, ammunition, and pipe alms. This was an act of terrorism designed to kill innocent people. Our nation has been at war with terrorists since al qaeda killed 9 11. 3000 americans on in the process, we have hardened our defenses from air ports to Financial Centers to other critical infrastructure. Intelligence and Law Enforcement agencies have disrupted countless plots here and overseas and have worked around. He clock to keep us safe our military and counterterrorism professionals have relentlessly pursued terrorist networks overseas, disrupting safe havens in several different countries, killing Osama Bin Laden and decimating the leadership. Over the past few years the terrorist threat has evolved to a new phase. As we have become better at preventing complex, multifaceted , terrorists 9 11 turned to less complicated accept violence like the math shootings that are all too common in our society. It is this type of attack that we saw at fort hood 2009 in chattanooga earlier this year, and now, san bernardino. As root like isis stronger amid the chaos of iraq in syria, and as the internet erases the distance between countries, we see growing efforts by terrorists to poison the minds of people like the boston farmers and december 90 no. For seven years i have conducted since i took this office i have authorized u. S. Forces to take out terrorist precisely because i know how real the danger is. As commanderinchief i have no greater responsibility than the security of the american people