Wholesale shift of NBIB to DOD looks likely
National Background Investigations Bureau Director Charles Phalen discusses the Trump administration's plan to move the organization under the Defense Department.
It looks like the Defense Department will indeed be taking over background investigations.
National Background Investigations Bureau Director Charles Phalen said on Aug. 7 that DOD is expected to absorb the Office of Personnel Management bureau’s facilities, assets, personnel and workload.
The move has not yet been finalized, but comes after a mandate in the 2018 defense spending bill ordering the Pentagon to take over background investigations for DOD personnel and contractors from NBIB -- worth that amounts to 70 percent of the bureau’s 2 million annual investigations.
The White House's government reorganization plan, released in June, indicated that integrating NBIB into DOD would be more efficient than splitting the background investigations workload across two agencies. The Trump administration is reportedly preparing an executive order to finalize such a move, according to FedNewsRadio.
Phalen, who spoke at a NextGov event on insider threats, said OPM had been working with DOD to divorce the responsibilities “and continue to make it work” per the NDAA mandate, but seemed confident the split won’t happen.
“The truth is that split would’ve been debilitating, distracting and frankly pretty counterproductive,” he said. “The good news is the administration has determined that this bifurcation probably is not a good idea.”
Ultimately, Phalen said, switching departmental control was better for the organization’s functionality.
“I think in the long run, this is a much better solution and will keep us able, as an intact organization, to focus on the most important stuff that we’re doing as the initial trust determinations that are made by individuals working for and in the government and the ability to keep track of those individuals,” he said.
Phalen also said NBIB and DOD were working on building out NBIB's “functional” but “fairly old” IT system, which will ultimately “underpin the whole of government investigative and vetting processes” and house “the 'permanent record' that the nuns always warned me about when I was in elementary school.”
That permanent record is critical for continuous evaluation and vetting, he said, which is part of a case management system that is under development but won’t be ready by next year.
Prevent insider threats by monitoring personnel behavior, mindset
While there’s a technical component to preventing insider threats, there’s growing consensus that hacking human behavior will be more efficient in stopping threats before they happen.
Phalen emphasized that catching the problem early is critical, saying “if you don’t get the human part right, the rest of the security might not matter.”
William Evanina, the National Counterintelligence and Security Center director, concurred with Phalen during his speech, calling for a viable behavioral reporting system.
“We do really good job in the government and in the private sector of electronic monitoring,” he said, “But do we really have a fix on the behavioral issues?”
Evanina said the country isn’t there yet, but the government is working on a solution that would protect civil liberties and facilitate good information that prevents insider threats.
Wayne Belk, who leads the National Insider Threat Task Force out of the Office of the Director of National Intelligence, said that noticing behavior -- rather than individual characteristics -- is key to stopping insider threats.
“All of us to some extent exhibit narcissism, or some of these other characteristics,” he said. “So you have to be careful about telling your workforce” what to look for.
Belk suggested that insider threat teams should employ or have access to behavior analysts or psychologists “who actually know what that [behavior] means and can evaluate it,” he said. Government’s most successful insider threat programs have behavior analysts on staff or access to them, he added.
“The technology is not going to find your answer,” he said. “You’re not looking at the people, you’re looking at the activity, and that’s particularly critical when it comes to the technology. You want to be looking for what’s abnormal in the activities and behaviors of individuals on your networks.”
NEXT STORY: Fogarty has big ambitions for ARCYBER