Waiting for Secrets

Intelligence law sets time limits to shake loose the backlog of security clearance applications.

ManTech International Corp., a Fairfax, Va.-based firm that develops technology for intelligence agencies, the Pentagon, and the Justice, State and Homeland Security departments, has more than 400 job vacancies. Not surprisingly, Bob Coleman, the company's president and chief operating officer, wants to fill those openings with the most skilled candidates.

There's just one problem: The most skilled candidates might not have security clearances, and much of ManTech's work requires Top Secret credentials at a minimum. Many positions also require even higher special access to classified information about the sources and methods used to gather intelligence. The company has grown adept at keeping employees busy as they await clearances, Coleman says. But starting from scratch, the process of obtaining a clearance can take 90 days to a year and a half, and that is a long time to "bench" an employee.

"We will always try to hire the person with the clearance first," Coleman acknowledges. Even contract workers who already have Top Secret clearances might experience some downtime if they transfer to projects run by agencies other than the one that granted them the clearance, he says. Intelligence agencies generally recognize one another's Top Secret clearances, for example, but review employees' files to ensure circumstances haven't changed since the credentials were issued. They also require varying types of polygraph tests. In Coleman's experience, the process of transferring an employee's credentials takes a month at the most efficient agencies and up to a year elsewhere.

Fortunately for ManTech and similar Defense and intelligence contractors, an end to long lag times might be near. The intelligence reform law enacted in December requires President Bush to appoint a security clearance "czar" by mid-March. The czar will be responsible for ensuring that agencies follow standard procedures for granting clearances and that they accept one another's credentials. The law also sets time limits for granting clearances, directs agencies to modernize the technology used to process applications and requires the Office of Personnel Management to establish a governmentwide database of information on employees' clearance status.

The law is almost certain to make a dent in the backlog of security clearance applications, says Doug Wagoner, chairman of the Information Technology Association of America's intelligence task force and senior vice president of Data Systems Analysts Inc., an IT consulting company based in Trevose, Pa. Lack of reciprocity is a problem across the government, he says. The Defense Department frequently declines to recognize contractors with FBI clearances, for example. "The only place where we see it working a little bit is . . . within the intelligence agencies," he says.

But the extent to which the law will help, and the speed with which it will make a difference, are open to debate. Staffers working for Rep. Tom Davis, R-Va., the architect of the intelligence law's security clearance provisions, count more than 850,000 contractors and federal employees awaiting clearances. But the governmentwide estimate is based on anecdotal evidence, says Drew Crockett, a spokesman for Davis. Absent a reliable central database of clearance information, a more concrete number is difficult to come by. A May 2004 Government Accountability Office study (GAO-04-632) looking at just a portion of the backlog found that as of March 2004, the Pentagon faced a pileup of 188,000 applications from contractors alone.

Similarly, while complaints of failure to grant reciprocity abound, analysts have been unable to quantify the extent to which it is a problem. Even if agencies were to collect data and store it in one place, many have different definitions of reciprocity. "We have been told anecdotally on numerous occasions that effectively enforcing reciprocity may cut into the overall backlog by as much as 30 percent," Crockett says. But in an April 2004 Defense Personnel Security Research Center report, researchers said they could not fully document agencies' failure to recognize one another's clearances, in part because of the "incompatibility of electronic databases of personnel records."

Observers also say the clearance czar will face cultural barriers and mistrust among agencies accustomed to setting their own standards despite Clinton-era Executive Order 12968, which required agencies to accept one another's clearances. The directive left agencies an out by allowing them to review clearances granted by others if they came across "substantial information" that necessitated further investigation. Under the intelligence reform law, the clearance czar will have legal authority to enforce the reciprocity requirement and will allow exceptions only on a case-by-case basis, Crockett says.

But without the help of agency officials and contractors, the clearance czar is unlikely to catch every transgression. At a recent industry conference, J. William Leonard, director of the Information Security Oversight Office at the National Archives and Records Administration, urged companies encountering problems with reciprocity to report them to oversight authorities.

That, of course, is assuming that a denial of reciprocity is unwarranted. "It's a Catch-22," says Coleman of ManTech. "I don't like the amount of time it takes [to transfer credentials], but I understand the reasons why it takes so long."