Matt Rossiter discusses best practices for ongoing security vetting for staff in government and private contracting with clearances. Matt is the Director of Tradecraft at Fivecast, working with customers to help them adopt open-source intelligence best practices. With 20+ years of experience in Australian Government National Security, Matt brings a deep understanding of how Fivecast’s solutions can be practically applied.
An interesting document passed my desk the other day. It was the July 2020 scorecard update for the President’s Management Agenda – Security Clearance, Suitability/Fitness, and Credentialing Reform. I know! My version of interesting and yours might not be the same, but hear me out. The timing was interesting for me, as I’d just finished a Fivecast white paper on ‘Security Vetting in the Internet Age’, to meet demand for education on this topic in the government security vetting industry. Fivecast has a range of capabilities to automate background checking against a full range of online data sources. More on that later.
But what really caught my attention was how this update signaled a real and positive shift in US Government thinking around security vetting.
“… the U.S. Government is moving toward a continuous vetting model that enables agencies to become aware of problematic behaviors more quickly through regularly performed automated records checks. Continuous vetting will replace the traditional periodic reinvestigations that only review the records of cleared personnel every five to ten years.”
The President’s Management Agenda, July 2020.
osint for Continuous security vetting
Continuous vetting against a complete range of data available on an individual is urgently required to close the series of systemic gaps that have plagued the vetting industry for decades: The sheer number of security clearances required annually by government, the volume and complexity of data that must be assessed to adjudicate each clearance, and the need to keep pace with communications technology advances to ensure the right data is being assessed. Much of the data collection phase in security vetting assessments can be automated. This needs to be achieved quickly. Analysts and investigators are already drowning in data and struggling to identify, consume and make sense of what is in front of them. This problem is only going to get worse as we move to 5th Generation mobile technology, a game-changing shift that will add an exponential layer to the speed, volume, and complexity of the available data that, as intelligence professionals, we’re already struggling to consume.
The problem here is that in the security vetting context, these masses of data are where those unfit to hold a security clearance can hide. Those too extreme for the mainstream social media platforms move to the less-regulated platforms like Reddit, Gab, Telegram. New platforms like Parler and TikTok will come and go. Those really trying to avoid scrutiny can head for the Dark Web, where users are anonymous and content regulation is cynical at best. While the volume of data and diversity of platforms presents many challenges, the good news is that technology is available to help government vetting agencies transform the big data challenge into an intelligence opportunity.
Targeted data collection and AI-enabled risk analytics is the force multiplier many agencies need to effectively address security vetting challenges and reduce threats for the community. The paradigm for security vetting has changed. That same data where those unfit to hold a security clearance can hide is the same place they can be revealed. You just need to know where to look. Fivecast knows where to look.
Request access to the Fivecast Intel Hub to read the corresponding white paper.