The nation’s top national security agencies are failing to properly report instances of misconduct by independent contractors, many of whom hold top-secret security clearances, according to a new report by the Defense Department’s Inspector General.
Agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), among others, are not keeping proper records of those contractors suspected of wrongdoing and were found to lack an "effective personnel security policy," according to the report, which assessed the security clearance process for contractors at the four top intelligence agencies.
The intelligence agencies were also found to have routinely engaged in "an avoidance of personnel security adjudication for contractor personnel involved in misconduct," according to the report.
The lack of oversight of contractors who deal with highly classified information has long been a cause of concern for the inspector general and is reminiscent of the security gaps that enabled former security contractor Edward Snowden to steal and publicly release reams of documents outlining the NSA’s most secretive intelligence programs.
In many instances, contractors accused of misconduct never had their security clearances revoked or even faced disciplinary action, according to the report.
"There was a lack of effective personnel security policy. There was a lack of effective record keeping. There was an avoidance of personnel security adjudication for contractor personnel involved in misconduct," the report concluded.
Part of the problem is that the Defense Department’s "personnel security policy is dated, unclear, or entirely absent," according to the report found. "Since no system can function in the absence of adequate direction; it is imperative that this situation be resolved as soon as possible."
Security officials at the intelligence agencies in question—including the National Geospatial-Intelligence Agency (NGA) and the National Reconnaissance Office (NRO)—were found to have not maintained "effective recordkeeping" on those contractors suspected of wrongdoing.
The recordkeeping flaws "significantly hindered personnel security clearance and access adjudications," meaning that those suspected of misconduct never had their cases effectively investigated.
The findings are particularly noteworthy given that the majority of those contractors under some sort of investigation held "the highest level of security clearance," enabling them to handle sensitive intelligence information.
Despite the sensitive nature of the information these contractors are handing, the report "found that none of these [intelligence] agencies had ever debarred a contractor, consultant, or contractor employee."
This occurred mainly because the intelligence agencies have been relying on a "largely outdated" personnel security policy, and in some cases have been employing no policy at all.
The infractions under investigation are not minor, particularly given the nature of the highly classified information the contractors handle.
A large number of the 131 case summaries reviewed included "misconduct" that warranted reconsideration of a contractor’s security clearance or even "revocation [and] denial of one’s security clearance access," according to the report.
These security gaps are persistent and have been known to exist for multiple years, according to the report.
Agencies also did not continue to track many of these suspect individuals in order to detect possible instances of misconduct following investigations.
The policies meant to govern and set security standards were written decades ago and still contain references to agencies that no longer exist, according to the report.
An inter-agency system developed to maintain records of contractor infractions and wrongdoing also had not been properly utilized by the agencies, according to the report.