Information Security Oversight Office (ISOO)

NISPPAC Minutes - April 5, 2001

Minutes of the Meeting
Thursday, April 5, 2001

The National Industrial Security Program Policy Advisory Committee (NISPPAC) held its seventeenth meeting on April 5, 2001, at 10:00 a.m. at the National Archives Building, 700 Pennsylvania Avenue, Northwest, Washington, DC. Steven Garfinkel, Director, Information Security Oversight Office (ISOO), chaired the meeting. The meeting was open to the public.

Welcome and Introductions: Approval of Minutes
The Chair began the meeting by submitting the minutes of the September 14, 2000 meeting to the Committee for approval. They were approved after minor changes were suggested. After welcoming those in attendance and self-introductions, the Chair officially welcomed new industry members Patricia Tomaselli, Northrop Grumman Corporation, and Lonnie Buckels, Buckles Security Management Solutions.

Formation of a NISPPAC Subcommittee
The Chair expressed to the membership his concern that the NISP has reached a stage of existence where program implementation is not going as well as expected. He pointed out that the NISP has never worked as it was intended to, even though large improvements have been made.

The Chair commented further there is general recognition of a prevailing and increasing tendency or slippage back into old practices. Unfortunately, these are security practices that the NISP was designed to remedy. For example, some contracting agencies are appending security requirements above and beyond the NISPPOM to their DD Forms 254, which is counter to the NISP philosophy of uniformity, commonality and reciprocity. When necessary, there are entities/organizations that have to take remedial action to halt the slippage, DOD as Executive Agency, CIA, DOE, and NRC as signatories of the MOU, the NISPPAC, and the security community at large.

For this reason, the Chair announced the formation of an adhoc subcommittee/ working group to report back to the NISPPAC by the next official meeting (September 2001), with recommendations on how the NISPPPAC can specifically and generally act, to improve and fortify the operation of the NISP. The Chair appointed Rudolph H. Waddy, ISOO, to serve as the NISPPAC Subcommittee Chairperson and requested representation on the working group from the four signatory agencies, and all industry members within commuting distance.

National Security Council - National Security Presidential Directive-1
William H. Leary, Senior Director for Records & Access Management, National Security Council (NSC) and Acting Chair of the Interagency Security Classification Appeals Panel (ISCAP), briefed the membership on the status of National Security Presidential Directive No. 1 (NSPD-1).

Mr. Leary stated that NSPD-1 is the first policy directive of the Bush Administration. It sets up the National Security Council process. Mr. Leary indicated that the basic function of the NSC is to deal with national defense and foreign policy issues that require presidential attention. The two most important functions at the NSC are to develop policy guidance for the rest of government in these areas, which are issued in the form of Presidential Directives, and to run the interagency consultation process which surfaces issues for the President's attention when that's necessary.

The organizational scheme set forth in NSPD-1 is remarkably similar to the way in which the NSC was organized in the administration of George Herbert Walker Bush. At the top of the pyramid is the National Security Council, which includes the President, Vice President, Secretaries of Defense, State and a few others. Just below that level is the "Principals Committee," which consists of cabinet level officials and is chaired by the National Security Adviser. The "Principals Committee" reviews national defense and foreign relations policies before they go to the President. Below this group is the "Deputies Committee," which, as in the past, decides on what needs to be addressed and what does not. At the base of the pyramid are a series of what are called "Policy Coordinating Committees," commonly referred to as PCCs. NSPD-1 sets up 17 PCCs. Most of the committees will focus on specific national security subjects such as "disarmament," for geographical areas like Asia, Africa and the Western Hemisphere. The main purpose of the PCCs is to bring all disparate groups and issues together. There will now be recognition of many issues relative to national security that the NISPPAC deals with on a regular basis.

Mr. Leary indicated that there is a Records Access and Information Security PCC. He indicated that he would serve as Chair and that Mr. Steven Garfinkel, ISOO Director, and Chair of the NISPPAC, will be a member along with others. This PCC, like the others, is intended to do two things:

Be the initial level of consideration and preparation of issues that need to be decided by the President; and,

Be the ongoing evaluator of agency implementation of whatever the prescribed policy is in a given area.

Specifically, the focus of the PCC on Records Access and Information Security will be in document and information security. It will be responsible for overseeing classification and declassification, as mandated by E.O. 12958. For example, this PCC would be the forum for considering any possible amendments to E.O. 12958 or E.O. 12968. Mr. Leary emphasized that he was not suggesting there would be any changes. However, he indicated that if there were any changes, the Records Access and Information Security PCC would be the first level of consideration. He added that this PCC would also be responsible for issues related to the protection of classified information in automated systems. He indicated that the broad definition of information security is an issue within itself.

One provision of NSPD-1 that attracted more attention than any of the others was a provision that abolished the existing system of interagency working groups. The provision indicates that all groups (i.e., committees and ad hoc entities) except those established by statute are abolished. Mr. Leary explained that there are an incredible number of existing interagency working groups on national defense, and foreign policy issues, most of which originated during the Clinton administration. He said, in fact, some pre-date the Clinton era. Many of them have necessary functions that will continue to be performed under the auspices of one of the 17 PCCs. The NISPPAC was cited as an example of an entity that was reestablished under the PCC system. Mr. Leary stated that if the NISPPAC should have issues that require some higher level of attention, even up to the level of the President, there is now a mechanism for surfacing or raising such issues.

Mr. Leary concluded his remarks by responding to questions from the membership and other attendees. He answered several queries concerning the status of the Security Policy Board, which NSPD-1 abolished, and the status of E.O. 12958, which remains in effect until otherwise changed or superseded by order of the President.

Executive Agent's Update
Rosalind Baybutt, Deputy Director for Industrial Security, Office of the Assistant Secretary of Defense (C3I), Office of the Secretary of Defense, reported on industrial security cost estimates; the Smith Amendment; the Joint Personnel Adjudication System; and the DOD Reinstatement and Conversion Waiver.

Industrial Security Cost Estimates
Ms. Baybutt reported that the joint Department of Defense (DOD) and industry group cost associated with the use and protection of classified information within industry for calendar year 2000 is $958,543,000. The cost sampling was based on data submitted by 152 respondents. Industry's calendar year 2000 cost estimate shows a decrease from the previous year's estimate of $1,228,839,000. Ms. Baybutt stated that, unless there were any objections, she would continue to use the current sampling method, which suggests greater accuracy than earlier sampling methods.

Smith Amendment
Ms. Baybutt provided a comprehensive explanation of the elements of Senator Robert C. Smith's amendment to the National Defense Authorization Act for Fiscal Year 2001. The amendment would prohibit DOD from granting or renewing a security clearance to any employee of DOD or any employee of a contractor to DOD who:

  1. has been convicted in any court [federal or non-federal] of the United States of a crime and sentenced to imprisonment for a term exceeding one year;
  2. is an unlawful user of, or is addicted to an illegal drug;
  3. is mentally incompetent, as determined by a mental health professional approved by the DOD; or
  4. has been discharged or dismissed from the Armed Forces under dishonorable conditions.

Ms. Baybutt added that in a meritorious case, the Secretary of Defense (SecDef) or the Secretary of the military department concerned may authorize an exception to the prohibition and that this authority can not be delegated. However, Ms. Baybutt speculated that these "waivers" are not likely to be many, given the requirement that the Secretary of Defense report annually to the Committees on Armed Services of the Senate and the House of Representatives. The SecDef's report includes identifying each waiver issued during the preceding year with an explanation for each of the disqualifying factors that applied, and the reason for the waiver of the disqualification. Ms. Baybutt noted that this amendment does not attempt to change adjudication procedures or due process. She suggested that it is inconceivable that DOD review all of its current clearances to meet the requirements of this amendment. She added that the policy implementing this amendment has gone to the Deputy Secretary for signature.

Joint Personnel Adjudication System
Ms. Baybutt recognized Industry's extensive participation in workshops intended to implement the Joint Personnel Adjudication System (JPAS). Ms. Baybutt informed the committee that industry will be able to "read only" DOD's security clearance database on the JPAS late this fall, and, hopefully, industry will be able to input data into the system sometime next winter. A fully operational JPAS will, in turn, reduce the workload for the Defense Industrial Security Clearance Office (DISCO).

DOD Reinstatement and Conversion Waiver
Ms. Baybutt said that Bill Leonard, Deputy Assistant Secretary of Defense for Security and Information Operations, would ask Navy to reconsider its policy to not implement the DOD directive to waive the requirement for a letter of consent before granting access to classified information. Ms. Baybutt noted that this policy has had a negative impact on Navy retirees seeking employment in industry for jobs that require clearances. The Navy retirees cannot successfully compete with other service retirees who can quickly provide a confirmation of level of clearance in former positions, while awaiting formal confirmation from DISCO. Navy argues that the policy is too burdensome for its central adjudication system to comply. Ms. Baybutt explained that the DOD policy on facilitating reinstatements/conversions of personnel security clearances for industry does not require authorization from a centralized source. As an example, she said that a Navy employee about to retire and seek employment with industry for classified programs could obtain a waiver from the releasing duty station personnel office.

Defense Security Service
Judith Hughes, Deputy Director of Security Programs, Defense Security Service (DSS), reported on DSS' Case Control Management System (CCMS); the industrial clearance backlog; security reviews; and the industrial security letters.

Case Control Management System and the Clearance Backlog
Mrs. Hughes indicated that CCMS is no longer a primary constraint for DSS in the personnel security investigations process. She stated that DSS has made a great deal of progress in stabilizing the system and enhancing the system's capability. Over the last six months, DSS is well within the industry standard for a system of its kind. Also, within the last couple of months, DSS has increased the computing capability of the system by two and half times.

Mrs. Hughes indicated that the primary focus at DSS is production, but input continues to be a major concern. The problem is that there is no centralized management control process for submitting investigation requests. DSS implemented a plan last year to move some of the personnel investigations to the Office of Personnel Management (OPM). However, many of the investigations that should be going to OPM are still coming to DSS. DSS has received over 50,000 cases this fiscal year that should have gone to OPM. Mrs. Hughes noted that the average daily receipt for DSS should be 1,750. As a result, DSS continues to struggle with lapse times and input exceeding its capability to produce.

Identification of Clearance Requirements
Mrs. Hughes indicated that the Defense Authorization bill of 2000 mandates that DOD prioritize and expedite background investigations and identify clearance requirements. Consistent with the bill, DSS has established a central requirements office. She said Steve Lewis of DSS has been assigned the responsibility for this office. The Office's primary purpose is to work with industry to determine clearance investigative requirements for future budget requirements. DSS has surveyed 242 of its largest contractors asking them to identify their clearance requirements. To date, over 180 facilities have responded.

Security Reviews
With the signing of the Defense Management Council contract by its Director, DSS established several goals. One of the goals involved security reviews. Mrs. Hughes stated that DSS had a commitment to conduct 80% of its security reviews within a 12-month period for possessors and 18 months for non- possessors. She pointed out that as a result of DSS exceeding its initial goal for possessor security reviews by 9%, DSS has established a new goal of accomplishing 98% this year.

Industrial Security Letters
Mrs. Hughes indicated that there are three industrial security letters (ISL's). Two of them are located on the web. The other is a handout, which she provided to those in attendance. Mrs. Hughes explained that within the past few months, DSS has established an electronic interface between DSS and the FBI that will allow requesters to submit live scanned fingerprints. The handout described the fingerprint process and indicated the technical specifications needed to transfer live scanned fingerprints to DSS. Mrs. Hughes indicated that DSS hopes the live scan interface will be available within the next couple of months. Electronic transmission of fingerprints is not mandatory. Mrs. Hughes stated that one of the primary customers of the live scan system would be military entrance processing stations.

Security Policy Board Update
Dan Jacobson, Director, Security Policy Board Staff (SPB), reported on the status of the SPB. He confirmed that the SPB would no longer be in existence. He also expressed his views on the National Security Presidential Directive No. 1 (NSPD-1). In his remarks, he primarily covered the needs of security professionals in the future. He indicated that certification and competency training was very important. He also commented on the challenges and complexities faced by the security community at large and the increasing threat of espionage.

Following Mr. Jacobson's presentation, industry member Bernie Lamoureux paid tribute to Mr. Jacobson's accomplishments as Staff Director of the SPB and thanked him and the rest of the SPB for their contributions to the industrial security program. He also wished Mr. Jacobson well in his retirement. All those in attendance joined Mr. Lamoureux 's remarks through A strong ovation.

Discussion of Next Meeting and Adjournment
The next meeting was tentatively scheduled for the first or second week in September 2001, and will be held in Washington, DC. The membership will be polled in order to come to a mutually convenient date in September 2001. There being no further business, the Chair adjourned the meeting about 12:00 noon.

Top