Gov Notes Logo
Gov Notes
  • Who Are We?
  • Contact Us
0:00:28
e e e e e e e e
0:04:28
e e e e e e e e e
0:08:58
e e e e e
0:11:04
the hearing of the subcommittee on government operations Federal Workforce will come to order and I would like to welcome everyone uh to this important hearing today without objection the chair May declare a recess at any time
0:11:19
and I recognize myself the purpose of making an open statement first of all let me thank the witnesses who are here today I spent time with them uh yesterday or the day before to speak with them about the importance of not
0:11:33
only what we're doing here today but the overall importance to the nation and National Security today's hearing uh is with the defense Department of defense's National background investigative system and we are going to not only gain a full
0:11:51
update of that but we're going to receive some information that will allow us to get uh closer to the actual operations in the need of what is happening a highquality security clearance process is vital to the security of the United States of
0:12:08
America and as we've seen over the years when sensitive information gets into wrong hands the result is far-reaching compromising both the safety of the country as well as the lives of the citizens so today's discussion is a very
0:12:24
important one in 2015 the office of personnel management opa M announced that it had suffered a significant Cyber attack one that exposed the Personnel information of over a million people in fact over 21 million people who
0:12:42
completed forms for security clearance investigations had submitted fingerprints had their personal information stolen by hackers the massive breach led to the security clearance process shifting from where it was at OPM to the
0:13:00
Department of Defense where it currently resides however we know that what happened there is that DOD was taken on an issue that was flawed and had to start from the beginning they had to start with reforming the federal
0:13:15
Personnel vetting system and also the mechanics behind that hopefully today's hearing will help us understand not just why but how we can further our confidence that they are headed the right way way DOD now conducts 95% of
0:13:32
all background investigations for over a 100 agencies most the Personnel vetting for the entire Federal Workforce in 2016 DOD through its defense Counter Intelligence and Security Agency or dcsa began crafting the idea of a new
0:13:52
Innovative Personnel vetting information technology system that system is called National background Investigative Services system or nbis this product was supposed to be a on Stop Shop system covering All Phases of personnel vetting electronic forms
0:14:13
managing investigations recording decisions and making sure that available became available not only to them but also the users however at this point after all that planning the system is only being used for initial application portion of vetting
0:14:32
process in other words this system is only able to handle the first plan capacity that it was supposed to initiate back in 2016 we're now in 20124 initially DoD said the system would be fully operational in 2019 that deadline has long passed next
0:14:56
they said the system would F would be fully up and running at the end of fiscal year 2024 we're about halfway there right now this year however recently users were instructed in a large process that was virtually a town hall meeting were instructed to stop
0:15:17
using the system completely for the time being and to revert to the older system which was supposed to be phased out by fall of this year even more Troublesome DOD has not thoroughly planned for the cyber security of both systems
0:15:36
potentially exposing Millions to the threat of another attack like so many matters this subcommittee addresses today's discussion is not a partisan one the gentlemen from Maryland and I tend to see virtually the same way National
0:15:57
Security the money that is spent by taxpayers that has been appropriated by this Congress and the need to make sure that he and I continue to work together to see things where it deals with National Security similarly I think my
0:16:15
colleagues across the aisle also agree that these issues ongoing delays with the roll out of an effective and efficient Personnel voting system are important to every single person including the security of this great nation so I think that we'll all agree
0:16:34
that today's discussion is not a bureaucratic formality but a necessity we must work together and this is an issue that I discussed with both of our Witnesses Yesterday by the way we took pictures a minute ago one noted well I wonder what
0:16:50
the after meeting picture will look like so the before before meeting picture was most professional I will tell you so will the after because you will be dealt with professionally in the subcommittee not just by members on my side but also
0:17:07
members on Mr andum side So today we're pleased to hear from David catler the director of the defense Counter Intelligence and Security Agency and Alysa sis director of the defense capacities capabilities and management
0:17:23
from the GAO government accountability office I look forward to working with each one of you today and the our work is not done today but today is an update and I want to thank each of you and I'd like to yield such time as the
0:17:37
distinguished gentleman from ma Maryland would choose gentleman Mr mum is recognized thank you very much Mr chairman and I clearly Echo your comments with respect to the way this committee has operated in this last Congress both you and I try to find a
0:17:58
common path and where we disagree or diverge we recognize that we retain that right but the decorum of the committee the purpose of the committee the findings of the committee and the oversight of the committee is something
0:18:13
we absolutely and totally agree upon so I uh am happy to be here at this particular point for this hearing which as you said means a lot to all of us and when it comes to National Security we try as best we can to speak with one
0:18:30
voice this subcommittee Mr chairman has been focused laser likee on ensuring that our federal government effectively executes the essential services and the essential functions that our national security demands while safe think
0:18:48
guarding at the same time all of the American interests against all of the possible threats as our nation faces malign actors we need a talented very reliable and trustworthy Federal Workforce now actually more than ever
0:19:04
before to protect our fragile democracy a rigorous And Timely Personnel vetting system minimizes the risk of unauthorized disclosures and classified information unfortunately the information technology system supporting
0:19:23
the national background check process has attracted our attention today precisely because efforts to modernize it have been so inefficient impending other efforts to update the clearance process and to fill sensitive positions of trust within our
0:19:41
government as far back as 2008 the federal government formed the security sustainability and credentialing performance accountability Council also known as the pack to address long-standing problems with timeliness with effect effess and the
0:19:59
overall process for granting security clearances however as I indicated before inadequacies persisted leading to the government Accounting Office to add the government-wide Personnel security clearing process to its high risk list six years ago in
0:20:18
2018 the system had skyrocketing processing times which created as we know a towering backlog of qualified individuals who could not start serving in National Security roles because of a backlog subsequently the pack launched
0:20:37
the trusted Workforce or tww 2.0 initiative to fundamentally overhaul the federal personel vetting system and to take on backlogs and other issues while that initiative takes noteworthy steps Mr chairman toward meeting the demand of
0:20:56
our national security Workforce for the underlying Personnel vetting it system called the national background investigation service or nbis May in fact hinder the success and the successful delivery of tww2 mission nbis was originally created to
0:21:19
replace outdated and decades old Legacy office that office was within personnel management it systems and 2019 however uh have fallen short in many respects of their laudable mission and fallen short of meeting quite frankly their
0:21:38
expectations a 2023 GAO report ordered by this Congress found that after $654 million spent and8 years of development along with $835 million spent on maintenance of the system that nbis is meant to replace DOD still lacks
0:22:01
still lacks a reliable schedule and cost estimate for fully developing mbis now that the full deployment of mbis has blown past way past its original projected deadline of 2019 tww 2.0 is left floating in the wind according to a goo report in
0:22:26
January of this year of 31 surveyed federal agencies more than 50% don't trust each other's security clinch vetting process or anything else and that more than 50% feel the need to compete or complete I should say on their own duplicating efforts which in
0:22:47
turn then prolongs the hiring efforts while the defense counter intelligent and security agency has made some improvements and has introduced new nbis capabilities since taking over that process in 2020 it quite simply still is
0:23:06
not enough to be able to retain attract and secure high quality employees extensive wait times Force talented agency recruits to pursue employment outside of the government when their security clearance stretches for months and sometimes years and can
0:23:26
you really blame them for wanting to wait and to hang around for things to change on the other side of the coin inadequate security clearance processes may allow the wrong people to access sensitive government materials thereby
0:23:43
endangering directly or indirectly National Security so today we Face a global threat landscape populated by even more dangerous adversaries as we know the bottom line is that our government security clearance process cannot keep up with the challenges we
0:24:02
face at home and abroad if we do not address shortcomings within basic it systems so I want to thank our two witnesses for participating in today's hearing like you Mr chairman I look forward to learning more about how dod
0:24:18
plans to remedy this issue and how we as members of this subcommittee can collaborate on efforts needed to put the nbis project back on track and with that Mr chairman I yield back the balance of my time thanks gentleman yelds back's time
0:24:38
I really want to thank both of our Witnesses who are here today both of them uh spent a great deal of time with me and the staff yesterday or the day before as we spoke about their preparation our expectations our performance and the things that they
0:24:54
would be doing and I think you capsized uh the need very well and I want to thank the gentlemen so I'm pleased to uh welcome our two witnesses Mr catler serves as director of the defense Counter Intelligence and Security Agency
0:25:12
in this role he was selected because of his demonstrated not just background but his commitment to the National Defense and National Security of this great nation and I believe he was chosen properly Mr catler is responsible for
0:25:28
leading the efforts to protect America's trusted Workforce trusted work spaces and classified information and I want to thank him for being here miss Alissa CIS serves as the Director in the defense C capabilities and management team at the
0:25:46
government Accounting Office accountability office in her role she oversees reviews on the Personnel security clearance processes artificial intelligence intelligence infrastructure and OD approach to business transformation let me say this I was
0:26:03
impressed with her depth of knowledge her ability to effectively communicate and to share that information so that others including Mr Kettler would know what he is getting into thank you each of you for joining us today I would now
0:26:19
like to ask both of you to stand and Rise so pursuant to committee rule 9g the witnesses will please stand and raise their right hand do you solemnly swear or affirm that the testimony you're about to give is the truth the
0:26:35
whole truth and nothing but the truth so help you God let the record reflect that both the witnesses answer the affirmative I want to thank both of you and ask that you take your seat uh we appreciate you being here today let me remind the
0:26:51
witnesses that we have read your testimony attended to be prepared for you uh and it will appear in full in the Committee hearing record as I told both of you when we spoke while we have oral statements of 5 minutes I'm going to be
0:27:07
as I always am uh LAX on that and want you to take the time to get things done on your oral presentation notwithstanding that may change a bit as we get into questions and answers I need you to make sure that you're passing the information to this
0:27:23
committee and did not believe it could be effectively done in five minutes so the distinguished gentlemen will have to put up with my review of that but I'd like for us to learn what they have to say and I'm delighted that that they're
0:27:37
here just to remind you please press the button on the microphone in front of you so it's on and all members can hear you when you speak the light in front of you will also turn red and green and I think you'll figure out the rest of it I now
0:27:51
would like to acknowledge and welcome the distinguished director catler uh for his opening statements gentlemen is now recognized thank you uh chairman sessions ranking member m fum and distinguished members of the committee
0:28:06
I'm truly honored and grateful for the privilege to testify before you today I thank you for the urgency and for the attention you're giving to the trusted Workforce 2.0 policy initiatives and to the National background Investigation
0:28:19
Services or enus program I will act with the same urgency to ensure that dcsa is responsible and accountable in both what we say and what we deliver I appreciate this opportunity as well to testify with Miss SZ at this hearing the government accountability
0:28:36
office has conducted several reviews of the enus program between both 2021 and 2023 including a recent report on cyber security that was published last week and another report assessing technical controls for background investigation
0:28:49
systems that will be published later this year in 20124 the GAO identified areas where dcsa and the Department of Defense needed to improve approve even before I became dcsa director 93 days ago I closely studied these reports and noted
0:29:05
gao's concerns these recommendations do guide my focus and my direction as the Director of dcsa I have directed that we renew our focus on these recommendations and that we close the action items presented within them as soon as we can this
0:29:21
includes the recommendations from Jo cyber security report even before it was completed in early May after only about a month as director I hosted Miss and several of her colleagues to understand gao's methodology and Analysis to
0:29:36
determine any additional concerns they might have Beyond those described in their reports and frankly to understand how my agency interacted with GAO I'm committed to building a culture of accountability at dcsa that was lacking in the
0:29:50
program simply indirectly the delay in Fielding Enis is unacceptable to everyone oversight from GAO and Congress are important parts of this ecosystem of accountability as we move forward we will be guided by what is in the best
0:30:04
interest of National Security and what is in the best interest of the taxpayer dcsa is the largest Security Agency in the federal government its purpose is to provide Integrated Security Services that protect America's trusted Workforce and cleared
0:30:19
workspaces we perform five primary missions for the Department of Defense and the broader federal government Personnel security Industrial security Counter Intelligence and Insider threat and security training I'm here today
0:30:33
before you to focus on our Personnel security mission dcsa is the federal government's largest investigative services provider providing vetting services for 95% of the federal government last year dcsa Personnel security Mission conducted 2.7 million
0:30:49
investigations or 10,700 investigations per day we delivered 668,000 adjudicative decisions based on those investigations and we performed the continuous vetting of over 3.8 million people in The Trusted Workforce dcsa is also the primary
0:31:08
implementer of The Trusted Workforce 2.0 or tww 2.0 program which is a Personnel vetting reform initiative the White House's performance accountability Council or PAC launched after the OPM breach in 2016 the nus program supports the tww
0:31:24
2.0 reform effort as a federal it system for endtoend person vetting when complete embus will deliver robust data security enhance customer experience and integrate data access across the whole of government and cleared industry some efforts implementing
0:31:41
trusted Workforce 2.0 are going well but we have faced challenges delivering nbus to meet the expected timelines for trusted Workforce 2.0 implementation tww 2.0 sets an ambitious Vision to change the Personnel vetting operating model for the federal
0:31:56
government with the goal to detect and mitigate Workforce risks and expedite the entry of new employees into the federal Workforce as the primary investigative service provider and the agency with a task to deliver enus dcsa is an enthusiastic partner and
0:32:11
collaborator with DOD stakeholders and pack members driving this tww 2.0 Vision we have made notable progress with nbus and without nbus for case initiation we transitioned our customer base of 115 federal agencies and more more than
0:32:28
10,000 industry companies to the new entry point via a piece of nus called the electronic application or eapp to submit an investigation request the EA interface automates key aspects of the process and streamlines the submission
0:32:43
process for the user and I'm proud to give you the update now that the EA System is fully operational again effective today and restored fully as the front end for all users our continuous vetting servic is to replace periodic reviews are driving
0:32:58
down risk as well in The Trusted Workforce our CV services are being used across the Department of Defense and more than 90 non deod entities with more than 3.8 million Personnel enrolled the program is preparing to expand to a
0:33:12
wider Federal population this summer also rapid reciprocity decisions increase Workforce mobility within and into the Department of Defense reciprocity timeliness remains at all day lows for transfers into the dod in 20 reciprocity transfers took 65 days
0:33:31
I'm proud to say we are now down to only one to three days today while we recognize that it modernization is hard and in the past I guess what I mean to say here sorry we recognize that it modernization is hard and in the past the Enis program
0:33:46
also made some decisions that made that process harder for ourselves and for the user Community as a result Enis faced a series of problems in addition to the issues raised by the ja we found from further internal analysis and other DOD
0:34:01
assessments of the enus program other key problems across a variety of aspects including oversight software development sorry I'm missing a page apologies Mr chairman and ranking member we feel an urgency to move quickly because we are behind expected the
0:34:21
behind the expected delivery schedule and because the nation needs embus to support the Personnel vetting Mission however we also need need to move forward at a responsible Pace to ensure that we understand the problems and are
0:34:31
addressing them with the help of our partners in the department and the GAO we developed a recovery plan to fix these problems including nass's cost its delivery schedule and its overall performance an outcome of the recovery
0:34:44
plan is initial 18-month capability road map for enus development this road map was developed with our oversight agencies and other stakeholders IT addresses tww 2.0 technical requirements and secures resource alignment across the
0:34:59
dod we have multiple cross agency teams working daily preparing to meet the milestones in this road map engaging with oversight for approval and with our customers as we move forward with improvements to be clear nus development
0:35:12
will extend beyond the next 18 months but I'm confident with this path forward to reset the program by the end of June dcsa working with our oversight Partners in DOD is Staffing for Signature the following documents an updated
0:35:27
capability need statement and user agreement requirements governance Charter and related process document and a program capability road map for digital transformation that will be vetted with all critical stakeholders these documents will
0:35:42
provide Clarity on program requirements to inform the nus capability road map and an updated life cycle cost estimate for the program dcsa has also onboarded new leadership to implement the road map coming out of this recovery period we
0:35:55
have not just myself but also a new nus program manager and a new program executive officer for my agency the nus program leadership have a plan in place to restructure and upscale the team to add technical agile and acquisition expertise and
0:36:11
skills the nus program leadership also has evaluated and aligned a discipline Contracting strategy to support the Way Forward by the beginning of October we will have an updated independent cost estimate to assist with a reliable
0:36:25
funding profile to both stabilize and sustain the program we will continue to engage with customers and partners to ensure that their feedback is incorporated into the design and the configuration of capability development
0:36:38
and configuration management as we implement this new capability road map and to Aid my strategic guidance into to ensure internal accountability I have also directed my agency's Inspector General to audit the Enis program the dcsa IG will collect all
0:36:55
historical documentation to support support this assessment with a specific focus on the fiscal years between 2021 and 2024 when my agency took direct responsibility I will ensure he has the full cooperation of the dcsa workforce
0:37:10
and full access to all dcsa records to conduct his investigation taken together this will improve our visibility of the program allow us to craft lessons learned and to further enable us to achieve our goals to deliver envas so to conclude dcsa will move
0:37:26
forward with a program that instills confidence a program that delivers capabilities to uphold this Mission without fail we've embraced collaboration with our oversight Partners the GAO DOD Pac members the mission owners and I'd add Congress as
0:37:42
well together we will take embus on a sustainable pathway forward to protect the trusted Workforce to protect the nation and to ensure the Public's trust I am confident in our path forward and I do expect to be held accountable I look
0:37:56
forward to your questions thank you uh Miss we're delighted that year the gentle woman's recognized chairman sessions ranking member in fum and members of the subcommittee I'm pleased to be here today to discuss gao's work on Personnel
0:38:14
vetting and specifically the national background Investigation Services system or inbus for short as you know the US government relies on over 4 million personnel with security clearances to provide critical Public Services Personnel vetting processes
0:38:31
help ensure a trusted Federal and contractor Workforce but the government has struggled with managing Personnel vetting for decades in fact this issue first appeared on gao's high-risk list in 2005 after some improvements it came
0:38:47
off in 2011 but we had to add it back onto the list as the chairman noted in 2018 due in part to challenges with it systems my statement today focuses on the progress and challenges with Inus which underpins the government's efforts to reform Personnel
0:39:05
vetting I will focus my statement on three key areas in's schedule cost and cyber security and I'm happy to go into more detail during Q&A first with respect to schedule DOD is years late in delivering a fully functional modern it system intended to
0:39:24
support All Phases of personnel vetting as you know cyber security incidents in 2015 compromised OPM systems containing data on over 22 million federal employees and contractors DOD was given the responsibility for a new it system
0:39:42
after this breach and began developing inbus in late 2016 DOD had originally planned for inbus to be fully functional in 2019 and then August 2022 and then December 2023 and today while some capabilities have been deployed Inus is still under
0:40:04
development in the meantime DOD has had to maintain Legacy it systems including ensuring their cyber security second with respect to costs undertaking a major it program is expensive last year we reported that DOD had spent over a half billion dollars on
0:40:23
developing inbus and would spend another 700 million through 2027 it had also spent over 800 million to maintain Legacy systems while it developed inbus these numbers have most certainly increased since the time of our review with delays in schedule come
0:40:42
increased costs these issues are not new GAO first sounded the alarm about imbus in 2021 we reported then that DOD did not have a reliable schedule for the invus program and risked missing milestones in 2023 we relooked at nass's schedule and
0:41:01
found that it still did not meet our published best practices for a reliable schedule we recommended to DOD in 2021 that it takes steps to improve its schedule DOD did not in 2023 we raised this as a matter for Congressional
0:41:17
consideration to require DOD to do so we also found that DOD may be unable to accurately project Inus costs we suggested did Congress also require DOD to follow our best practices for developing a reliable cost estimate finally with respect to cyber
0:41:36
security DOD must get this right we cannot have another breach like we did in 2015 until nbus is fully functional DOD must ensure the cyber security of both the new systems it's developing as well as the Legacy systems in a report we
0:41:54
released last week we made 13 recommendations to DOD to enhance cyber security of these systems however not all is without hope the government's Personnel vetting reform effort called trusted Workforce 2.0 has the potential to significantly
0:42:11
improve security clearances by offering offering continuous vetting instead of conducting investigations on employees once every several years inbus is the Lynch pin to this reform effort while DOD was not always listening we are
0:42:25
encouraged with the recent leadership changes particularly at the defense Counter Intelligence and Security Agency which manages invus as DOD gets inbus back on track I can't emphasize enough that it needs to embrace key program
0:42:41
management principles like having a reliable schedule and cost estimate without these the program will continue to suffer setbacks in summary inbus simply cannot fail having fully functional and secure it systems to conduct personel betting
0:42:57
is paramont to keeping our nation safe chairman sessions ranking member of fum and members of the subcommittee this concludes my prepared remarks and I'd be happy to address your questions thank you very much uh both Witnesses have uh given us back their
0:43:14
time now I'd like to go first to the distinguished gentleman from South Carolina Mr Timmons you recognize for five minutes thank you Mr chairman uh good afternoon and thank you to the witnesses for being here today I'm going to jump right into the issue of
0:43:26
continuous vetting um continuous vetting is supposed to be one of the major reforms in federal Personnel vetting uh Mr catler is every member of the military civilian Workforce and contractor with a security clearance
0:43:36
currently subject to continuous vetting and if not when will this be the case uh Congressman yes I believe they are all enrolled currently that's good news um was that okay well didn't expect that answer I appreciate that um could I could I
0:43:58
jump please so it's true that they're all enrolled at this point those with security clearances but it's our understanding that not all of them are undergoing continuous vetting at this time there's varying degrees of when CV
0:44:13
is going to be implemented so enrolled means that they're ready to undergo vetting it doesn't necessarily mean they're undergoing the entire continuous vetting process which is several checks some of them may be getting a few checks
0:44:25
some of them may be getting no checks and some may be getting more so thank you for the clarification how do you prioritize which individuals will be um have additional scrutiny Mr catler is that a an ongoing process I mean if they're enrolled but
0:44:41
they're not currently receiving the additional vetting um yes sir that is both um we're doing it and it is an ongoing process and we take a look at uh how long they have been cleared for we also take a look at the nature of the positions that they're
0:44:54
in when we do that prioritization okay thank you um the track record of the NB system raises concern about uh concerns about what exactly has been going on at dcsa since it was formed uh Mr catler what kind of review are you planning with
0:45:10
respect to Personnel vetting and how can we be sure that no Bad actors have gotten through the cracks in the past years well Congressman I I think I'd answer you in two two main ways uh one is again I'm on day 93 in the job and
0:45:24
I've asked for a zerob based review I had be gun that even before I interviewed for the job and then certainly in the time I've been in take a look at what our business processes are and how we're structured and this is
0:45:34
in part why I also said in my statement for the record that we did identify a number of leadership issues about internal accountability compliance with internal controls for example reliability of data that was reported up
0:45:44
about status of the program but the other thing we do is a tremendous amount of quality control checks on the cases that we do reviews on we're adjudicating essentially for suitability further decisions then taken by the operational
0:45:57
Partners the agencies that use our adjudications to determine who should actually have access to certain material and so we take a look at are we accurate and complete but we then also have to work with other partners to determine
0:46:09
when we've had someone let's say that's gone bad uh simply what was the cause did we miss something was their behavior different what changed over time to have that break in trust and while we're going to be asking questions um that
0:46:23
will address shortcomings I do want to say that I'm probably the only only person up here that has gone through a security clearance uh review in the last year and a half so I will say it was extremely professional it took a little
0:46:34
longer than I would have thought but um they did a very uh thorough job and I felt felt like they did a very good job um I also want to talk briefly about the cost associated with um the the trusted Workforce 2.0 um this program was
0:46:48
initiated in 2018 and was aimed to quote better support agencies uh missions by reducing the time required to bring new hires on board enable mobility of the federal Workforce and uh improving insight into Workforce behaviors however
0:47:02
as made clear by the testimonies today that's not necessarily the case uh it's been six years since the launch of the program and yet we've seen no necessarily positive results the security clearance system is still extremely backlogged and as already
0:47:14
mentioned dangerous individuals continue to slip through the cracks um we have to do more uh DOD is responsible for the costs uh associated with the development and continued maintenance of the NB system um between 2017 and 2022 DOD
0:47:29
spent approximately $654 million on the development of that system um we're $35 trillion in debt and we had a trillion dollars uh in debt every hundred days so I mean that seems like an enormous amount of money for a program that
0:47:46
um it just seems like it's more than we necessarily should need to spend on this um I'd like to hear from both Witnesses um what their estimates are of how long how long it takes from the time an agency sponsors somebody for a clearance
0:48:00
to the time they get a clearance Mr catler thank you Congressman for the both parts of the question I first let me say on the money and the time here I completely agree with you it's unacceptable how we've gotten to where
0:48:14
we are and we need to turn this thing around I'm trying to move deliberately not overly slowly because I think I share the same sense of urgency that you're communicating we're eight and a half years into a three-year program we spent
0:48:28
1345 billion on a $700 million program that was begun in 2016 that's why I also have a sense of urgency but at the same time I recognize that we've got to catch our breath and make sure we get it straight before we move forward that's
0:48:41
why we just did this 90-day review and why we're laying out this this better 18-month road map that all the stakeholders have contributed to and will agree on on performance if I track the fastest 90% of cases if I take a
0:48:55
tier three security clearance or secret it now takes 92 days and a tier five or a top Seeker clearance takes 188 days those are a seven-month Improvement for a tier five investigation and a one-month Improvement for a tier three
0:49:12
investigation over where we have been in the past at the peak of that of that backlog the time is slower than Target due to Surge in demand I me frankly we have more applications now between 10,000 11,000 new applications for
0:49:25
investigations per week and that's added up to quite a number of cases that the team has to process thank you I'm over time it seems like we're moving in the right direction I appreciate all your hard work Mr chairman I yield
0:49:35
back gentleman yields back his time thank you very much gentleman Mr M is recognized for his time thank you Mr chairman Mr catler um I want to talk about that $1.3 billion but before I do that uh you indicated that you're going
0:49:50
to have uh an updated cost estimate by October is that correct yes Mr ranky member that's correct and uh rather than to read about it can you make sure that members of this committee get that as soon as it's released um yes sir I'll do everything I
0:50:07
can to get it back to you and you know you just got in the position so we just can't nail you to the cross for everything that has gone on I think what you'll find as members of this committee prepared to extend to you the benefit of
0:50:21
the doubt but that's a lot of money $1.3 billion into a program that c cost maybe half of that or should have cost half that amount can you talk about how far you are into this review particularly as it relates to redundancies in the
0:50:39
spending over the past three or four years so I'm talking about contractors redundancies in contracts that were underperforming and whether or not those are some of the things that you're looking at again thank you for your question uh
0:50:54
this is a very important part of how we've approach this last 90 days we looked at three strategic baskets of issues first Personnel did we have the right people in the right place with the right qualifications to tackle this work
0:51:07
was their training up to date do they have the right skills we've had a lot of advice on who else to hire who else to bring in for example user experience experts people that can help us a little bit more with data architecture we've
0:51:18
sent our people out for agile training we've had over 140 receive updated training and agile methods for software development and we sent some of the program management staff over to the defense acquisition University as well
0:51:29
for further training on program management related skills the second basket we looked at was procurement and our contract structure did we have the right framework did we have the right priorities this balance sir as you've
0:51:42
highlighted between doing new system development and Legacy system sustainment is critical to the path we need to take forward because of that 1.35 billion we spent more than 800 million of that yes on new software development but the remainder of it did
0:51:57
go to Legacy system sustainment so we need to prioritize the retirement of the Legacy software systems with the thought of how much they cost and ideally eliminate Sunset the programs that cost the most the the earliest opportunity if
0:52:14
the technology will allow us to do so and that is one of the things the program manager and our contract staff are taking a look at and then finally oversight is another key piece that we looked at and not this form of oversight
0:52:25
per se although again I'm I'm happy to be here we also looked at the relationship between myself and the GAO myself my agency and the office of the Secretary of Defense and my office my agency back with the performance accountability Council about
0:52:40
transparency and accuracy and let me um go back to this subject of continuous vetting I said in my opening remarks Not only was I fearful that good people were not being allowed in but that bad actors had slipped in so this continuous
0:52:57
vetting which I understand now is more than just enrollment it's like do you drive yes I have a car have you driven in the last year no I have not I'm just I'm very much concerned about how you go about prioritizing The Continuous
0:53:11
vetting so should I assume that the people with the highest clearance are not only enrolled but are being continuously vetted yes sir but again as Miss s says it may vary based on where they are because again they're all eligible
0:53:27
they're all enrolled but the extent of the monitoring may vary I have statistics here that I could give you for fiscal year 24 ranking member if you'd like about the performance of CV yeah I'd rather you give them to me uh
0:53:39
as part of your your written testimony I don't have much time here but I do want to go back um to the GAO here and to ask you talked about your real recommendations to the agency would be to deal with their scheduling their
0:53:55
costs their cyber security issues could you take this last minute and speak about that please yes I'd be happy to and we are looking forward to seeing the new road map and plans but I will say that we have reviewed multiple inbus road maps
0:54:10
over the years and Ne none of them had reliable schedules in fact when we did a review in 2021 it was unreliable in our 2023 report when we relooked at the new road map and new schedule was actually worse than the 2021 so it's great that
0:54:26
new plans are being formed but it's essential that you follow best practices for integrated Master schedules to get the plan right or else we're just going to keep repeating this over and over um I'd also like to mention on the cost
0:54:39
estimate very very encouraged to hear that uh dcsa is going to pursue an independent cost estimate that was one of the um recommendations we had according to our best practices too I mean the the point about already spending over a billion a billion and a
0:54:53
half dollars on the program with several more years just keep in mind those estimates were unreliable too so it could have been more um so we don't know so right so when we're at a point now Mr catler is here he's new he's putting
0:55:07
great things in place we really appreciate that he invited us down he he's read all of our reports he takes them seriously um but our best advice would be to just please you know it's it's great to move forward quickly but
0:55:19
make sure we've got these key program management principles in place and the same with cyber too U kind of the the main me message of our cyber report last week with the 13 recommendations is there was limited oversight of cyber
0:55:32
security within dcsa so strengthening oversight of cyber security is essential as well thank you very much Mr chairman my time has expired I would hope that perhaps in six months or so we could reconvene uh all over again and do a
0:55:46
review of where we are where we started which is today and where we will be six months later just to have some contrast or some comparison jman y time thank you very much as a matter of fact we have talked about that and would aim for October
0:56:02
good thank you very much distinguish gentlemen from Arizona Mr Bigs recognized thank you Mr chair thank you Mr chairman thank our Witnesses for being here miss z um I want I want to make sure I'm clear on this from 2017
0:56:15
2022 it was 654 million from 22 through 27 it's anticipated to be 700 million for imbus and then just in a legacy system that $800 million that's to date during the same period it's actually only from fy20 to 22 that was the only information
0:56:35
available at our last review so it's much more actually than that for the Legacy for the Legacy systems yes so I'd ask Mr catler if you can get that information for us so we would know you have it oh well then Mr catler thank you
0:56:51
Congressman pigs um DOD has spent approximately $825 million on nist system development since 2016 that money was spent to build the endn vetting system to replace the Legacy systems and that total of 825 million was executed under budgetary
0:57:06
authorities by both dcsa and daa before okay and that's separate than the 1.35 the total is 1.35 because the remaining 40% which is about 575 million okay was spent on sustaining Legacy systems to deliver the personel vetting systems to
0:57:21
DOD and federal agencies between fiscal 21 and fiscal 23 with a bulk of the 575 spent on supporting Legacy bi systems which we call beast and does that track with what what you know Miss is our numbers a a little bit higher than that
0:57:36
um in addition to that 500 million-ish that Mr catler mentioned there are also cost to OPM um because the Legacy systems still reside on their Network and so they still have to maintain that infrastructure even though dcsa is uh in
0:57:51
charge of those Legacy systems so we have that at a little bit over 250 million more than uh dcsa stated I see and then and Miss says you you use the term unreliable schedule and you mentioned it receiving unreliable schedules tell us what a reliable
0:58:08
schedule would look like please right so we have four key practices that we're looking for that we assess integrated Master schedules on uh comprehensiveness so we looked at the schedule and we couldn't see that all activities were in
0:58:22
the schedule so it's kind of like building a house but not remembering that you've got to get the permits right you've got to get electricity you've got to get Plumbing all the tasks need to be in to in in the schedule controlled is
0:58:35
the second key practice uh the schedule when we reviewed it uh was missing uh status stes for tasks um and we could not compare actual progress with a baseline uh credibility is the third Key Practice um this is being able to trace
0:58:51
events to each other and have a risk analysis there was no risk analysis in the on the schedule and then well constructed logic logical sequencing we could not consistently find sequencing between different activities so in fact
0:59:07
none of those key practices were met they were all judged as minimally met in 2023 they need to be all substantially met to have a reliable schedule so be with the logical sequen you're talking about putting the roof on before you put
0:59:21
the walls up yes good analogy Okay so and Mr catler um I know you've only been on 93 days this is this is actually the I I want to give you a chance to respond I'm not I'm not blaming you but in your in your written testimony you said the
0:59:40
analysis the of the Imus program identified several key problems including an oversight software development methodologies acquisition strategy team competencies and Leadership and Miss s has identified some additional problems and and it
0:59:55
leaves one uh this this this question actually is I I read it we I kind of jotted this down actually three questions why what caused the what caused the problems what how do you cure them and is there anything that you found going
1:00:11
right because I mean these are pretty comprehensive and Broad so what's going right well thank you Congressman let me let me start there maybe what's going right I think that first what's going right now in terms of strategic
1:00:26
performance is that we are in fact delivering those 2.8 million investigations a year in the 10,700 of them a day and we are satisfying that CV function obviously in order to get that done we have delivered EA as a key element of enus as I said just fully
1:00:40
restored again today uh and the reciprocity work again under trusted Workforce is also I think a big deal in terms of overall performance delivery in terms of who's to blame and who's at fault um what I would say is I think the
1:00:54
investigation so far has indicated that there's plenty of blame to go around we had many issues in various places within the program before we run out of time because you get to answer past my five minutes I don't get to ask questions
1:01:05
past my five minutes so my my question my question is because you talked about culture of accountability uh uh Sy ecosystem of accountability and you just said there's plenty of blame to go around how do you mesh the blame to go
1:01:19
around with the ecosystem of accountability I mean because you talked about hiring new people and getting the right people and everything you didn't you didn't talk about maybe letting go of some people who shouldn't be there yes Congressman we've had some
1:01:32
people move on we have even in the time that I've been on board have had to make some of those changes internally to the team I think it's fair to say too that the dynamic of communication internally and external is fundamentally different
1:01:43
now since the end of March I have worked with my colleagues that are involved in my oversight now for more than two decades know them very well professionally and personally we are locked arm in arm on this and I feel
1:01:55
like I should also say to you that while it's not my fault it is my responsibility to be sure that dcsa delivers on this set of requirements it's critical that we do so yeah well thank you thank thanks Mr kin my time is expired thank you Mr chairman for
1:02:09
indulging gentlemen yield back your time thank you very much distinguish gentlewoman from Washington DC Mr norren recognized my first question is from Miss Stitz uh efforts to modernize the uh information technology system at the
1:02:37
root uh of the US Federal Personnel vetting process is years behind schedule and well over budget in August 2023 the government accountability office released a report that found Do's development of that system known as uh
1:02:59
sbis uh lacked accurate cost projections and failed to meet seven out of seven schedule and cost estimate best practices uh M Stitz why is an accurate cost estimate important to a project like uh sbis development right well thank you maam
1:03:25
it's a key program management principle without being able to accurately project costs you're at risk of cost overruns and you can't manage costs we have four key practices for a cost estimate it needs to be reliable it needs to be
1:03:40
comprehens I'm sorry accurate comprehensive credible and well documented um we found that uh dcsa cost estimate minimally met three of these practices and did not meet the credible practice at all it was not credible um we are encouraged to hear that they
1:03:57
are going to do an independent cost estimate that's that's key to doing that but to be able to drive the program where years behind now are spending more than what was anticipated but we can't really even rely on those numbers uh so
1:04:10
having an accurate cost estimate is key uh M Mr uh Kettler uh gao's report also found that do spent around 654 Mill million dollar since 201 uh6 to develop uh NBI nbis uh dold also spent $835 million to maintain the OPM Legacy Information
1:04:43
Technology systems from fiscal years 2020 through 2022 in its August uh 2023 report J recommended that Congress consider requiring DOD to develop a reliable cost estimate and program schedule for nbis development Mr catler uh has your agency
1:05:08
taken steps to develop the issues with cost estimate and program schedule related to nbis development or does Congress need to enact legislation to get DOD to follow best practices well thank you Congressman um I believe
1:05:27
that we're well on the track to have the reliability in our internally generated cost estimate it will go through many reviews within DOD and the inter Agency for example led by the performance accountability Council among others and
1:05:42
uh as I've stated in my in my uh statement for the record we will also contract out an independent cost estimate after we have an approved plan to be sure that that outside scrutiny tracks with what we judge uh it will cost moving
1:05:58
forward well M Mr catler uh how does DOD plan to pay for any and all next steps needed to complete development of nbis do you plan to request additional funding from Congress uh Congressman I'm not yet in a position to tell you how much all of
1:06:21
that will cost and how we would program for it until I have the final plan and approval but I can tell you that we have already programmed for ongoing nus related work for development and sustainment both of the nus program and of Legacy software
1:06:34
through fiscal 30 in our current plans uh Mr citer uh can I get a promise from you uh here today that you and your staff will meet regularly perhaps monthly with oversight staff to ensure the the defense security cooperation
1:06:55
agency is taking action to address all outstanding ja recommendations and getting the nbis system and trusted Workforce 2.0 back on track Congressman I commit to you that I will be open and transparent I will push information to you and I will be fully
1:07:17
responsive to any requests Congress has on any time basis uh Mi Miss Stitz can Congress count on you and your team uh to assist us in this essential uh oversight absolutely goo's role is to uh provide congress with information to Aid
1:07:42
your oversight we've been doing that for many many years in Personnel vetting uh we very much appreciate this hearing today um that does kind of provide visibility on the work and and move the ball forward we're absolutely committed
1:07:56
to continuing our oversight in this area thank you and I yield back G woman yields backer time thank you very much distinguished gentleman from Louisiana Mr Higgins you're recognized thank you Mr chairman Mr CER Miss sis thank you for being
1:08:14
here Mr catler am I pronouncing your name correctly sir it occurred to me we didn't get it right over yes Congressman catler okay Mr catler my father always said is ultimately there always one guy it's one guy and today you're the one guy but we
1:08:32
recognize the fact you been on a j job since March so we're certainly prepared to give a fell a chance to make necessary Corrections and changes within his authority to correct some uh malfunction within the federal government let me say
1:08:52
this a federal government that's spending $3 trillion a year that it does not have so I'm I'm one of those conservative voices that's that is you know calling me crazy but sounding an alarm the amount of money that we're spending in
1:09:09
our country that we do not have we're borrowing this money 100% of it so you have a small slice of that it's what we're addressing today but I appreciate your your attitude because you seem to be focused on actually fixing what has gone
1:09:29
wrong within within your particular agencies let me just put a for the benefit of Americans watching that you know Americans have to deal with a lot of acronyms in Washington DC you work for the Department of Defense the dod's defense counter
1:09:49
intelligent Security Agency that's the dcsa and primarily what we're discussing today is a failure to roll out a program called the national background Investigative Services uh a new a new state-of-the-art it system that handles will help you
1:10:12
your agency to handle the workload of dealing with 95% of the background checks and vetting that that American government requires across the federal government was that a a accurate a summary of the task you have in front of you
1:10:29
sir yes sir um okay and and the nbis program is years overdue and and many millions of dollars at minimal over budget so what what we're asking of you today is will you deliver the product we if we if we set aside the cost overruns and the the the budget
1:11:03
issues and the fact again that this is a a government that's addicted to spending money that we do not have as a nation we set that aside could we at least get some product delivered and you appear to be saying yes sir yes
1:11:20
ma'am I'm going to get it done is is that am I hearing you correctly yes sir I and my team will get it done excellent so the good lady seated next to you represents the the government accountability office and they have made
1:11:38
recommendations that historically have not been followed now the GAO you know we we give them the responsibility to advise Congress on what look into this matter say what can be done and and give official recommendations and
1:11:58
historically that's not always followed included in your agency but now that you're in charge is does dcsa intend to follow GAO recommendations yes sir we have already reverted to following goo recommendations and I and the leadership
1:12:14
team will continue to ensure that we do excellent I do not claim to be an expert in your field but I I get the feeling that you claim to be an expert in your field and congratulations you have a hell of a job in front of you to fix this thing
1:12:33
and then this committee is going to count on you to to measure up when I had when I was in the Army in 1989 went through an original a small security clearance I was an MP the Army we required a little bit of security clearance I was surprised to
1:12:53
hear that the Army had sent people to talk to I went to high school with like there was no computers there was no it system there was no $1.2 billion do to do it they sent human beings to talk to the people I went to high school with I
1:13:07
I recall being glad they did not speak to the people I went to college with so a America is is less focused on some failure to comply with your budget then then we are with with the failure to deliver the product that America requires and I
1:13:29
believe I'm hearing you accurately good sir saying that you're going to you're going to follow the recommendations of the federal government organization that's responsible to give you recommendations and and you you're going
1:13:43
to drive forward with that mission so I look forward to the report later this year I thank you each for being here Mr chairman my time has expired chman Ys back his time thank thank you very much distinguished gentleman from Virginia Mr
1:14:00
Conley excuse me the gentleman Mr Frost thank you very much thank you so much Mr chairman some estimates indicate roughly four million Americans currently have a security clearance uh the defense counter intelligent and security
1:14:14
security agency dcsa which administers the government-wide vetting process um identified more than 115 federal agencies and roughly 13 th industry organizations uh that touch uh the Nimbus uh dcsa is in charge of developing Nimbus the it infrastructure
1:14:33
at the core of the Personnel uh vetting system reforms dcsa is also in charge of maintaining the Legacy it systems while uh it gets Nimbus fully functioning and unfortunately dcsa has to spend millions of dollars maintaining the old system as
1:14:51
Nimbus fails further behind schedule uh deputy director for uh management at om an agency trying to help us get this back on track came before this committee and told us that continuous vetting should be covered for the entire
1:15:05
clearance population in quote the coming months end quote well uh the coming months have come come and gone um and so Mr catler can you provide a timetable uh for when dcsa will be able to retire the Legacy it systems Congress at at this point I
1:15:26
cannot until my plan is approved and we have confidence in the estimate for both the program management schedule as well as the cost okay cannot I mean this isn't the first time Congress has sought transparency on uh implementation as it
1:15:39
relates to Nimbus and the thing that goes hand in hand with transparency is accountability um so it'd be great to get a timetable as soon as y'all are able to provide one to the committee the OM deputy director also uh pointed to a
1:15:51
shortage of technical Talent um Mr catler have you at least acquired uh sufficient technical Talent um so we can operate the Nimbus for the full clearance population Congressman I'm confident that we have the internal talent in our
1:16:06
Workforce to perform the Personnel security Mission and we continue to retain them and hire new we are also bringing on additional Personnel relevant to the development of the nus program as we further understand where our key expertise gaps are
1:16:20
okay um Mrs has Mr catler articulated to you any Lessons Learned From the Past challenges um with Nimbus well Mr catler has been in his role about three months now and I would say maybe even six month six weeks into that role he did invite us down to
1:16:38
Quantico and we went through all of our Gio reports we presented the key findings and recommendations he had read them all he could even quote pieces of them back to us um he was I think committed and demonstrated a commitment
1:16:51
to understanding our concerns um he asked us Point Blank how his agency had interacted with Gio in the past and that he was committed to having a collaborative relationship and implementing our recommendations so I think we are very encouraged um by his
1:17:07
early leadership here um he's got a a a lot ahead of him definitely and hopefully he can use our past work to um guide him and so we don't have a repeat of what has happened over the past eight years that's really good to hear Nimbus
1:17:20
delays are serious business um over the last decade the number of clearance positions has grown more than 10-fold while the number of candidates remain stagnant in uh 2023 the NSA announced its largest hiring surge in 30 years the
1:17:34
FBI requested $63 million from Congress to hire 192 new Cyber professionals to protect American it infrastructure against foreign threats and all these positions obviously require security clearance the federal performance
1:17:49
accountability council's uh fourth quarter report for FY 23 mentions system and it outages as reasons for continued clearance delays Mr CER have you identified what the causes of these it outages were Congressman yes in the time that
1:18:05
I've been the director we've had outages due to issues with Communications connectivity but we have also had issues related to failure to follow proper procedures and internal controls so to address these two at least we have
1:18:17
looked at alternative Communications providers we're working with daa on that in order to move to different uh DOD provided systems for example MH and different commercial telecommunications providers and we are also taking in some
1:18:29
cases punitive action against some of our employees and contractors to be sure that they understand and they feel a penalty for a failure to comply with those established internal controls especially as you've said they may in
1:18:41
fact lead to a system outage that could cause loss of data as a potential worst outcome but I hesitate to say a minimum but at a minimum certainly short of loss of data a significant delay in somebody being able to even file an application
1:18:54
for security clearance are you looking at are you reviewing and changing any of the standard operating procedures around this Congressman yes we are constantly looking at what our standing operating procedures are and the internal controls
1:19:05
and this as well will be part of the IG review that I've asked my Ig to perform perfect thank you both for all the work that you do I yield back gentlemen yields back to time thank you very much dis gent Tennessee Mr bur is recognized
1:19:18
thank you Mr chairman uh Miss SI I got that name right that's a cool name ma'am I dig that I that's really cool um as the 435th most powerful member of Congress um I get to ask my questions last usually as I like to State there's
1:19:34
usually a custodian in front of me sweeping up about the time I get up on the mic so um uh I apologize if i' these questions been asked I have trouble hearing my wife says it's selective but my doctor says otherwise so if I've
1:19:48
asked these questions before just act like this is the best question you ever had and Mr catler if you'd look at her and go wow that's a really a great question I'd really appreciate that do good for the folks back home um the
1:20:00
status of the national background Investigation Services System um where where would you say that is at Congressman it is unacceptably late okay and we have underdeveloped the required capabilities to beat our policy deliverables okay um it was supposed to
1:20:20
be fully operational by 2019 is that correct I know you merited this mess so yes Congressman that's correct thank you brother um and the projection of of when it will be fully operational Congressman we are programmed out through 2030 we aim in
1:20:39
the current plan to have the Legacy system sunsetted no later than fiscal 28 um do you feel like we're do you feel like the U the GAO they issued this report as you know I'm sure regarding the defense Counter Intelligence security agency's issue with cyber
1:20:57
security do you feel like that they've dropped the ball on this thing or do you feel like that they've got a good grip on it now Congressman I don't think G has dropped any balls I think their cyber security report is of similar high
1:21:12
quality to the previous reviews of invis okay Miss say um it says I'm not sure if I'm supposed to be asking you this or not I thought I was asking you that and he was answering so I'm not sure um how can we have confidence in this
1:21:28
agency that uh and is there an investigation into what vulnerabilities have existed since it was took over in 2018 I think with new leadership we are encouraged that dcsa can get invis back on track um but they've got to go back
1:21:48
to key management principles the basics right developing a reliable schedule and cost estimate for the program enhancing oversight and particularly with cyber security based on a report that we released last week these are key
1:22:01
fundamental program management principles and in the past the program has been so focused on moving out to deliver capabilities that they had told us that it was an administrative burden and a waste of time frankly to develop a
1:22:16
schedule or a cost estimate they didn't need to do that they didn't need to follow best practices well now they're years and years late behind schedule and over cost too we think that the tone is different this time from the top we're
1:22:28
encouraged um but as they kind of rebaseline again um we we would really encourage them to take a look at our recommendations and make sure that they're implemented so they're on a path to success so do you think we ought to
1:22:39
fix these vulnerabilities or you think we ought to pull the plug um on the program before it becomes worse the cyber security report we released last week the fundamental cause of the issues was lack of oversight of cyber security lack of documentation of
1:22:58
key practices and processes if you can strengthen oversight I think um that will go a long way we do have an ongoing review right now that Mr catler referenced we're actually going in and testing the controls of the systems to
1:23:10
look at vulnerabilities so we don't have that information yet we'll have that later this year it'll be a non-public report of course um but enhancing oversight of cyber security is key Mr catler um do you feel what do you
1:23:25
expect you'reall going to spend on the um National background information system as it moves forward Congressman I need to get an approved plan from the dod and my oversight officials and then I can do the internal tally of how much it will
1:23:47
cost and then I'll confirm that through the independent cost estimate i' have to get back to you on what the specific number I'd appreciate that is that normal operating procedure is that the way it usually works I I I'm not that's
1:23:58
not one of these trick questions that a lot of my colleagues ask I'm just asking you that no Congressman it is not and it's also part of the reason why I say it's unacceptable that I find the embus program and my agency in the situation
1:24:10
that it's in if we had followed the proper protocols and Leadership had demanded the oversight and internal accountability that M ziz and her colleagues at GAO highlighted in their reports I think you could make a fair
1:24:21
argument that we would not be where we are okay thank you Mr chairman thank you all very much gentleman Ys back's time thank you very much gentoman Miss Lee thank you Mr chair um since 2017 the department has managed to spend over a
1:24:35
half a billion dollars on developing a new Personnel vetting system Inus with little to show for it we have no idea when the project will be done as well as no idea how much more money DOD anticipates spending to quote goo's
1:24:50
report dod's estimate is minimally accurate minimally comprehensive not credible and minimally well documented Mrs when did DOD first estimate that nbis system would be fully operational 2019 uh so that same year but that
1:25:08
didn't happen um this says briefly what went wrong and what did DOD do next well as we've reported uh the invis program did not have a reliable schedule so they could not accurately project um when they would hit key Milestones they
1:25:26
actually moved their target many times um 2019 was the first Target date for fully full functionality it then moved to 2022 it moved to 2023 it moved to 2024 and now it will likely be years later but the key underlying cause of
1:25:45
those shifts was not realizing all the tasks that needed to be done to deliver that full functionality so just a basic program management principle of having a reliable schedule um to plan from so it wasn't until after DOD already missed
1:26:00
their own deadline that they publicly reassessed and change the timeline to then 2023 Miss uh uh Mr catler it's now June 2024 can Imus currently perform all the necessary functions DOD needs from it congressman embus and the Legacy
1:26:16
systems together perform all the functions that are required but embus alone does not so no so DOD is years over schedule over budget in the country still doesn't have enough cleared staff to perform the work it needs DOD has the
1:26:30
largest budget in our government yet seems to continue to make the biggest mistakes loss in multi-million dollar planes failed Audits and this mess up a security clearance system in addition to highlighting Dodd's uncanny ability to
1:26:42
Fumble millions of dollars I also want to take some time to pay attention to the extent uh to which racial biases may affect security clearance process and may contribute to the underrepresentation of bipo staffers uh in the National Security Workforce in
1:26:57
2022 and 2023 the RAM Corporation conducted research assessing whether racial disparities exist in the clearance process I ask unanimous consent to enter these two reports into the record I going take that as a yes that
1:27:15
objection thank you so much um Mr catler in it study Rand observed that several societal factors such as as Financial challenges and student debt disproportionately affect minorities and may lead to increased perceptions of
1:27:27
risk without considering historic context how is DoD working to ensure that these risks are fairly considered in the security process and specifically what measures are in place to prevent these systemic issues from unjustly impacting clearance
1:27:41
decisions Congressman we work with the Director of National Intelligence as she performs her functions as a Security executive agent on the adjudication guidelines we also take a hard look when we do our quality control to be sure
1:27:53
that we've rung out any bias as we identify it we do make changes in those procedures and we also hold our people accountable if they make errors or even uh act inappropriately to deny someone a security clearance based on one of the
1:28:06
factors you've highlighted thank you Mr catler human judgment is a significant component of the security clearance process what specific training programs does DOD have in place to help investigators recognize and mitigate their own implicit
1:28:18
biases Congressman I have to get back to you with a specific list but I can tell you generally that we do provide bias training for all of our adjudicators with the recognition that it is a subjective process um Mr catler again as
1:28:31
DOD increasingly relies on Automation and machine learning for continuous vetting how are are you ensuring that these Technologies uh don't perpetuate or exacerbate existing racial biases for instance what safeguards are in place to
1:28:43
Monitor and correct algorithmic biases in the clearance process congresswoman pieces of this are addressed again through the the adjudication guideline review process and also the training that we're providing to all of our employees
1:28:56
including those that are working on those algorithms and the verification of their success uh finally Mr catler transparency and accountability or vital can you commit to conducting independent assessments of security clearance
1:29:06
applications to identify any racial biases that may have influenced outcomes uh will you make these findings public to ensure accountability and Foster trust in the process yes congresswoman I do thank you so much uh I thank you both for your uh
1:29:20
for your time and I yield back Jo yields back or time thank you very much uh we'll go to Miss T gent recognized thank you Mr chair uh thank you um so much um director uh H for joining us today and I I think it's great that we're here um that you're
1:29:41
even here even early in your in your position as a new person so I know my colleagues have I think done a really uh good job going through the issues regarding uh nbis already so I'm not going to repeat um um what's already
1:29:54
been said but I want to do want to bring up an opportunity and put a marker down for my colleagues here in committee and what I do hear regarding security clearances with my residents um what we're seeing right now and and folks
1:30:11
might see it separate but this is happening to Americans in my district uh the No Fly list and I know they kept saying no one on both of you can't respond to this but I think it's really important Mr chair that here in
1:30:24
Wasington we again again try to address critical issues that are impacting our residents um but the list that right now is being used discriminates against American Muslims in Mass with little to no legal resour recourse for countless
1:30:42
wrongly um included Americans it's been a little over a year since care released an analysis of the FBI's so quote terrorism screening databas that database that found 98% of the names included were Muslim names for the record if I can submit the report Mr
1:31:01
chair and one of the things I want to also put into the record and and read is also a transcri uh trans uh transcribed deposition of the FBI of April 16 2024 Mr chair without objection okay great thank you so let me let me just go over this
1:31:20
and this is for important Mr chair because I think this this would Intrigue you um in on page 199 when the plaintiff's attorneys question the FBI about the effectiveness of the watch list the question was federal law enforcement officers also encounter
1:31:36
people on the watch list correct yes the FBI answers and then chairman sessions they go on to say does the FBI know of any federal law enforcement encounter with a person on the watch list that has led to a terroris terrorism related
1:31:50
arrest and then they go on to say so I don't know of any instances where a local law enforcement was notified of the presence of an individual on the watch list and then made an arrest based on that why this is important at a time
1:32:04
again this this this deposition was done 21 year this is over a 21 year span of the program had an arrest a single person on the terrorism related charges because of the so-called watch list of Americans meanwhile I have residents
1:32:20
even my one of my local Mayors being harassed and wrongfully profiled at an airport detained for hours their phones are removed chairman phones Canadian PM called me uh asking my team for help for innocent families that are also no again
1:32:33
no longer able to fly because of this watch list these are American citizens they have rights and deserve some dignity as the rest of us and this is important because people think oh it's just Muslims it may be Muslims today Mr
1:32:48
chair but I don't see any reason that this should again be partisan because after all the FBI can get away with doing this to any group of American citizens today may be Muslims what again it could be another group that they
1:32:59
target so it is great again that we're talking about this specific security clearance issue but Mr chair if I may please we should talk about and hear more about this watch list of Americans and bring the FBI before this committee
1:33:13
to discuss it thank you so much and I yield G woman yields backer time thank you very much uh I don't need to respond to the gentle woman now but I would encourage her to please come sit down with Mr mum and myself uh and would remind her that we
1:33:31
have thousands of people who were here in this country who are watched who were and two of them were in Boston they were the Boston bombers we knew that they were in this country and we knew all I'm suggesting to you is would' welcome that
1:33:47
discussion Mr infu and I and myself uh I'm sure would be pleased to listen to you and thank you very much much uh we are now uh evidently on a vote uh I have not had a chance to have my five minutes doubtful that I will use
1:34:05
that I had an opportunity over the last days to speak with both of you for almost an hour perhaps uh maybe more than that I want to go back to miss sis who made a statement which I consider to be extraordinarily important to this entire
1:34:24
matter and that was regardless of the time frame regardless of the money it's got to be done correctly I'm paraphrasing Mr catler can you please respond directly back to that because as we were earlier greeting each other I
1:34:39
said to you I was concerned about the architecture you said that architecture something Congressman sessions that we have that person here well I assume that the experts I I used to do this at the organization up in New Jersey where we
1:34:58
would do architecture things that determine the best outcome can you tell us are you going to do as you've heard Miss sis say get this done and have it done correctly obviously you've already your testimony is within time within the
1:35:16
money are you going to get it done properly Congressman we will get it done properly I don't feel undue pressure to move quickly because as I've said it's important that we get it right and if that takes a little bit of time to do
1:35:32
then I think that's appropriate and acceptable but at the same time I'm also mindful as members of this committee have highlighted just in this hearing that we are eight and a half years in a three-year program we are 1. 345 billion
1:35:46
spent on about a $700 million program in every penny counts the taxpayers are not just entitled to and expecting that we deliver the software with the capability that is required but they know that we need it because they are entrusting I
1:36:01
have entrusted some of my most important personal data over the course of my more than 30-year career to the government my own agency vetted me and validated me for my clearance while I served at NATO so what we're trying to balance are
1:36:15
those two things getting it done right and taking the time to do so but also recognizing that we are well behind and it is unacceptable so we are trying to move with an appropriate sense of urgency but we're doing so responsibly
1:36:28
but I have confidence in my team in our partners and in our oversight that we are working well together and that we will fix this and deliver the capability that the American taxpayers need deserve and are paying for thank you Mr infu
1:36:43
what I would agree on the statement I'm sure he'll have a chance to affirm that but get it done right getting it done right we've not pushed you you to a time frame to a money allocation but you have done that as a responsible manager and you will be held
1:37:02
accountable to that and I appreciate you very much Mr info would you like to say anything before we go the Dodge well Mr chairman I just want to thank both uh Witnesses again for their testimony both their oral testimony as well as what's
1:37:16
written uh I look forward to receiving any additional documents or information and I look forward to uh reconvening in October so that we may have some sense of where we are today uh just toose against where we find ourselves then and
1:37:31
I would invite on behalf of the chairman myself obviously both of you to sort of be ready to come back to see us again thank you both thank you very much in closing I want to thank our Witnesses I want to close the distinguished gentlemen from
1:37:47
uh Maryland and uh I want to also say that uh without OB action all members will have five legislative days within to submit materials and additional written questions for the witnesses which will be forwarded uh to the
1:38:03
witnesses if we have those questions if there's no further Business Without objection subcommittee stands adjourned I want to thank the witnesses very much good job Pete good job okay they they call the it's on okay have they talk with you about the thing
1:38:24
we talked about some time ago and that is Hawaii are you aware of that they mention it we that's on our list of things go over for