December 29, 2009:
U.S. government efforts to recruit needed computer security specialists are up against two insurmountable problems. First, there is a shortage of qualified people, and civilian firms can easily outbid the government. The second problem is security clearance. You need one to work on most government computer problems. It takes time (months) to get a clearance, and many people fail the screening (they have a bad credit score, an old felony conviction, or creepy friends, etc.). A recent U.S. government study of how security clearances are granted, found that a quarter of those who got Top Secret clearances, had problems uncovered in their background checks. The most common problems were with criminal prosecutions, or even convictions, and contact with foreign organizations with terrorist or criminal ties. Then there are those with family members connected with criminal activities. Some government officials want these tainted clearances cancelled, but others point out that this is not really practical.
The reason for these dodgy clearances is the war on terror. Since September 11, 2001, there has been a growing need for more translators and, intelligence analysts (with knowledge of, or experience with, Middle Eastern and South Asian cultures), and computer experts. Many of the most expert translators, analysts and computer experts are immigrants. That alone provides plenty of potential heartburn for those approving clearances. Worse yet, many of the best computer security experts started out as hackers. Some got busted, which often triggered the move to the other side of the fence. The security clearance approvers were often under lots of pressure, frequently from people high in the government food chain, to bend the rules in the name of national security. One rule that does not get bent is the requirement that only U.S. citizens can get a clearance. That eliminates a large number of computer experts, many educated in the United States and working here.
There are other problems as well. Three years ago, after a reorganization of American intelligence agencies, and the creation of the post of Director of National Intelligence, it was quickly realized that all this effort had failed to eliminate a lot of friction between the various agencies. One of the more painful problems was with reciprocal recognition of security clearances between agencies. That is, if someone has a Top Secret clearance in the CIA, and moves over to work at the Department of Defense, that Top Secret clearance should be, well, a Top Secret clearance at the Department of Defense. But often, it isn't. For over a decade, the various intelligence agencies have been getting slower and slower in recognizing the validity of the clearance of the person coming in. It can take up to six months for such transfers to be approved. In the meantime, the transferred person cannot go near classified information. This wastes a lot of money, and delays essential projects.
There are several reasons for this need to double check security credentials, but the major one is the number of Soviet spies uncovered after the Soviet Union disintegrated in 1991. Some agencies were found to be more susceptible to Soviet penetration (basically because of sloppiness), and all of a sudden, a security clearance didn't mean the same thing everywhere. That's because that, while all initial clearances are approved using basically the same background investigation techniques, as time goes on, the agency you work for is responsible for ensuring that you remain eligible for whatever clearance you have. The post-Cold War spy scandal (which uncovered people working for other countries as well, like China and Israel), made all agencies more aware of the need to keep an eye on their people, but particularly on new people who have been around for a while, but at some other agency.
All this is typical bureaucratic cover-your-ass behavior. Better to sit on something, than to take a chance, no matter how slight, of being embarrassed. While the media will never jump all over this sort of thing (too geeky and unexciting), people in the intel business (who are getting burned by the bureaucratic delays) have gotten through to some members of Congress, and heat is being applied. That won't necessarily solve the problem, because advancement in the intel business is more a matter of avoiding failure, than in achieving success. Victories remain secret, but failures often become headlines.
There are a lot of security clearances out there. Most are in the Department of Defense, where some 2.5 million people have them. Most are civilian employees or contractor personnel. It costs over $10,000, and over six months to get someone a "Secret" level clearance. It takes more time, and more money, to get a Top Secret clearance, needed for most critical computer security jobs.
While the government can overcome the pay problem by hiring civilians, often part-time contractors, there's no getting around the security clearance problem.