Greg Marshall speaks to InfraGardNCR GOVCON SIG
Mr. Marshall recently addressed the InfraGard GOVCON SIG at a meeting in Falls Church, VA. This is the second time the forum has convened. During his remarks, Mr. Marshall described what he encountered when he arrived at the DHS Office of the Chief Security Officer, and the steps he and his staff took to improve processes and strengthen programs during his tenure. Specifically, Mr. Marshall discussed the following program areas under his purview:
One well known fact about DHS is that the organization is a “legacy” agency. When formed, each of the already existing agencies brought with them their own cultures, processes and systems – which were all completely different. This caused Mr. Marshall to ask the question “What if?” What if these disparate cultures, processes, and systems remained incompatible? What lasting effect would it have on DHS as a whole?
Building on initiatives that began with the two prior CSO administrations, Mr. Marshall and his talented staff developed an enterprise personnel security system that was implemented within every DHS component. This innovative program application - known as the Integrated Security Management System or “ISMS” - allowed legacy data to be successfully migrated resulting in no loss of existing information. The completion of this project helped reduce the length of time it takes to process employment actions and move an employee from one department to another, while at the same time increasing personnel security efficiency and on-boarding timelines.
Currently, approximately 124,000 DHS employees (out of the 240,000) hold security clearances (14,000 with T/S SCI). The ISMS tool assists personnel security specialists in managing this large population of agency employees.
As CSO, Mr. Marshall was heavily involved in the major government-wide background investigation reform effort, to include revised federal investigative standards signed jointly by the Director of National Intelligence and the Director of the Office of Personnel Management. With the federal investigative standards, the concept of “continuous evaluation” is being developed to supplement the normal re-investigation reviews of employees which, under the revised standards, will be in five-year increments, with a government-led process that examines a person’s conduct within his or her normal re-investigation timeframes. As such, relevant security information like a recent arrest or conviction for a crime outside of the federal system, for example, would become available on a timelier basis to security officials responsible for assessing a person’s eligibility for access to classified information, thereby helping to ensure that classified information and/or federal facilities are appropriately safeguarded. “Continuous evaluation” represents a significant process improvement over current capabilities and will mitigate some of the limitations in the existing background investigation processes.
The DHS Information Sharing and Safeguarding initiative, also known as “Insider Threat,” seeks to complement background investigations and continuous evaluation with “continuous monitoring” of employee behaviors. Continuous monitoring will incorporate data in near real-time from a much broader set of data sources, as compared to information that was previously available in the background investigation process. The initiative also focuses on monitoring certain IT systems and incorporates analysis and collation software to aid in the identification of behavioral trends that could be indicative of an insider threat problem. Strict referral protocols are in place to investigate abnormalities.
During his time as CSO, Mr. Marshall and his staff of specialists implemented an insider threat “tool” whose aim is the detection and mitigation of threats to classified information before any damage can be done. The focus of this program is the protection of classified information, but its applicability to other behavioral issues, including suitability and contractor fitness, is evident. Insider threat detection platforms are constructed to monitor proprietary enterprise data using “triggers” designed to sense certain behaviors around access to classified information.
Homeland Security Presidential Directive 12 (HSPD-12) mandated the development and implementation of a government-wide standard for a secure and reliable Personal Identity Verification (PIV) card for gaining access to federally-controlled facilities. During Mr. Marshall’s tenure at DHS, Headquarters and Component agencies issued over 250,000 PIV cards to federal employees and contractors. For the first time, this process effectively linked the completion of a person’s background investigation with the issuance to that person of a unique federal identity credential. The PIV card represents a marked improvement over the various legacy access/identity cards that were in effect when Mr. Marshall arrived in 2007.
In the fall of 2012, Mr. Marshall led the DHS Physical Access Control (PACS) modernization effort. As previously mentioned, every DHS component’s processes and systems – including those involving PACS – were all completely different. In order to make full use of the PIV card technology, all access card readers must be PIV compliant. This meant switching out obsolete card readers in favor of PIV compliant technology. Once complete, this effort will result in a federated system and will allow for the total use of the PIV card, making DHS a safer place.