As the four-year-old U.S. Defense Counterintelligence and Security Agency (DCSA) continues to build out the National Background Investigation Services (NBIS) IT systems its uses to manage government-wide security clearances, it’s having to rely on legacy systems for which adequate cybersecurity controls to protect from inside and outside breaches haven’t been established. Nor has NCSA put into effect proper privacy controls to prevent insider and other threats that could put this highly sensitive information at risk.
Alissa Czyz, director of defense capabilities and management at the U.S. Government Accountability Office (GAO), told the U.S. House Committee on Oversight and Accountability’s Subcommittee on Government Operations and the Federal Workforce several weeks ago that this makes the biometric and other personally identifiable information (PII) contained in the security clearance files of potentially millions of persons holding or applying for national security clearances, as well as those subject to continuous vetting, vulnerable to exposure and exploitation.
“DCSA has not fully planned for the cybersecurity controls needed to protect NBIS and…
