Rep. Will Hurd, who recently announced he is leaving Congress after his current term is up, has something to get off his chest.
The Texas Republican has previously said he thinks the federal government should be able to issue security clearances in one week — but now he says it can be done in three days.
“I never thought I would have to work on such a basic issue as this: [Getting a security clearance] shouldn’t take 9 months,” Hurd said Thursday at the Dell Technologies Forum. “I think we can do it in three days.”
Currently, the federal government is working on overhauling the security clearance process as part of an overhaul known as Trusted Workforce 2.0 — and already in the last several months the government has made some progress on the backlog of applications. Hurd — a former CIA officer — has had a front-row seat for the process as a member of the House Intelligence Committee and previously as the top Republican on the House Oversight subcommittee that handles federal IT.
The numbers aren’t even close to Hurd’s goal, though. It currently takes 422 days — more than a year — to get a Top Secret security clearance and approximately 234 days for a Secret clearance, the director of the National Background Investigations Bureau, Charlie Phalen, said this July. That means the NBIB is not meeting congressionally mandated timelines to initiate and complete cases within 74 to 195 days, the NBIB admitted this year.
The government overhaul is also working to make it easier to transfer security clearances between agencies.
“A top-secret clearance that is good enough for one agency should be good enough for any other agency,” Charlie Allen, a former Under Secretary for Intelligence and Analysis at the Department of Homeland Security said in a statement this summer. “But because agencies don’t trust each other’s investigative and adjudicative work, they want to reassess people who are already cleared before allowing them to come to work. This wastes time and money.”
Cybersecurity in government
Hurd said he thinks that the U.S. federal government still lacks the kind of coordination necessary to ensure America’s cybersecurity writ large.
“There’s a lack of a whole of government approach to the number of cybersecurity attacks that we’re facing — and it’s only going to increase,” Hurd said. “We can’t wait to address these issues to be frank.”
President Donald Trump’s national security adviser, John Bolton, who eliminated the White House cybersecurity coordinator role last year, will be departing his role at the White House, Trump announced this week. This raises the prospect that the cybersecurity coordinator role could make a comeback.
Hurd said he thinks having a cybersecurity coordinator role at the White House is important, but that he didn’t necessarily have anyone in mind he would like to see in the role, which helped coordinate offensive and defensive cyber-operations undertaken by the Pentagon.
“I think [that role] requires someone who understands these things in order to have a strategy,” Hurd told CyberScoop. Trump said he would name a replacement for Bolton next week.
U.S. cyber-operations have gotten more complex in the past year, now that U.S. Cyber Command is using newfound authorizations to conduct offensive campaigns against adversaries such as Russia and Iran. U.S. teams interrupted internet access for Russia’s troll farm responsible for interfering in the 2016 presidential elections in the U.S., according to The Washington Post. Since then Cyber Command has targeted Iran’s paramilitary arm, affecting its ability to target U.S. oil tankers, according to The New York Times.
Hurd told CyberScoop he thinks the way Cyber Command is using the new authorities is making adversaries second-guess themselves.
“I think it’s a deterrent,” Hurd said. “One of the things that I criticized the previous administration on was that they didn’t do enough attribution.”
But Hurd indicated he thinks the U.S. government could work more with the private sector to enhance its awareness of possible cyber threats against the country.
“Folks in the private sector have a better idea about when the next Russian attacks are going to come,” Hurd said in his remarks. “We should be taking that information and turning it into intelligence priorities and then have our nation-state teams go out and collect on that mission and get that back into y’all’s hands.”