The background screening of federal contractors needs more improvements, including information sharing between agencies, to prevent government security breaches, said Booz Allen Hamilton's Vice Chairman Mike McConnell, whose company previously employed whistleblower Edward Snowden.
During a panel discussion hosted on Wednesday by Bloomberg Government, McConnell called Snowden's leaks to the press about surveillance conducted by the National Security Agency "the most significant breach of the U.S. security community in our history." When Bloomberg Government asked what McConnell would tell the former NSA contractor, he responded it would be "call a lawyer."
Snowden gained access to NSA documents while working as a contractor for Booz Allen Hamilton, after which he left the country and leaked the information to the press in June, for which McConnell fired him in his absence. Snowden is now living in Russia.
Snowden's leaks on U.S. operations have started a debate on reforming intelligence and cybersecurity methods, but "what was compromised will cost loss of life and cost a great disadvantage" to the U.S. and international allies, McConnell said. The leaks are "literally a playbook for those who we would consider our adversaries" about where the U.S. is devoting intelligence resources, he added.
"I am not so much upset about the debate we are going to have about resetting the rules for the current era, but about the sources and methods that were compromised," said McConnell, who served as the national intelligence director under former President George W. Bush. "[The leaks] will continue for the foreseeable future. In my view it is designed so that the pebbles drop in the pond to keep the ripples going."
The government background check process has "waxed and waned over the last few years," and needs upgrades to prevent the hiring of other contractors who might leak classified information, McConnell said.
"[The process] has been largely outsourced. In some cases very young investigators are doing the background investigations," McConnell said.
Information sharing about the applicants for federal contractor positions would also add security protections to the process, McConnell said. Contracting company USIS, which conducts background checks for the federal government, approved Snowden's screening in 2011.
"There has been an effort by government to put the information in a common location," McConnell said. "It's not perfect. It's better than it was but it needs to be improved."
Snowden worked as a computer technician for the Central Intelligence Agency beginning in 2006, and during his employment there his supervisor placed a "derogatory report" in Snowden's file, which included suspicion that he tried to access classified information, the New York Times reports
That information never made it to the NSA in time for Snowden's background check at USIS to become a contractor for that agency through Booz Allen Hamilton. The background screening of Navy Yard shooter Aaron Alexis was also completed by USIS in 2007.
Defense Secretary Chuck Hagel authorized a study of the process by which Department of Defense employees are issued security clearances, and how often they are reviewed. The review will also inspect physical security and access at DOD facilities worldwide.
Rules on access to classified information also need to be re-examined because "we are in a different era" with growing cybersecurity risks, McConnell said. Contractors and military officers have the ability to access government databases from stations around the world, so McConnell cautioned cybersecurity officials not to focus too much on "perimeter security" lest they miss security gaps that could enable threats from inside the government networks.
"The problem is that once you are in [the system], you are in," "McConnell said.