Women make up about 40% of the intelligence community’s workforce, a percentage that ranks behind both federal workforce and civilian labor benchmarks.

That’s according to the latest demographics report from the Office of the Director of National Intelligence. And women are even more underrepresented in the leadership ranks throughout the IC.

But agencies aren’t ignoring the issue. The National Security Agency’s “Future Ready Workforce” initiative has already led to several changes that will likely make the NSA a more attractive employer for all employees, including women. And the NSA is also investing in education and other programs that encourage girls to get involved in STEM.

Inside the IC spoke with three women leaders at the NSA about the past, present and future for women at the agency. They are Morgan Adamski, chief of the NSA’s Cybersecurity Collaboration Center; Kristina Walter, director of the NSA’s Future Ready Workforce Initiative; and Tahira Mammen, acting chief of the AI Security Center, which is housed within the Cybersecurity Collaboration Center.

This interview transcript has been edited for length and clarity: 

Justin Doubleday I’d love just to kick off by asking any of you to reflect on the role that women have played at NSA, historically, maybe some of the challenges and how we got to where we are today?

Kristina Walter I think the NSA is a unique space in that we do have a history of women being involved in the cryptologic mission. So we think of Elizabeth Friedman, and a lot of cryptographers that have contributed to the National Security Agency’s mission from World War Two, when we’re talking about codebreaking.

And so a lot of us can see that in the day to day. We have a lot of strong women leaders here. But I think we face the same challenges that any organization does, especially a predominantly military organization, where we’re still working through the balance of women being visible and at the table. And I think what we found is, we need to be inclusive of that environment. Women have a lot to offer in that space.

And so what systems can we put in place to just be inclusive of everybody’s thoughts and ideas and really bring that diverse perspective in? And so that’s really what we’re trying to achieve, as we move into this new era of rapidly evolving technology changes, rapid competition for talent that we haven’t had to face before. So how can we be really an attractive employer for all people, including women?

Justin Doubleday Morgan, there’s this overlap between the challenges that women face in the intelligence community but then also in the cybersecurity field. I think maybe the numbers are even worse writ large across the cybersecurity field.

Morgan Adamski There’s definitely a really strong focus right now on getting more women involved in cybersecurity, more women involved in STEM roles. And I think that’s really important. Just because when you have diverse opinions, diverse backgrounds, whether you’re male or female, they, however you want to describe yourself, it’s really important that we have those conversations. In cybersecurity, you need innovation and unique solutions to complex problems. And that means you have to approach that in many different ways. And so you have to have a lot of different people at the table to have that discussion.

Kristina talked about some of the things we’re doing at the agency in focusing on people. The cybersecurity community, and NSA historically, has been involved in strong technical backgrounds. That’s what we do here. And so the same challenges you see on getting more women in STEM is how we try to encourage and recruit more women in NSA. It has to go hand in hand.

Justin Doubleday Tahira, AI is one of the newer fields, depending on how you define it. Are you seeing any specific challenges in that field kind of pour over from maybe the legacy STEM challenges that we’ve seen? How are you confronting this as a woman in the AI field, a leader in the AI field?

Tahira Mammen I’ll start by saying that we have many brilliant women at NSA who are experts in AI. I think one of the challenges in the AI or cybersecurity space, in these deeply technical fields, right, is making sure that when we think about women — how to help women advance, how to help women with mentorship — sometimes there’s a lot of focus on “women helping women,” which is very important.

But there’s a critical role for allies who are different than you. So as Morgan was saying, I believe that a diverse group makes the best decisions. And that’s also true in helping people rise up through the ranks. And so while and all the women at this table are definitely committed to helping women, I just want to emphasize how important it is that men also see their role in helping bring the diverse voices to the table.

Justin Doubleday If you look at some of the data from the ODNI demographics report, it shows this consistent trend where women and men start out at the same at the GS-10 level. It’s 50/50, almost. And then, as you go up, that gap widens where we get up to GS-15, and it’s 65% men 35% women. And it’s just this widening gap as you go up. You all have become leaders in this space. Do you want to share maybe how you’ve gotten to where you are? Maybe any specific challenges that you’d be willing to share today?

Morgan Adamski When you talk about the intelligence community, you talk about NSA, you talk about cybersecurity, They’re all fast-paced, unique environments. And part of that requirement is being in an office for a certain amount of hours a day. And for those of us who do have families or children, you’re trying to balance that in your head of how do I continue to succeed at mission and deliver outcomes, while also not having “mom guilt,” because you can’t pick your kids up at a certain point in the day. And that’s difficult for people to balance.

That flexibility, whether you’re male or female, especially for some of the newer generations, is really critical to having happiness at work. And so I think that for me in particular, I don’t necessarily think about work-life balance, as others might. I think about it as prioritization. What is the most important thing that I need to do today for my family, for my work? And then I execute that prioritization, and then that prioritization may change the next day. It’s constantly a trade off, and you have to determine what’s going to be the most valuable on any given circumstance.

Kristina Walter I think what we’ve seen is because women sometimes feel like they can’t achieve that balance, they self select out. So when you look at trends of women kind of growing, they think, “I could never handle that, or I’ve never seen another woman who is working at the senior executive level, because you can’t maintain that balance.”

And I 100% agree with Morgan’s perspective of, balance is hard. I’m good at compartmentalization. So when I’m home, I’m 100% home. When I am at work, I’m 100% at work. Building the support system around you to do that is important. I think showing women that it’s achievable, and then putting policies in place to help it are really helpful. So things like paid parental leave, where we’ve rolled that out at NSA. Phased parental return, so you don’t have to come back immediately, and you can phase that in.

How do we look at the policies that can help women think, “This isn’t too overwhelming, it isn’t too hard”— or anybody who’s balancing challenges — and “I can continue to grow in my career here and not self select out,” is really what we’re looking to reinforce.

Tahira Mammen I think that encouraging women to take up space, to use their voice, to voice the solution to a problem they’ve identified. I think everyone in work or in life, you can say, “Okay, this is really a problem. And it bothers me.” And for my personal path, most of my success has come from being able to identify a problem, really advocate for being allowed to fix it, and then doing that work.

And then when you do it, people say, “Wow, okay, look at what you were able to do. Let’s give you a harder problem.” And that is what rising has looked like throughout my career. And I think a space where, if you’re taking a step back, as Morgan and Christina, were saying, you miss the opportunity to do work that you’re passionate about that also helps your career.

Justin Doubleday Is there specific data you can share about the NSA? Are there any specific trends that you’re seeing in terms of the share of women at the NSA, the share of women in the leadership ranks?

Kristina Walter We set goals every year for our hiring to reach about 40% women where we’ve been able to meet or exceed that over the last several years. And we want to be reflective of society. So recognizing across the board that we are bringing in people that reflect the American people, since that’s who we serve.

And so those are the trends and we see that we’re consistent, but we want to make sure, digging into the data, that that’s across all skill sets. We’re looking at the technical skill sets, the STEM roles. Maybe there’s a smaller pool, and we’re really targeting those. So we’re doing a lot of recruitment and engagement, targeting female schools and underrepresented populations, and making sure that those folks see themselves at NSA.

And I think what we found is when we start in college level, we’re too late. And so engaging at that K-12 level. We run GenCyber camps, we’re really trying to expose younger students to STEM, cybersecurity and federal service. And so we’ve seen great success in that space. I talked to a recent student of Stanford, who said, “I was first exposed to cybersecurity at an NSA GenCyber camp. And that’s what made me pursue this path of participating in other events.” And making sure that we’re out in the community so that girls at the young age can see where they’re going, and then we can make sure that those girls follow through and then commit to the agency with our relevant programs.

There are benefits and negatives to working in a classified environment. One of the benefits is that balance. You come in and you work in a secure environment. And you can work on really hard problems that you can’t do anywhere else here. But then you can also leave that job when you leave and you can’t bring work home in certain spaces, and have that balance. And so we do try to make sure people are aware of the opportunities that are here, so that we can hit our hiring goals related to female and minority hiring and all the different objectives that we set every year.

Morgan Adamski One thing I’d like to highlight is just the focus that the NSA’s Cybersecurity Directorate has taken on really promoting, advocating and recruiting women into the cybersecurity mission. I’m proud of the fact that the Cybersecurity Collaboration Center is over 55% female. That’s great in the cybersecurity arena. It is just kind of the way we formed.

But we also spend a lot of time trying to invest in things like women-in-cybersecurity conferences, recruiting from the right schools. We recently hosted a women’s cybersecurity event here where we brought in students from different colleges. We talked about the entirety of the NSA mission. We talked about recruitment and how they could join. And trying to do those very concentrated efforts on, how do we encourage more women to get into the cybersecurity field.

Tahira Mammen Women are not a monolith. Women come in so many different, diverse experiences. And so at the agency, we have employee resource groups that are employee-led organizations that do some of that work I was talking about before. Identifying issues or challenges within their demographic, and then seeking to improve the culture for everybody.
And so on the inside, especially in my experience, through the employee resource groups, we’re working on building the culture when people come in the door, then they find their place, they find their mentors, they find opportunity to drive change and mission.

Justin Doubleday This is a somewhat nebulous question, but what do you view the future for this issue. With some of the changes you’re making now, 10or 20 years down the line, do you have a sense of where this is going in terms of securing a better place for woman at the NSA and the IC?

Kristina Walter Fundamentally, what we’re trying to do is think about all of our employees and what they need. And there’s talent out there, a lot of which is women. And so we want to take advantage of all the talent. We want women to feel like there’s a place for them here and a space for them at the table.

I think when you look at the leadership teams at the National Security Agency, it’s an exciting time, because you can really see yourself there right now, both in the established leadership, but also the up-and-coming leaders. And so I think the more we can share that with the public and make sure that they see that there’s a space for them here, and then just make it easier for them to come in and stay. One of the best parts about the National Security Agency, talking about my experience, is you can reinvent yourself. You can join different career fields. You can explore lots of options, and so enabling our whole workforce to do that is important and that will inherently benefit the women that are coming into the agency as well.

The post NSA women leaders find opportunities to ‘drive change and mission’ first appeared on Federal News Network.

OMB approved the Personnel Vetting Questionnaire (PVQ) in November, according to the latest quarterly update on the “Trusted Workforce 2.0” initiative from the Performance Accountability Council. The questionnaire consolidates the SF-86, “Questionnaire for National Security,” along with several other vetting questionnaires used for federal jobs, including public trust and non-sensitive positions.

The Defense Counterintelligence and Security Agency is now working on plans to integrate the PVQ into the new “eApp” web portal for background investigation applications. The effort is part of DCSA’s development of a new IT system, the National Background Investigation Services (NBIS).

“The PVQ interface in NBIS eApp is still in development, and we anticipate working with the Trusted Workforce executive agents to share a deployment timeline,” a DCSA spokesman told Federal News Network.

The new questionnaire includes several key updates to questions in the SF-86 and other forms. The Office of Personnel Management, which oversees the PVQ, included updates to questions on marijuana use, mental health and several other key areas.

The PVQ includes a separate section on “marijuana and cannabis derivative use,” distinct from questions about other illegal drug use. In its original public notice on the new PVQ, OPM said distinguishing marijuana use from other drugs is “in recognition of changing societal norms.”

Prior reports have shown confusion around past marijuana use policies may be dissuading people from applying for a cleared position.

The PVQ first asks applicants whether they had used marijuana or derivative substance within the last 90 days before asking more detailed questions about their prior history with marijuana.
The SF-86 currently asks applicants about all prior drug use, including marijuana, within the last seven years.

John Berry, a security clearance attorney at Berry and Berry PLLC law firm, said the new PVQ represents a “good faith effort” to reflect how many states have legalized marijuana, even if it remains illegal at the federal level.

Still, use of marijuana by federal employees remains prohibited, while past use is evaluated on a case-by-case basis. And Congress appears unlikely to amend the Controlled Substances Act in the near term.

“So I think that we’re left with liberalizing it,” Berry said on Inside the IC. “And that’s kind of what [OPM] is trying to do. But it’s still there. And I think it’s just going to be an agency-by agency decision. I think [the Defense Department] will be your most standard one, which will probably give you a little bit more leeway on things.”

Meanwhile, intelligence agencies, which typically require a higher level of clearance and a polygraph exam on top of a background investigation, are likely to be less liberal, Berry said.

“Are they really going to say 90 days and you’re good? I don’t think so,” he said. “You’re going to have polygraph, and they’re going to dive into these details, and you’re going to be telling them the same information anyways.”

Mental health updates

The new PVQ also continues an effort to de-stigmatize mental health treatment for individuals with a security clearance. Since 2016, the SF-86 has had more specific questions about hospitalization and specific diagnoses, rather than about all mental health treatment. OPM said the PVQ aims to further reduce stigma by limiting the scope of the questions even further.

For instance, the PVQ limits many of its questions on “psychological and emotional health” to hospitalizations and treatments within the past five years, rather than “have you ever” questions included in the SF-86.

Berry called the narrowing of the mental health questions “helpful.”

“I’ve been handling security clearance cases since 1999, and it used to be back in those days, depression and anxiety could trigger adjudications,” Berry said. “And so I’m just thankful to see that the forms are finally recognizing that nobody here gets out unscathed. There’s . . . a slightly bit more understanding about these health conditions.”

Foreign connections and gender-inclusive terminology

OPM also made changes to questions regarding foreign connections and activities after the Partnership for Public Service commented on the draft PVQ, arguing that many legacy questions in the SF-86 that deal with foreign influence and connections “have not been substantively updated for decades and seem to reflect assumptions about the nature of international communications, education, and business that are no longer accurate.”

For instance, the final PVQ limits questions about an applicant’s foreign contacts to those “with whom they have feelings of affection, a romantic relationship, are bound by social, moral, financial, or legal obligations or with whom they have shared information about themselves that, if known, could be used to influence them to act against the interest of the U.S. government.”

Berry said the changes help address a more interconnected world where people travel, work and study abroad.

“Especially people that have lived abroad or have gone to school abroad, you have a lot of classmates and such, and it can be difficult task to track everything down and make sure you get it right,” Berry said. “So it’s helpful to limit it more than it has been.”

And unlike the SF-86 and other forms, the PVQ doesn’t require the respondent to indicate “Male” or “Female.” OPM and the Office of the Director of National Intelligence determined the use of gender-inclusive terminology “would not adversely affect personnel vetting processes,” the agency said in its original notice.

The timeline for integrating the new PVQ across agency processes remains unclear — OPM and DCSA did not provide specific answers about when the new PVQ would go live and when the other forms would be sunset.

But Berry said he expects a steady roll out rather than an immediate one.

“Is it going be rolled out all at once? Is it going to be a consistent application of it? Are we going to be using the old forms, in some cases for a year or two? Because then it might get confusing for individuals,” Berry said. “But I doubt it’s going to be like, ‘OK, on April 5, 2024, everyone’s using the new form,’ because it doesn’t work like that.”

The post Goodbye SF-86? OMB approves new ‘Personnel Vetting Questionnaire’ first appeared on Federal News Network.

DIA is in the second year of modernizing the Joint Worldwide Intelligence Communications System, JWICS. The network connects military bases, intelligence sites and other local networks needing access to top-secret data, covering more than one million users across the world.

DIA Chief Information Officer Doug Cossa said the agency is well underway in making some overdue hardware updates to the network.

“This is replacing a lot of the aged network hardware, things like routers and switches and encryptors, that we rely on for the secure connectivity, and updating those that are critical nodes that make up that web of the JWICS network,” Cossa said on Inside the IC.

Beyond the “technical refresh” work, Cossa said DIA is also building redundancy into the top-secret intelligence network.

“So if and when equipment does fail, we have a second stack of equipment at our core nodes that we can failover to,” he said. “And in many cases more than a second stack. We’ve got full redundancy across all the critical network components. That’s really been our focus over the past year, building that up around all of our functional areas that rely on JWICS.”

Cybersecurity is also a key focus area. Instead of conducting just an initial cyber assessment when agencies want to connect to JWICS, Cossa said DIA has now moved to continuous assessments of existing local networks as part of its “JWICS cyber inspection program.”

DIA conducted “several dozen” inspections over the past year, he said.

“That goes through the full, end-to-end realm of cybersecurity, everything from how user accounts are managed to how hardware is managed in the sense of making sure that technical parameters and guidelines are implemented, and patching is done,” Cossa said.

The cyber inspection program doesn’t just test against the possibility of outside hackers penetrating the JWICS-connected networks. DIA also examines how effectively JWICS users are monitoring against insider threats, too.

Insider threat monitoring has received increased attention after a Massachusetts Air National Guardsman allegedly used his access to top-secret intelligence networks at Joint Base Cape Cod, Mass., to leak secrets on the Discord website.

“It’s definitely increased in terms of priority,” Cossa said of insider threat monitoring in the wake of the Discord leaks. “Insider threats are always a significant requirement of the intelligence community and DoD.”

Defense and intelligence officials see “zero trust” security as a key component of defending against both outsider hackers and insider threats in the future. Two years ago, President Joe Biden directed defense and intelligence agencies to develop a plan for implementing zero trust architectures on classified networks.

Cossa said zero trust brings security to the “next level” by allowing local area networks to determine the “entitlements” each of their individual users should be granted for accessing certain data. Those entitlements will be managed and enforced through metadata standards defined by the intelligence community’s chief data officer and DoD’s chief data and artificial intelligence officer.

Once implemented, Cossa said DIA can assess the extent to which agencies are following those metadata standards as part of the JWICS cyber inspection program.

“Traditionally, we have only looked at, are you cleared to see something? But when it comes down to a ‘need-to-know,’ that really relies on data tagging standards, which is going to take some time to do,” Cossa said. “Many agencies are well underway. But certainly the core of the zero trust pillar for data is the entitlements and getting that implemented. The network gives you access. The network itself doesn’t define how that access actually occurs.”

The post DIA’s cyber assessments, including insider threat defenses, key to modernizing top-secret network first appeared on Federal News Network.

The National Geospatial-Intelligence Agency is building on a pilot program to recruit people with autism, as the agency plans to hire a new cohort of “neurodivergent” individuals this year while also embedding those efforts more broadly into its persons with disabilities program.

“Neurodiversity” is an umbrella term that refers to differences in brain functioning. Autism, attention-deficit/hyperactive disorder, and dyslexia are among the most common examples of “neurodivergent” conditions.

Neurodivergent individuals are a growing part of the workforce, with 15-20% of the global population estimated into fall into the category. But they also face high rates of underemployment, according to research cited in a new MITRE white paper, “Enabling Neurodiverse Talent in the Intelligence Community.”

NGA became the first federal agency to launch a neurodiversity pilot in late 2020, with a focus on hiring people with autism. The agency partnered with MITRE and Melwood, a DC-area nonprofit that provides job training and other services to people with disabilities.

The goal of NGA’s pilot was to change how neurodivergent job candidates are recruited, hired and retained for federal positions. Recruits went through a six-month internship and were then offered formal offers of employment.

After the initial pilot in 2021, NGA took a “strategic pause,” according to Jen King, a senior GEOINT analyst at NGA. King also serves as program manager of the neurodiversity program at the agency.

“We wanted to evaluate all the areas that we had experienced during the pilot to determine where we were successful for our new teammates, where we can improve and where we can continue to support individuals in their career,” King said on Inside the IC.

NGA now plans to hire a new cohort of four-to-six neurodivergent individuals later this year, King said. The agency also will fold its neurodiversity hiring efforts into its persons with disabilities program.

The broadening effort at NGA will be called the “Accessing Diversity to Employ Professional Talent,” or “ADEPT,” program.

“We do have a lot of neurodivergent talent and a lot of talent in our pipelines for our people with disabilities program,” King said.

MITRE’s white paper points to research that shows those with autism and other neurodivergent conditions display cognitive and performance traits, such as pattern recognition, that would be particularly useful to intelligence work.

Teresa Thomas, MITRE’s program lead for neurodiverse talent enablement, said some important lessons came out of NGA’s initial pilot program, including how to provide autistic individuals with specific training on what to expect from the security clearance process.

“We had an idea that it was probably very difficult for someone specifically on the autism spectrum to get through all of that, especially a TS/SCI with the polygraph kind of clearance,” Thomas said. “And, yes, it was even more complicated than I thought.”

Melwood also provided training for some of NGA’s polygraphers on potential behavioral differences for people with autism.

“It made a huge difference,” Thomas said. “So that was one of the takeaways, that it’s not impossible. It just takes some real thought for folks to get through.”

King said NGA has also created neurodiversity training for senior executives and supervisors across the agency. The goal is to ensure people understand different neurodivergent conditions and associated behaviors. For instance, some individuals may not engage in eye contact with others.

“We train our hiring managers, we are training our security staff that will be running the background investigations,” King said. “We ensure that everyone is aware that there may be behaviors that are a little bit different, and that’s okay.”

Thomas said NGA’s efforts have been successful because agency officials did not treat its pilot as an isolated program.

“They were really thinking about how do we make NGA a better place overall?” Thomas said. “And then how specifically do we make it a better place for our neurodistinct employees?”

King said many of NGA’s existing employees have come forward since the pilot program to share their own neurodivergent diagnoses. King, who is autistic herself, leads a Neurodiversity Working Group at NGA.

And she said many of the changes that would make workplaces more welcoming to neurodivergent individuals are not seismic shifts in workplace culture or processes.

“The changes don’t have to be huge all at once,” she said. “They can be small, such as ensuring that you’ve got an agenda for a meeting 24 hours in advance, or if there’s certain smells that are overpowering, you can use unscented dry erase markers for your whiteboards. It’s little, small things over time that are going to make that great change.”

The post NGA building on efforts to recruit ‘neurodivergent’ talent first appeared on Federal News Network.

Intelligence agencies are eyeing increased job flexibilities and more educational opportunities for the workforce, including through a new talent exchange that is already sending some intelligence officers to do assignments at companies in the space sector.

The intelligence community’s “public private talent exchange” got off the ground this fall after years of development. The program sends IC officers on rotational assignments to private sector companies to develop deeper expertise and skills in specific technology and policy areas. The assignments can last anywhere between three and 12 months.

An initial cohort of officers will spend time at space companies, Cynthia Snyder, the assistant director of national intelligence for human capital, confirmed in an interview on Inside the IC. Other focus areas for the program include artificial intelligence and machine learning; finance and economic security; data science; and human capital.

“So when they come back, they’ll be able to bring those new skill sets back to continue to infuse into our work place,” Synder said.

In addition to sending IC officers to the private companies, the program will also allow intelligence agencies to host individuals in the private sector on rotational assignments. In October, the program announced opportunities for private sector employees to fill assignments working on space-related issues for the Director of National Intelligence and the National Geospatial-Intelligence Agency.

The exchange is part of a broader shift underway across the intelligence community to allow for more workplace flexibilities and educational opportunities. Snyder said reskilling and upskilling is critical as agencies grapple with new technologies and global challenges.

“Our leadership recognize the importance of investing in our workforce,” she said. “So yes, we may have to take someone out of the workplace for a short period of time to advance their skills, but when they come back, they’re bringing so much more.”

In addition to investing in its current workforce, intelligence agencies also see these flexibilities as potentially enticing to the next-generation of intelligence officers. Generation Z, or those born between the late 1990’s and the early 2000’s, are an increasing component of the workforce.

“They’re not going to stay in one place for 30 years,” Snyder said. “We recognize that they will be looking for opportunities to broaden, to continue to broaden and expand and grow and we welcome that because our desire is we will make their experience with us the best experience.”

While intelligence agencies are known for being discreet, the Office of the Director of National Intelligence is trying to expand awareness, or “exposure” as Synder calls it, about job opportunities within the intelligence community.

Last year, ODNI worked with the Office of Personnel Management to launch IntelligenceCareers.gov. The main website has garnered more than 1 million visitors, Snyder said, while about half of those visitors went on to explore more opportunities at microsites for specific agencies.

ODNI also recently established a commercial “virtual recruiting capability,” Snyder said, that 16 of the 18 intelligence components are using today. It allows them to reach both individuals and schools virtually to schedule interviews and events. It also allows the participating agencies to pull from a repository of resumes.

“Whatever we can do to continue to expose and make people aware of who we are, what we do,” Snyder said.

Meanwhile, the security clearance process remains a major challenge for recruiting new people into the intelligence community. Many people will often consider other job opportunities instead of waiting out a background investigation and clearance decision. A recent RAND report found many recruits are often left in the dark about where they stand in the clearance pipeline.

But Snyder said ODNI is trying to streamline that part of the recruiting, integrating the human capital, security, and medical suitability workflows under one system. The system would provide the applicant and the hiring agency with notifications throughout the process.

“So we’re connected, talking the entire time,” Snyder said. “And once that process is complete, then it automatically notifies us that we’re ready to finalize that offer for the employee. Just integration, providing more automation is an area that we believe will help us strengthen that process with our security partners.”

The post Intel agencies look to build skills through public-private talent exchange first appeared on Federal News Network.

Conversations around telework and other flexibilities sound a little different at the National Security Agency.

While many companies are bringing people back into the office and the White House is directing agencies to increase “meaningful in-person work,” the NSA is considering how to increase telework options that were mostly non-existent at the highly secretive agency before COVID-19.

“I get leadership telling me that a lot. ‘Why are you pushing telework, Kristina? Everybody else is coming back.’ [But] they’re going from 100% to 75. We’re at 4%. We’ve got some room to grow in our telework functions,” Kristina Walter, director of the NSA’s Future Ready Workforce initiative, said at an event last week hosted by the Intelligence and National Security Alliance.

More than 50% of the NSA’s workforce is retirement eligible, Walter said. And as the agency replaces retiring employees with new ones, it projects the share of its workforce that has worked there for five years or less will rise to 20%.

Those shifting demographics mean the NSA is on a major, multiyear hiring push and considering a range of workplace flexibilities it would have previously considered unimaginable.

But one of the cultural challenges, Walter said, is how most work at the NSA is still carried out on the classified “high side” networks and installations.

“We don’t have a critical mass of people doing unclassified work on the low side,” she said.

The agency has launched a pilot program that allows new hires to start working on unclassified problems while they await the typically lengthy security clearance process. Walter said the agency is building on that by looking at all its functions that could be done in an unclassified manner.

Areas ranging from contracting, training and recruitment to even software development, cybersecurity analysis, and research could all be done, to a certain extent, in an unclassified environment, Walter said.

“We’ve had applicants come in, and they’re working on unclassified problems, they’re getting paid while they go through the clearance process to try to expedite that,” she said. “So we’re looking forward to expanding that pilot as we get more critical mass down on the low side of people who work at the agency full time.”

The NSA’s foray into more flexible work arrangements is in line with a new white paper from INSA, “Reimagining the SCIF Life,” that recommends intelligence agencies consider ways to make classified work more amenable, while also taking a hard look at what truly could be unclassified instead.

The pandemic forced many intelligence agencies to shift to more unclassified work temporarily. Now, the question is whether those agencies will implement more permanent changes.

“There were a lot of innovative things done during the pandemic. And those things brought better work-life balance and they were of benefit to employees, in some cases, and at the same time mission got done,” John Doyon, INSA’s executive vice president, said on Inside the IC.

The white paper recommends agencies consider options such as shared SCIFs so employees don’t have to travel as far every day to their home office if they’re closer to another classified facility. It also recommends they look at ways to make working within a SCIF a better experience, such as through more unclassified spaces where people can check mobile devices and use the internet.

“The only way I can reach my personal care physician is through the online portal. Nobody seems to answer the phone,” Doyon points out. “And so this is where we are with technology today.

And we need to make these technologies like internet access and places for people to use their cell phones available to employees.”

At the NSA, Walter said there’s been big changes in just the last six months with the introduction of more “community flex spaces” where employees can make unclassified phone calls.

The NSA is also considering how it can “hotel” employees at other intelligence community facilities so they don’t have to travel as far everyday, she said.

“How do we enter into agreements with folks so that our folks don’t have to drive up every day of the week and they can spend one week at the DC office and then come up full time,” she said. “So it is getting a lot more flexible, and we’re expanding some of those options.”

And on the recruiting side, the NSA is also looking to make it easier to move in and out of the agency.

“Typically our culture was if you left, we kind of wrote you off, and didn’t really stay in touch,” Walter said.

The agency recently launched an “alumni program” and held an inaugural event where retirees were invited to network with agency employees as a way “to stay connected,” Walter said. “It’s a way to fast track you back in,” she said.

“So we’re working through all of those processes to make it a more fluid environment, because we recognize that’s a demand moving forward,” Walter said.

The post NSA getting ‘a lot more flexible’ under major workforce initiative first appeared on Federal News Network.

The Army’s intelligence leaders are prioritizing the use of “open source intelligence” under a strategy released earlier this year, as the service is increasing open-source training and plans to make its OSINT courses more widely available across the intelligence community.

Intelligence agencies are grappling with how to prioritize an explosion of publicly available information and commercial data, often available on the Internet and through other digital means. The 2023 National Intelligence Strategy calls for the intelligence community to harness open source data alongside other high priority areas like artificial intelligence and advanced analytics.

The Army published its OSINT strategy earlier this summer. The document is not public, but service officials say they are working to release a public version of the strategy.

Lt. Gen. Laura Potter, the Army’s deputy chief of staff for intelligence, said she has experienced firsthand how OSINT has proven invaluable, in its modern sense, dating back to Russia’s annexation of Crimea in 2014, as well as during the conflict in Afghanistan and up through the current war in Ukraine.

“We really live in an environment where the vast majority of information that we get is generated from publicly available information and commercially available information,” Potter said on Inside the IC. “We’ve made great strides in this area, and we decided to put a strategy together and publish that. And we really see this as a discipline that tips and cues other disciplines as an intelligence discipline of first resort. We think it’s critical to our future success.”

Dennis Eger, the Army’s senior open source intelligence advisor, said the new strategy focuses on how the service can build an “OSINT collection force.” The Army has developed a four-week OSINT basic course to focus on areas ranging from OSINT skills to civil liberties.

The service has particularly focused on building a modern training platform for OSINT. Eger said the “live, synchronous, virtual platform” allows soldiers to train on OSINT from their home station.

Several years ago, the Army began building specific, open source collection teams into its major formations. The Army’s intelligence directorate is tracking how many individuals have gone through the OSINT basic course through an open-source skill identifier, Eger said, to track personnel as they move through the service.

“That’s what allows us to institutionalize it, and we’re building them out in all future formations,” Eger said.

And starting next year, Eger said the Army also plans to make virtual training course available to personnel in the other military services and throughout the intelligence community.

“The key is that we all take a look at our training programs, to say, ‘how do they nest? Where are they the same and where are they different?’” Eger said.

And as some experts argue the intelligence community still prioritizes classified sources and methods over open-source, the Army is also focused on ensuring its leadership understands OSINT as well.

“Making sure we’re educating leaders, both intel leaders, and the consumers of our intelligence, our warfighting leaders, on the value of the discipline, but also how carefully it has to be managed and implemented,” Potter said.

The post Army to treat OSINT as ‘intelligence discipline of first resort’ under new strategy first appeared on Federal News Network.

Many people know the federal government’s personnel vetting process is a drag. The security clearance process can be confusing and intimidating. It can take months or even years to get through a background investigation.

While agencies are taking steps to reduce those timelines, a new report from the RAND Corporation suggests the government could make more of an effort to consider the “candidate experience” throughout the vetting process.

The report, “Improving the Candidate Experience Journey Through the Personnel Vetting Process,” suggests agencies adopt a framework that treats “candidate experience” similar to how the White House and many agencies are now treating “customer experience.”

The report comes as agencies implement major reforms to the government’s screening processes under the “Trusted Workforce 2.0” initiative.

Dave Stebbins, political scientist at RAND and one of the lead authors on the report, pointed out the report provides agencies with “a new look” on personnel vetting reforms that’s largely focused on streamlining screening and vetting processes.

“This is kind of flipping the traditional viewpoint on this, where it’s sort of top down from the government angle,” Stebbins said on Inside the IC. “And what we really wanted to do from this report was sort of reveal it from the candidate point of view.”

The research was commissioned by the Security, Suitability and Credentialing Performance Accountability Council, a group of senior leaders and offices who are leading the Trusted Workforce 2.0 initiative.

The RAND authors write that their report examines processes that “may attract new generations to the national security workforce and promote a positive candidate experience throughout the personnel vetting and screening process.”

Agencies are already taking some steps to simplify the personnel vetting process. Earlier this year, the Office of Personnel Management released a proposed “Personnel Vetting Questionnaire” that would consolidate several forms and simplify the questions applicants must answer before entering the vetting process.

Stebbins pointed to that as an early example of how agencies are considering the candidate experience.

“The last thing we want to do is have a long form and confuse people and then before they can even enter the vetting stage, they’ve sort of self-selected out,” he said.

The National Security Agency is also in the middle of a major recruiting push. As part of its “Future Ready Workforce” initiative, the NSA is considering more flexible work models, while also striving to interact with candidates more during the hiring process.

And officials have also prioritized increasing security clearance “reciprocity” under Trusted Workforce 2.0 to make it easier for job candidates to effectively take their clearance with them when they move jobs, rather than having to go through the process again at another agency.

But the RAND report finds there isn’t any cross-government approach to creating a “positive candidate experience” as part of the federal hiring and screening processes.

“As we went through, we can see lots of folks wanting to improve the candidate experience across the board, but there’s really no training on how to do that,” Stebbins said. “It’s not really formalized in any meaningful way across departments and agencies.”

The report contrasts the idea of “candidate experience” with federal efforts to improve interaction and engagement with the public under a multi-administration “customer experience” push. The Biden administration has designated multiple agencies as “high impact service providers” (HISP) with responsibilities to improve service delivery to the public.

While the Office of Personnel Management is a HISP with responsibilities to improve some elements of the federal hiring process, the RAND report points out that no agencies have been given the explicit responsibility to “improve screening services provided to candidates who have applied to USG job positions requiring a background investigation.”

Some of the major challenges across agencies, RAND’s authors found, is a lack of transparency about where candidates stand in the hiring and screening processes, as well as a “bureaucracy that seems to enable sluggish hiring.”

Many private sector organizations, meanwhile, take steps to actively ensure top talent can find job opportunities at their companies and convert “passive” job seekers to “active” candidates, RAND’s authors write, while also providing clear timelines and expectations for those who decide to apply for a position.

Forecasting clear timelines and communicating employees through the government’s oftentimes complex hiring and screening processes could be “huge” for agencies, Stebbins said.

“One of the things we learned through our interviews is with the private sector is you can kind of think about it like a Disney ride,” Stebbins said. “Why do people stay in line? Well, because there’s signs there that say ‘expect 45 minutes from this spot, 30 minutes from this spot.’ So there’s sort of still motive. ‘Yeah, we’re baking in the sun. We hate that we’re surrounded by 1000 people, however, there’s these little signs there that say, oh, okay, I’m going to get on this roller coaster or tea cup.’”

The report recommends agencies adopt “foundational change management techniques” to help foster a more positive candidate experience through the pre-hiring, hiring, vetting and post-vetting phases of a job candidate’s journey.

“Vetting is an uncomfortable process,” Stebbins said. “There’s no secret there, and there are certainly various reasons for that, but the more we can sort of make them feel welcome and comfortable, really that we want you to work for us. Not that we’re trying to vet out, but that we’re trying to vet in.”

The post Report pushes agencies to focus on ‘candidate experience’ during security clearance process first appeared on Federal News Network.

In a June 30 memo, Defense Secretary Lloyd Austin directed Pentagon officials to take a range of actions to tighten access to classified information.

The directive stems from a review of security procedures Austin ordered earlier this spring in reaction to the Discord leaks, allegedly by 21-year-old Air National Guardsman Jack Teixeira.

What do these new actions mean for security clearance applicants and holders? To dive more into that question, Inside the IC spoke with Dan Meyer, a security clearance attorney at Tully Rinckey. Listen to the full conversation above.  And read our story detailing the actions Austin has directed Pentagon officials to take in the wake of the review.

The post What do the Discord leaks mean for the security clearance process? first appeared on Federal News Network.

The intelligence community is setting a two-year roadmap for its workforce to become more familiar with data and artificial intelligence tools — and is already charting progress toward those goals.

The 2023-2025 IC Data Strategy, released Tuesday, lays out the steps all 18 intelligence agencies will take to develop a more data-savvy workforce, and set the groundwork for the IC to use AI tools.

The strategy states the IC brought the document together to stay ahead of a “new period of strategic competition.”

“It is no longer just about the volume of data, it is about who can collect, access, exploit and gain actionable insight the fastest, as the will have the decision and intelligence advantage,” the report states.

Lori Wade, the intelligence community’s chief data officer, said in an exclusive interview that the 11-page strategy spends little time on background, but focuses on implementation of near-term goals.

“We have two years to really get focused on some of the foundational areas of end-to-end data management,” said in a joint interview on Inside the IC and All About Data.

“Data is fundamental to everything that we do in the intelligence community, and our ability to manage it properly. And to maintain how we do data across our entire lifecycle is an important part of where we’re going to move the needle forward, if you will, for the intelligence community,” Wade said.

The IC CDO Council’s next meeting in August will focus on a review of the second-quarter results of the data strategy’s one-year action plan. The council also serves as a forum for component agencies to collaborate on shared solutions, as well as work together on shared challenges.

“We’re opening up the space, where they take a step back and do a collective move forward on either challenges, build on accomplishments, or work together as we go forward,” Wade said.

The data strategy outlines four focus areas:

• Perform end-to-end data management
• Deliver data interoperability and analytics at speed and scale
• Advance all partnerships for continued digital and data innovation
• Transform the IC workforce to be data-driven

“To date, we have not significantly prioritized data as a strategic and operational IC asset. The central challenge remains that the IC is not fielding data, analytics, and artificial intelligence (AI)-enabled capabilities at the pace and scale required to preserve our decision and intelligence advantage,” the report states.

To ensure the intelligence community has the skills it needs to respond to emerging threats, the strategy elevates the importance of upskilling the current IC workforce on data skills, while also recruiting new hires with these in-demand skills.

Wade said the IC data strategy reflects the need for data professionals and analysts to keep their skills sharp through continuous training and “evolving their data tradecraft.”

But the entire IC workforce, she added, will need to have a baseline level of data literacy.

“There’s a data acumen and literacy that we have to bring every single IC officer up to — whether they’re leading the agency, working on the legal side [or] the acquisition side. No matter where you are, you’re going to touch and work with data, whether it be our business data or mission data. So we need to understand, what does that mean, and how does that look?” Wade said.

CDOs are actively evaluating the level of data literacy that exists today across the intelligence community workforce to understand potential gaps and training requirements.

“How do we embed some element of data into every module that’s for entry on duty for anyone coming into their agency or to the IC,” Wade said.

The intel community is also looking to upskill its workforce through its Public-Private Talent Exchange (PPTE). The program gives IC personnel an opportunity to develop skills and expertise from industry partners on the front lines of technology breakthroughs.

Wade said that, as part of the PPTE program, her office is bringing academia and IC components together on a data-focused “mission sprint,” that will focus on real-world applications of data in the intelligence community.

“We’re going to use a real mission example, and we’re going to bring in officers from the IC to work  with individuals and experts from the private sector and from an academic organization to really dive in and solve a real mission problem,” she said.

The IC workforce now spans five generations, but as intelligence agencies bring in Gen-Z talent, Wade said the IC needs to make full use of their specific skill sets and expertise.

“We need to make sure that everything that we’re doing across the organization will take full advantage of what they’re bringing to the table — which is, they’re digital natives,” she said. “And we need to make sure that we’ve got everyone else who’s already in the intelligence community up to that kind of understanding, so that we can work together as one IC, as we go forward with the same digital and data literacy,” Wade said.

AI foundations

Wade said AI and automation tools serve as the foundation for data-driven decision-making, since the volume of data IC agencies produce far exceeds what its workforce can process manually.

“Today, people aren’t understanding the volumes of data — that they no longer can just even go through it on their own. We have technology and capabilities that we can bring to help us to do that in ways that we haven’t in the past. We need to take full advantage of that, but we need to be ready ourselves,” Wade said.

The strategy lays out a goal to establish “end-to-end data management plans” from when data is collected or acquired, all the way through the exploitation, dissemination and ultimate disposition of that data.

Wade said the goal is underpinned by a new intelligence community directive on “data management” that ensures all data that’s collected — whether it’s open source, commercial or by classified means — has a data management plan.

She noted the successful adoption of AI will require the deliberate management of data.

“AI is something that requires quality data,” she said. “Highly curated data, or data that has to be tagged and labeled. It has to be discoverable and accessible. We have to have a data architecture in place. So we’re working on all of that.”

ODNI is also developing a “common IC data catalog” to help create inventories of data across intelligence agencies with shared standards and metadata.

“So each agency can have their own catalog, but they need to be able to then connect it to the larger IC data catalog,” she said. “We see that as a way to drive the data management and the best practices, because if you’re putting something in a catalog, you’re tagging it, you’ve labeled things.”

And the strategy further prioritizes interoperability of data standards in and out of the intelligence community. Wade said the IC is partnering with the Defense Department as they build out their own data strategy.

“That’s how we ‘re going to get to speed and scale — as much of the things that we have that already exist, that we can adopt — and making sure that we’re following a set of common standards, that we have that infrastructure where we’re sharing capability, and that we are looking and doing that end-to-end,” Wade said.

To ensure the IC is tapped into the latest technology developments, the Office of the Director of National Intelligence (ODNI) is looking to lower the barriers to collaborate with industry partners through its “Front Door” access program.

Wade said she also recently met with Army Futures Command and industry partners in Austin, Texas, to better understand which emerging technologies the intelligence community needs to focus on, and how those tools might impact the data strategy and its second-year action plan.

Wade said these programs focus on reducing the barriers of entry for private sector companies that are working on some of these emerging technologies — whether it be AI, Web3 or immersive technologies like the Metaverse.

“If this is the place, and the platforms, and the technologies where all social interaction will occur, what does that mean for national security?” she said.

The post Intel community’s new data strategy looks to lay foundations of AI future first appeared on Federal News Network.

In cybersecurity, it’s become a common trope to say humans are the “weakest link” in efforts to protect data and systems.

Many successful cyber exploits today are based on “social engineering,” where attackers get around firewalls and other network defenses by tricking people into clicking on a malicious link or handing over a piece of sensitive information.

The Intelligence Advanced Research Projects Agency is aiming to flip that paradigm on its head with the “Reimagining Security with Cyberpsychology-Informed Network Defenses” program, or “ReSCIND” for short.

“I believe that this human factor can also be leveraged against cyber attackers,” Kimberly Ferguson-Walter, the program manager for ReSCIND, said on Inside the IC. “This program will focus on just that — on flipping the tables to make the human factor the weakest link in cyber attacks.”

IARPA released a Broad Agency Announcement for the ReSCIND program earlier this month. Proposals are due May 26.

Ferguson-Walter said she hopes to kick off research with an initial batch of selected performers by the end of this year.

The 45-month, three-phase program will focus on “inducing or intensifying cognitive biases or other cognitive limitations to thwart cyber attackers,” according to the project’s technical description. The goal is to build what IARPA calls “Cyberpsychology-Informed Defenses.”

The initial 18-month phase of the project will focus on identifying cognitive biases applicable to cyber operators, Ferguson-Walter said. Humans display a range of cognitive vulnerabilities and limitations, such as altered decision-making when under stress or the classic decision-making concept known as the “sunk cost fallacy,” where people continue investing time and resources into an area that they should have abandoned.

“We’re interested in those concepts, but as far as they can result in reduced cyber attacker success and effectiveness,” Ferguson-Walter explained. “A lot of the psychology that’s been done for decades, it doesn’t necessarily abstract directly to the cyber domain.”

The IARPA program may be filling a crucial void in the area. Research into the specific cognitive biases of cyber attackers is nascent, and the field of “cyber psychology” has historically focused in other areas of cyberspace like online dating, cyber bullying, and online gaming.

Ferguson-Walter said one of the main challenges has been a lack of collaborative research between cybersecurity experts and behavioral scientists.

“We’re really hoping to see that increase as part of this program,” she said.

Cyber deception technologies and techniques aimed at tricking hackers have advanced in recent years. A classic example is the “honeypot,” effectively a virtual decoy that appears like a legitimate network target to hackers, but is actually an isolated part of an information system where the attackers can be monitored and analyzed.

Ferguson-Walter said while honeypots and other cyber deception products are “good ideas,” they’re engineered as appendages to existing network defenses and not necessarily underpinned by behavioral science.

“The psychological theory and impact feels like more of an afterthought,” she said. “[ReSCIND] seeks to reverse this process, and first understand the foundational cyber psychology and then build the technology based on those findings.”

The second phase of the ReSCIND program will take the lessons learned from the initial research on attacker biases, and focus on how and when to take advantage of those cognitive vulnerabilities as part of a cyber defense program, Ferguson-Walter said.

The 15-month second phase will focus on developing defenses that “map to observed attacker attributes and measurably disrupt cyber attack behavior across the Cyber Kill Chain and increase the negative impact on attacker performance and success,” the technical description explains.

And the final 15-month phase is focused on the question of “how do you automate it?” Ferguson-Walter said. “How do you combine the different approaches? And how do we model that behavior that we’ve been measuring?”

The research will be fully unclassified, she said, and performers will have the opportunity to present their findings at conferences and in academic journals.

“There’s been a lack of research and understanding of that human aspect of cyber, both from the defender and attacker sides,” Ferguson-Walter said. “We’re hoping to provide a data set that will be open for people to do future research into cyber decision making.”

The post IARPA opens research into ‘cognitive vulnerabilities’ of cyber hackers first appeared on Federal News Network.

Salaries for individuals with security clearances increased by an average of 7% last year, according to an annual survey. The rise in compensation comes as companies in the national security sector continue adjust to post-pandemic workplace expectations and compete with the commercial sector for technology talent.

The ClearanceJobs’ latest Security Clearance Compensation Report shows average total compensation rose to $108,611 in the cleared community for 2022. Over half the cleared population now earns a six-figure salary, according to the survey, which involved more than 50,000 respondents.

“A lot of bonuses, a lot of increases for cleared candidates this past year,” ClearanceJobs Senior Editor Jill Hamilton said on Inside the IC. “We call it the year of upward trends where inflation is up, the cost of buying eggs is even up, everything costs more. There’s a lot more pressure, and employers responded with a big compensation bump for the community.”

Compensation is also connected to the level of security clearance. Survey respondents with a Defense Department secret-level clearance earned just over $92,000 on average, while DoD top-secret clearance holders earned an average of $119,000.

And for respondents who work for intelligence agencies, the average total compensation was just under $140,000 in 2022.

Meanwhile, some of the highest paid occupations in the cleared community include software developers, data scientists and engineers.

“A lot of that just has to do with the scarcity of talent,” ClearanceJobs President Evan Lesser said. “There’s just not enough skilled, security cleared software developers and cybersecurity professionals out there. So they typically get the higher pay.”

Perhaps more surprisingly, the report shows sales professionals are also among the highest paid occupations. Lesser attributes that partially to record high defense budgets in recent years.

“Companies are doing what they can to try to get a piece of that pie, so sales professionals with clearance are really towards the top of the list as well,” he said.

Remote work options on the rise

Beyond salary, the compensation report also measures other aspects of a cleared worker’s life, such as opportunities for remote work. The latest survey shows 53% of respondents have either remote or hybrid work options, up 7% from the year before.

“I think pre-pandemic, if you said as a candidate, ‘I’d like to work from home one day a week,’ the employer would have just laughed and said, ‘Well, you’re in the wrong industry,’” Lesser said. “But the pandemic truly changed things.”

Intelligence community leaders have touted the need for more workplace flexibilities to help agencies compete with the private sector for talent.

“I think candidates generally understand that they’re not going to able to work from home 80 or 90% of the time, but if they can work from home 20, 25, 30% of the time, that’s actually a pretty big thing for our industry,” Lesser said.

The cleared population has also slowly spread out across the country over the past two years, according to the survey, with the population of cleared respondents in Washington, D.C. dropping slightly. Meanwhile, more respondents checked in from states like Alabama, California, Florida and Texas.

“There is some spreading out with different companies where maybe it was harder for them to get cleared candidates to want to come and move there, because there wasn’t as many opportunities,” Hamilton said. “The biggest pull here in the D.C. region is you can quit one job and start another with a very small lag time in between, because the opportunities are just everywhere you look. But now a lot of these opportunities are springing up around the country.”

Junior salaries on the rise

The survey also shows entry-level and mid-level salaries are on the rise in the national security community. The average compensation for an entry-level respondent with less than two years of experience rose by 8% in 2022 to $66,061.

Meanwhile, compensation for “early career” employees with two-to-five years of experience rose by 7%, as did compensation for “mid-level career” employees with between five and 10 years of experience.

“There’s a big push to retain mid-level talent, not just to get the entry level in, but can you then keep them in, because you need that experience especially in national security,” Hamilton said.

Generation Z, or those born after 1997, are also making inroads in national security. Gen Z received an average 11% raise in 2022, while Generation X and Millennials saw between a 7-8% bump in compensation, on-average.

Meanwhile, with many big tech companies laying off broad swaths of their workforce and halting hiring amid an uncertain economy, Hamilton said national security companies would do well to stress the stability of a job in defense or intelligence.

“Our industry and national security is never going to be able to pay what non-cleared jobs can on-average, but we definitely offer job security, and it’s something employers should really be pushing hard on,” she said.

The post Cleared employees see pay raises, more opportunities for remote work first appeared on Federal News Network.

While various intelligence community initiatives have sought to move beyond over-classifying and compartmentalizing information in recent decades, the underlying IT systems relied upon by military and intelligence components are often disjointed and “stove-piped” themselves.

It’s a paradigm Defense Intelligence Agency Chief Information Officer Doug Cossa wants to move beyond. DIA and the National Geospatial-Intelligence Agency are now partnering under an effort called “Company Storefront” to offer common IT infrastructure services for the classified environment, including desktop services.

“Agencies don’t have to maintain their own data centers or their own infrastructure services,” Cossa said on Inside the IC. “They can adopt the model that we’re able to extend out to the rest of the community that integrates because it was designed that way from the beginning.”

The effort comes as DIA also seeks to modernize the global top-secret Joint Worldwide Intelligence Communications System, known as JWICS.

While many agencies are moving to commercial cloud services for unclassified work, “on the high side, we don’t have that option yet,” Cossa said. So DIA has established a program office to oversee the Company Storefront offerings, with 17 agencies involved already.

“We begin with a site survey of understanding what they need to be able to connect to JWICS, and then understanding their footprint across the world and how we need to deliver those services out,” Cossa said.

The desktop services includes integrated email and chat, features the intelligence community has often lacked due to both security concerns and a culture of building systems in siloes, Cossa said.

“Those simple things have really taken way longer than they should, and that was because we never designed it that way from the beginning,” he said. “We all went our separate ways.”

The Biden administration has also directed defense and intelligence agencies to adopt zero trust security on their networks. Cossa said the common services offered through Company Storefront should help agencies meet that mandate.

“We have a lot of that built in already to our infrastructure, so agencies have the option to adopt it,” he said.

The Defense Department and intelligence community are also working with cloud companies to allow more classified work to be done through commercial cloud services. The Central Intelligence Agency awarded a potential multibillion-dollar cloud contract to five cloud providers in 2020, and DoD awarded the highly anticipated Joint Warfighting Cloud Capability contract to four major vendors in December.

Eventually, Cossa sees the IT infrastructure services offered under Company Storefront integrating cloud to offer agencies a virtual desktop environment.

“I think that is the future of where we’ll go is more virtual desktop, and that’s where we really rely on the vendor community to not only work with us, but work across the other vendors to be able to have integration across the services that we depend on,” Cossa said. “Because it’s not an option for us to go back into a stovepipe model where we’re purchasing capabilities or bringing capabilities into our environment that don’t talk with anything else. That’s the environment that we’re really trying to get away from.”

Wireless pilots

Another area Cossa sees as ripe for change is the intelligence community’s use of wireless networks.

“It’s a new way to look at the capabilities of wireless and figure out OK, well, maybe it’s not as scary as we think it is,” he said. “Maybe if we actually can put in the cybersecurity standards that are necessary to protect what’s transiting that network, then we can use it to our advantage. And those are the types of things that really is a mindset shift of where I see us heading as a community.”

DIA is piloting the use of wireless technologies and how it can integrate the security standards used for the top-secret JWICS.

“In terms of putting that into operations, this is where at a community level, we need to relook at those policies for how we actually deploy it,” Cossa said. “I don’t think it’s a technology problem. It really is a mindset, policy change that is shifting. I can see it shifting already as the world changes around us.”

The post DIA CIO sees intel community moving beyond ‘stovepipe’ IT model first appeared on Federal News Network.

The intelligence community’s diversity challenges are both readily apparent and frustratingly opaque.

Intelligence agencies continue to lag behind the broader federal workforce across a range of workforce benchmarks for women, minorities and persons with disabilities. But for a community laser-focused on collecting raw data to analyze a range of global issues, intelligence agencies and components are disjointed, inconsistent and deficient, in some cases, when it comes to data on diversity, equity, inclusion and accessibility.

Stephanie La Rue, the first-ever chief of DEI&A for the intelligence community, is attempting to take on those challenges from her perch in the Office of the Director of National Intelligence. She reports directly to Director of National Intelligence Avril Haines.

La Rue was previously chief diversity strategist for the Central Intelligence Agency. She also spent time in the CIA’s Office of General Counsel.

“The way I view it is to be kind of the strategic implementer and integrator of DEI&A across the intelligence community,” La Rue said on Inside the IC. “So we are making sure that all of our diversity and inclusion and accessibility strategic plans are completed and that we’re in lockstep with one another. It’s hard to do because everybody does things a little bit differently, but that’s generally the mission of my office.”

The fiscal 2021 demographic report for the intelligence community released in October shows some marginal year-over-year gains have continued. The number of IC officers who identify as minorities increased 0.6 percentage points to 27.6%, while those who identify as women increased 0.3 percentage points to 39.5%.

Both figures fall short of the federal workforce benchmarks of 38.6% minority employee composition and 44.2% for women employees, respectively. And the latest numbers show intelligence agencies continue to struggle to promote and retain minorities and women.

“My voice track for the [annual demographic report] is we are not where we need to be, but we know where we need to go,” La Rue said. “And we’re working to get there.”

Meanwhile, the intelligence community experienced an apparent decline in the percentage of persons with disabilities in the civilian workforce, dropping from 11.9% to 10.9% in fiscal 2021. The federal goal set by the Equal Employment Opportunity Commission for persons with disabilities is 12%.

But the report attributes the latest drop-off to “methodological changes in PWD reporting across the IC.” La Rue said the IC changed how it collected data for PWD by creating additional fields and categories in fiscal 2021, potentially leading to the drop-off.

She said she’s optimistic the intelligence community can reach the 12% target in the near term. ODNI now has a senior accessibility officer to oversee efforts across the different components.

Data is the ‘bread and butter’

La Rue said her office is focused on four primary areas: data, partnerships, education and accessibility.

Each area is important, she said, but the “bread and butter” for her is data collection, an area La Rue sees as ripe for improvement.

La Rue said there are numerous gaps she wants to address. Most elements don’t collect or report data on the veteran status of their employees, for instance, despite being a “huge part of the workforce with distinct needs,” La Rue said.

They also don’t collect or report data on sexual orientation and gender identity, an area where La Rue acknowledged there may be a lack of “trust” considering past policies that effectively barred members of the LGBTQ+ community from serving in the intelligence community.

Even for data that is reported in the annual demographic report, there are inconsistencies and gaps. Some components didn’t report data on the race of their applicants in fiscal 2021, for example, hobbling efforts to evaluate the effectiveness of minority recruitment programs.

The data problems stem from decentralized human resources systems used across the 18 intelligence agencies and components.

“Everybody collects data in their own HR database, and they report it their own way, and so we have to streamline that,” La Rue said. “We’re really trying to clean all of that up.”

The fiscal 2021 report notes that the intelligence community relies on “self-reported aggregated data rather than raw data sources, which inhibits the IC’s ability to perform analysis across demographic groups, commonly known as intersectional data analysis.”

The ability to perform such intersectional analysis — being able to evaluate the representation of black women or Latinos with a disability, for instance — is the “exciting” future La Rue envisions for DEI&A efforts across the intelligence community.

“If you were looking at our numbers for women who are in the senior ranks, the number looks pretty good in comparison to their composition,” La Rue said. “But that’s not true for black women in the IC. That’s not true for trans women. That’s not true for women with disabilities. And so until we can really parse that number out a little bit more, we’re not really going to be able to get to what it is that we need to start doing, where we need to start programming, dedicating resources.”

The demographic report notes DEI&A data modernization efforts will involve “leveraging a cloud service” through which “data will be ingested, validated, analyzed and reported through repeatable, automated processes.”

“Future data will provide anonymized individual-level data that will permit analysis that is more intersectional,” the report states. “These efforts seek to create a unified set of data fields and improve future demographic reports.”

Culture the ‘biggest issue’

While the data challenges are a high priority, La Rue said culture is a major barrier to DEI&A initiatives across the intelligence community as well.

“I think the biggest issue that we are seeing is our culture,” she said. “You have some elements that are throwing all kinds of money and resources and massive teams behind this … but culture eats strategy for lunch every single day. And so what I’m seeing is whether or not you have an element that’s very poorly resourced, or an element that’s resourced really well, we’re still struggling with that culture.”

She said education will help address that issue. But a major challenge remains convincing people of the necessity of DEI&A efforts.

“There is also still a lot of opposition,” La Rue said. “Some people just don’t get that this is mission.”

Haines and other leaders have spoken about the imperative to increase diversity across intelligence agencies. La Rue said explaining how DEI&A plays a role in different aspects of their day-to-day jobs and operations can be an effective way to sway managers and other officials in the position to make a difference.

“It’s not just cultural events. It’s not a food tasting,” La Rue said. “It is how you’re weaving this into everything you do. And that having that conversation with folks has been much more helpful in getting people to really understand how they can operationalize this and execute this in their nine-to-five.”

The post Spy agencies seek better raw data on diversity challenges first appeared on Federal News Network.

Like many agencies across government, the intelligence community is considering new models for work, especially amid ongoing challenges with recruiting and retaining cleared employees.

Unlike most offices across government, intelligence agencies are constrained by the classified nature of their work.

Intelligence officers, analysts and contractors complete the vast majority of their work in “sensitive compartmented information facilities,” or SCIFs, secure rooms or facilities where they’re allowed to work with classified information.

Such facilities are limited to federal properties or companies who have a contract requiring SCIF. And individuals are typically limited to specific working out of a specific SCIF, dependent on the nature of their work or contract.

Now, a not-entirely-new idea is once again percolating. The Intelligence and National Security Alliance is pushing for agencies to fund and certify shared SCIFs to give the cleared workforce more flexibility in where they can work.

“The economy as a whole over the last 10 years or so at least up until the pandemic started shifting to people having a lot more flexibility in where they do their work, because the focus was really on how people did their work and what they produced,” Larry Hanauer, vice president for policy at INSA, said on Inside the IC. “So why not apply the same logic to the trusted workforce?”

They don’t need to necessarily have kombucha and cold brew on tap. But Hanaeur said building classified co-working spaces could help intelligence agencies with ongoing recruitment and retention challenges, giving officers and analysts the opportunity to work closer to home, rather than facing long commutes in places like the Washington metro area.

“I think there’s wide agreement that we have a bit of a crisis in the cleared workforce,” Hanauer said. “It’s increasingly difficult to hire and clear people who have advanced technology skills, foreign language fluency, and other necessary abilities, particularly when Silicon Valley tech firms can hire them in an instant, at twice the salary without having to go through a clearance process. And it’s harder to hire and retain cleared personnel if they have to make a long commute into their organization’s SCIF. So the key issue is that they do their work in a secure space. Why does it matter where that space is located?”

He said shared SCIFs could also provide more opportunities for small businesses and startups to compete for intelligence contracts. Lawmakers in the Fiscal 2018 National Defense Authorization Act directed the Pentagon to develop processes for building multi-use SCIFs “to facilitate access for small business concerns and nontraditional defense contractors to affordable secure spaces.”

But progress on that mandate has been slow, Hanauer said, meaning small businesses typically need to subcontract with prime contractors who already have a SCIF in order to access classified information.

“Right now, many small businesses don’t have the resources to build a SCIF and get it certified,” he said. “That’s a costly and time consuming process. And without access to a SCIF, they can’t get a contract that allows it to do classified work. They can’t even read or respond to a classified [request for proposal] so they can bid on a classified contract.

‘Prohibitive costs’

A 2020 “Report on Common Sensitive Compartmented Information Facility” from the Office of the Director of National Intelligence sheds some light on the hesitancy around creating classified co-working spaces. The report was obtained and published by the Federation of American Scientists.

The report notes that SCIF certification is tied to specific contracts because “work done under each contract is different, so security professionals need to review the safeguards required for each specific situation.”

“The security measures appropriate for the information supporting one agency’s contract may be insufficient for another, or there may be different classified information technology system requirements,” the report adds.

Funding is also an issue, according to ODNI.

“Government resources are necessary to assess the facility for certification and accreditation and should not be expended in the absence of certification and approval from a government agency that such space is required,” the report states. “Otherwise, we are in danger of giving an unfair competitive advantage to one company over others by essentially granting them classified workspace for no specific reason.”

The report gives credit to the shared SCIF idea, noting that the “appeal of multi-use classified space is apparent” and acknowledging “transportation challenges” the cleared workforce faces in areas like Washington, D.C.

But it also emphasizes “prohibitive costs” associated with meeting the security requirements of multiple agencies and contracts at one facility. ODNI also notes that the idea of neutral or common SCIFs conflicts with multiple statutes and regulations.

“While the need for policy changes alone should not prevent the exploration of ideas, the extended time and costs required to change such policies and guidelines must be taken into account,” the report states. “We do not conclude such an alternative approach is needed at this time as current policies and procedures already maximize industrial SCIF reciprocity and co-utilization, while providing requisite security protection to sensitive compartmented information.”

Meanwhile, the Senate’s version of the fiscal 2023 intelligence authorization bill includes a provision that would require the Government Accountability Office to produce a report on the “annual average utilization” of both government and contractor SCIFs, potentially shedding light on the issue.

Short of further congressional action, the shared SCIF idea will ultimately need buy-in from multiple intelligence agencies, in addition to the blessing of ODNI. But Hanauer said which agency ultimately sponsors, inspects and certifies the SCIF doesn’t matter if the intelligence community agrees to move forward with the idea.

“That’s kind of a bureaucratic question,” he said. “It’s really not important what agency signs the paperwork and does the inspection. Because everyone who uses that SCIF would be doing work that furthers the intelligence community’s mission, the Department of Defense’s mission, and overall the nation’s interests.”

The post WeWork for spies? Industry group pushes for classified co-working spaces first appeared on Federal News Network.