In a talk at August’s BSides Las Vegas conference, security pro Kevin Tyers talked about the factors that go into a security clearance decision. His accompanying research included an analysis of 15 years’ worth of security-clearance adjudication data.
Industry security clearance decisions are public record and available online. (The code that he used to gather the data for his talk is available via GitHub.) His analysis included cases with written decisions, and does not include applicants without factors that would have barred them from receiving clearance. The final dataset also excluded people who had self-selected out of the security-clearance process at some point.
After filling out paperwork and submitting to a background check, individuals trying to gain security clearance are interviewed, as are their associates. If concerns are found, applicants will receive a statement with the reasons for these concerns.
For example, they may receive a letter stating concerns about their financial security. Applicants have a chance to respond to these concerns. Sometimes polygraphs are used when there are potential issues with lifestyle, or if the candidate poses a counterintelligence risk. After this process, a final decision is made and recorded.
Areas of Concern
When determining whether to grant security clearance, investigators look at multiple categories. These include:
- Allegiance to the United States
- Foreign influence or preference (such as being from another country or having immediate family from there)
- The use of information technology systems (such as looking at pornography on a work computer)
- Personal conduct (a catch-all category)
- Financial considerations (such as debt)
- Alcohol and drug consumption
- Psychological conditions
- Handling protected information (such as putting classified information on your resume)
- Outside activities (i.e., work performed on behalf of a foreign government)
Looking at 15 years of data makes it clear that decisions about clearances spiked enormously in 2001, as the United States worked to build an intelligence complex in the aftermath of 9/11. That year started with just a couple hundred applicants before shooting up to close to 1,600.
Even during that spike, however, no more than 40 percent of applicants were approved for clearance. The most common concerns were financial, followed by the ‘personal conduct’ catch-all, alcohol and drugs, and criminal conduct.
In 2014, some 752 applicants were flagged for financial reasons, 312 for personal conduct, 1 for outside activities, 192 for foreign preference, 3 for mental issues, 24 for sexual conduct, 111 for drug abuse, 43 for alcohol abuse, 6 for security violations, 81 for criminal conduct, and 12 for information technology.
Among issues flagged that most often resulted in a denial of security clearance, sexual misconduct led the list (83 percent denied), followed by criminal conduct (81 percent) and personal conduct (80 percent). Surprisingly, security violations (57 percent denied), outside activities (56 percent) and foreign allegiances (54 percent) were on the bottom of the ladder.
A law (10 U.S.C. 986) forbidding the U.S. Department of Defense from granting security clearance to anyone convicted of a crime who served more than a year in jail was repealed in 2008, so even murderers do not receive automatic denial. (In fact, one person who served 11 years in jail for manslaughter received a clearance almost 20 years later.)
Those interested in taking a deep dive into the clearance decision data on their own can find it online. For tech pros who are considering a job that demands a security clearance (such as with a military contractor), be aware of potential issues before you apply.