The article uses the Russia election situation as an example, but one doesn't need a clearance -- or any classified information, for that matter -- in order to prevent a large number of these recent "hacks" or, at the least, make the attackers work much harder to be successful.
When companies can't even be bothered to install security updates on public-facing applications or web sites (cf. Equifax), is anyone really surprised that they're being broken into and having all their private data stolen?
In my experience, these public/private information sharing "partnerships" are heavily weighted in the government's favor. That is, the private companies share their detailed, specific data with the government but the information that the government shares with the private companies is laughable. When I was on the "receiving end", it was typically bulletins and notifications that were vague and lacked enough detail to actually be useful or actionable (and even those were limited with regard to distribution).
It's been a few years since I was involved with that stuff so perhaps things have changed. I would be really surprised if they have, though.
In addition, it seems to me that this is a good way for the government to get these tech companies to "go along with" some of their "requests". Oh, you have some private data that the government would like to have access to but you don't want to turn it over? Or, the government has a "black box" they want you to install in your network but you don't want to? Boy, it sure would be a shame if your employees' security clearances got denied, wouldn't it?
In order to conduct an appropriate vulnerability assessment, you need to be able to classify your adversaries capabilities and motivations. That's hard to do with out some kind of privileged information. Only then can you get down to the stuff that most people think of when they talk about "security" - e.g. the risk mitigation and countermeasures.
Edit - added text
To continue the point, the Russia example is important. Individual commercial ventures are not set up to handle state level attacks. Any company that thinks they are is going to be in for a rude awakening.
Worse, companies like Google and Facebook are going to be vulnerable by their very design and function.
Sure, the credit bureau hacks are bad, but truthfully that's only the tip of the iceberg as far as consequences.
I'm not discounting your point that you may have found government cooperation unhelpful, but I will say if you are one of these large companies that could be the target of a state level actor, you are going to want a state level actor on your side. And in the US that means you are going to have to have employees with access, which means you are going to need to have a government sponsor for clearances.
For those in this thread that are confused what the tech companies could be looking for with these cleared people, let me give you an example. I used to work for a company that ran DNS services for public utilities i.e. "critical infrastructure". Every week we would get a classified list of "bad" domains (usually domains that malware would phone home to) from a 3 letter agency and we would notify the utilities if we saw any DNS requests for those domains from any of their computers. Only cleared personnel were allowed to see the list or touch any of the computers that saw the list in any way.
A tech company that wanted to work with a 3 letter agency to see such a list in order to protect their own infrastructure would need cleared personnel and a SCIF (the windowless air-gapped rooms that cleared people work from) to even talk to the agency about a list.
I think the article created a lot of the confusion. Having access to cleared people is important to companies primarily for winning lucrative government contracts. For example, if a 3 letter agency wants to implement a cloud service on an air-gapped intranet, or award a contract to implement social-media algorithms to suss out terrorist networks, they'll look to companies with that sort of expertise. But if those companies don't have a corps of cleared employees, they're out of the running. Having said that, having trustworthy employees (which a clearance implies, but does not guarantee) might be valuable to companies not dealing with classified information, but the article left out the real reason that companies are heavily invested in recruiting people with clearances.
This article makes the asinine inference that hiring a ts worker somehow magically grants you access to ts data. Sf86 makes it perfectly clear: you can be tried for treason up to and including capital punishment for leaking state secrets at the ts level. The information is on a need to know basis and requires the company be certified by disa, NSA, and cleared to have a compartmentalized government facility that includes an FSO and yearly dod inspections. The government also chooses you for classified work and sensitive data. Not the other way around.
It does seem high. I don't know where they get this info, because these are all contractors, so the only info the govt has is how much it pays the labor hire company (e.g. Booz). There are no govt public service employees on a special 'cyber' pay grade. But a special IT stream would make sense - like doctors and lawyers. Otherwise the skills haemorrhage will continue.
For USG systems engineers, clearance level has zero impact on compensation; you either have it or you don't.
> Most with that high of clearance are working in the DC area...
For a systems engineer based on 2017 DC locality, that's lead-/supervisory-level GS-14 Step 3, or working-level GS-13 at the tail end of a long career in government...hardly an average.
Article is wrong if you had clearance you don't get to transfer it if you move to a civilian job is my understanding.
So is there an equivalent to List X companies in the USA who are allowed put staff through clearance.
And for TS clearance I doubt that any dual national other than those because of birth circumstances will be getting clearance any time soon which sucks for SV company employees who are immigrants
You are mistaken. Security clearances go with the person and not the job. Indeed, there’s an entire industry available to people with the correct clearance. Yeah, there's paperwork to do when you move to a new job.
For example, Edward Snowden had a clearance and worked for a private company, Booz Allen after first working for the NSA as a security guard then the CIA.
Security clearance does not stay with the person once they leave the job unless their new employer is (or is sponsored by) the same granting agency (i.e. DOD or DOE) and even then there is paperwork involved to set up the transfer.
You are correct. The clearance comes in the form of a designated position with sponsored need to access certain cleared information. When you are no longer in that job you no longer have the need to access, and hence no active clearance.
When you start in a new job, if it is a security clearance designated position, your clearance can be reactivated. If there has been a gap between old and new your eligibility for a clearance will have to be re-evaluated, also when changing employers. (You could have been fired or left under a cloud, a significant marker for security concerns.)
All clearances require a government sponsor. So tech companies can't maintain someone with a clearance unless they are working on a govt program. IC may be a little more flexible on that.
> Indeed, there’s an entire industry available to people with the correct clearance.
Indeed, one of my biggest career mistakes was not taking a job that would have included a Q clearance back before 9/11, when they were handed out much more quickly and freely.
That not how I read it you can transfer it to another federal job and a restricted set of civilian jobs It requires:
"an industrial or commercial contractor, licensee, certificate holder, or grantee of an agency, including all subcontractors; a personal services contractor; or any other category of person who acts for or on behalf of an agency as determined by the appropriate agency head."
Security clearances only apply to positions that fall under the purview of the federal government.
Under the purview doesn't mean that you are employed directly by the US Government. Again, from the example, Snowden had a clearance from his previous employment. Yeah, it had to get transferred but he didn't have to get re-cleared all over again.
A clearance is held by a specific agency. Say I work for contractor company C, on a contract with three-letter agency TLA. TLA grants me a clearance at whatever level, and they keep track of it. If I switch jobs to another position that requires a clearance -- maybe I go to company D, maybe I stay at C but on a contract for four-letter agency FLA [1] -- then TLA can transfer the clearance to the new agency FLA, and now FLA is the holder. Depending on the specifics of TLA and FLA, this can be "quick" (in government time), or in the worst cases it will take just as long as getting a clearance from scratch.
If I go to company D, but the new position does not require a clearance, then it becomes inactive. I can say I previously had a clearance, and if not much time has passed then getting it reactivated (if I go to a third job that needs it again) may be a relatively quick process. But if I am not at a job that is keeping it active, then I have no right to access classified data or anything.
In other words, if Facebook is hiring cleared people, they have to be working with a government agency that is holding the clearances.
On the other topic: obviously you have to be a US citizen. Immigrants/naturalized citizens are fine; I've known many cleared immigrants. Dual-citizenship I'm not sure about, you might have to renounce your old citizenship.
Why would the US give a Top Secret clearance to an immigrant?
edit - You can't immigrate to a country then expect to receive a Top Secret clearance regardless if it is the US or any other country. I don't suspect Russia will give me a clearance if I were to immigrate and find employment at a tech company. There would be a major national security incident waiting to happen.
2. Do you have to be a U.S. citizen to receive a security clearance from the State Department?
As outlined in Executive Order 12968, Access to Classified Information, eligibility for access to classified information may only be granted to employees who are United States citizens. However, an exception is allowed in specific situations wherein there are compelling reasons for limited access to be granted to an immigrant alien or foreign national employee who possess a special expertise that is needed for specific programs, projects, contracts, licenses, certificates, or grants.
5. Are non-U.S. citizens eligible for a personnel security clearance?
No. However, under rare circumstances, a non-U.S. citizen may be issued a Limited Access Authorization for access to classified information. Specific criteria and limitations are provided in the NISPOM. You may also contact your IS Rep for additional information.
I don't really know the details. I just know my ex husband was career military and he once kind of hand waved off the importance of some security clearance label in, probably, some TV show with the factoid that basically, if you are in the military at all, you have some level of security clearance.
I don't know the nomenclature. I don't know if "Top Secret" is really super duper special or if that is, like, anyone above the rank of E-1. But I also know that, for example, one path to citizenship in the US is to serve in the military. So, if all members of the military have some degree of clearance and some are not citizens, then 1+1=2, I think.
But I googled to find a reliable source rather than give that anecdotal evidence. FWIW.
> ...one path to citizenship in the US is to serve in the military.
True statement.
> So, if all members of the military have some degree of clearance...
False assumption. Jobs that fall under services, personnel, public affairs, medical, contracting, vehicle maintenance, and supply come to mind. This is far from an exhaustive list and will vary in scope between branches of service.
I have personally met foreign nationals who were infantrymen. It is possible my statement is overly broad. But if being in the infantry, like my ex was, grants some degree of clearance, then I have personally known foreign nationals in the US military who must have had a security clearance to do their job at all.
I based my remarks on a remark my ex made. I spelled that out as clearly as I could.
My conclusion is correct that my background knowledge suggests, yes, it is possible for immigrants to have some degree of security clearance. But, hey, I googled it just to be sure and posted that. And it is correct that it is possible for foreign nationals to have a clearance.
People are confusing 'security clearance' with 'background investigation'. Non-citizens very rarely have any US security clearance.
It is normal for Army units to have many non-SECRET cleared members. It is one of the challenges of distributing ISR information to frontline units. Signals (communications) will tend to have clearances, and they couldn't progress if they couldn't get one. Officers are cleared.
I specifically disputed your assumption that all members of the military have some degree of clearance by pointing to select jobs which explicitly do not require any level of security clearance whatsoever. Nothing more.
Specifically addressing infantrymen (Army MOS 11x, Marines MOS 03xx), it's not difficult to imagine a case enlisted immigrant on a defined path towards naturalization being granted iterim clearance to train and perform basic routine duties, but is constrained to non-deployable status and can neither participate in classified briefings nor handle classified material pending valid JPAS investivation disposition...which is all theoretical motherhood and apple pie, except a security clearance isn't actually mandatory for many infantry MOSs.
That is not my assumption. That is my recollection of what I was told by a knowledgeable individual whose word I trust on the subject.
It may be inaccurate. It is fine to share what you know. But, if you want to nitpick the hell out of a comment based on accuracy, you need to at least read the comment accurately and frame your objection or criticism with precise accuracy. If you cannot even accurately read and frame my comment while critiquing it, it basically gives me the impression that the whole point is to try do some kind of ugly social pecking order negging rather than improving accuracy of information in the discussion. And that generally does not go over well with me.
I am 100% fine with pedantry. If you know more than me, totes cool. But the inaccurate framing -- which suggests sloppy thinking on my part -- looks awfully suspicious from where I sit.
I was in the military with a secret clearance (standard I believe) and you are correct it is very mundane, nothing exciting. There were a few times I had to cover documents when people would come in and couldn't talk about certain projects, but it was nothing exciting. I believe intelligence is worthy at the aggregated level, not at the individual level most of us experience.
I misinterpreted the statement then. Naturalized citizens are different, I thought it was in reference to those who come here for a job, then require a security clearance. That would create conflict in my opinion.
As an Australian who lives in our national capital, I can assure you that our friendly local FVEY agency will happily employ Australian citizens at a Top Secret Positive Vetting level who are naturalised immigrants or dual citizens (a huge chunk of this country are dual British citizens, in particular). I get the impression that it makes your life a bit more difficult, but it's definitely achievable.
My understanding is that they actually exclude ALL dual nationals, even those whose citizenships were the result of birth circumstances, unless you are willing to formally renounce your second citizenship.
Depends on what country. If you're a dual citizen with China/Russia/hostile power, you'll probably be forced to renounce or be denied a clearance. Folks from allied countries (NATO) often don't have to renounce it; I believe they ask if you'd be willing to, but you don't have to do it unless they ask
Not sure why the down vote. It does depend on the sponsor, which country you hold a dual citizenship with, and what level of clearance you are trying to obtain.
The below poster is incorrect. In order to move forward in the process in some cases you will need to formally renounce and physically destroy you foreign passport in front of your investigator.
I know that sounds bad, but keep in mind no one is forcing people to obtain a clearance.
From what I understand, the worst case is that they confiscate your other passport(s) to ensure that you do not enter or exit the US with a non-US passport. I could be wrong though.
When companies can't even be bothered to install security updates on public-facing applications or web sites (cf. Equifax), is anyone really surprised that they're being broken into and having all their private data stolen?
In my experience, these public/private information sharing "partnerships" are heavily weighted in the government's favor. That is, the private companies share their detailed, specific data with the government but the information that the government shares with the private companies is laughable. When I was on the "receiving end", it was typically bulletins and notifications that were vague and lacked enough detail to actually be useful or actionable (and even those were limited with regard to distribution).
It's been a few years since I was involved with that stuff so perhaps things have changed. I would be really surprised if they have, though.
In addition, it seems to me that this is a good way for the government to get these tech companies to "go along with" some of their "requests". Oh, you have some private data that the government would like to have access to but you don't want to turn it over? Or, the government has a "black box" they want you to install in your network but you don't want to? Boy, it sure would be a shame if your employees' security clearances got denied, wouldn't it?