The workplace practices of most intelligence agencies are not keeping pace with the changing nature of the intelligence business. Intelligence today is highly dependent on global networks of sensors, including unclassified sensors not owned or operated by the U.S. government. And while most global enterprises embed their employees where the action happens and hire the diverse talent they need the moment they need it, U.S. intelligence agencies continue to require most intelligence officers and analysts to work on-site in headquarters facilities, for which new recruits endure two-year long waits for hiring and security clearances.
Modern-day intelligence needs modern-day work models, and solutions exist that could mitigate the 700,000-person backlog for clearances while widening access to highly skilled and diverse pools of talent.
Intelligence agencies could create workplaces where unclassified jobs or job functions could occur offsite in unclassified locations. By doing this, agencies could reduce the number of employees who need access to classified information and classified computing systems, thereby decreasing risks of insider threats.
Today, many business processes in the Intelligence Community occur on classified computing systems, irrespective of the classification of the process itself or the data involved. As a result, all employees who use computers must be vetted through the security clearance process, which may eliminate many first- and second-generation immigrants and create a workforce that lacks the cultural diversity of both the U.S. population they serve and the foreign populations on which they report.
Agencies could turn this business model upside down by creating uncleared workforces which conduct many business functions, unclassified collection of publicly available information, and foundational intelligence on unclassified computer systems at remote locations.
If agencies choose to offer basic business functions on unclassified computing systems, like time and attendance, and provide collaborative tools, like chat and file sharing capabilities, then employees whose jobs involve primarily unclassified information may no longer need access to classified computing systems.
Agencies could write clear policies about how to safely handle controlled unclassified information and make security classification guides easier to understand in order to move some jobs offsite while implementing processes and procedures for handling sensitive information.
My colleagues and I interviewed over 40 employees at one intelligence agency and reviewed existing laws, executive orders, and regulations, and we found no law or regulation that would prevent these changes from occurring.
Imagine a parallel universe where analysts working on unclassified computing systems could receive unclassified information from networks of nongovernmental organizations and sensors that constantly monitor underground nuclear tests, missile launches, chemical weapons attacks, movements of foreign militaries and navies, and terrorist activities. Unclassified sensors and data on all of these sources already exist today.
In this parallel universe, intelligence officers trained on analytic tradecraft techniques could determine the credibility and accuracy of each unclassified source and could reconcile conflicting reports. They could talk with scientists and technologists developing and monitoring advanced sensors to understand the data, its accuracy, and credibility.
They could even work anywhere in the world, creating a distributed workforce shielded against the effects of a catastrophic event in the Washington, D.C. area. These officers could send their analysis back to headquarters, where analysts sitting inside classified facilities could compare unclassified findings with classified information from satellites, spies, and classified sensors around the globe.
Such a geographically distributed workforce could be postured to withstand a continuity of operations event in any one part of the country, could be located near or embedded with interagency partners, and could reflect the diversity of missions and target sets.
Security officials concerned about insider threat reported to our team that fewer employees with access to classified computing systems could translate to fewer points of risk for them to monitor. The financial savings and other resource savings reaped by the government in fewer security clearances and a smaller classified computing network could be reallocated elsewhere.
The U.S. intelligence community uses outdated workplace practices and yet it is expected to pivot to current day threats. Re-thinking and re-designing the intelligence business model could provide agencies with new agility and new opportunities.
Cortney Weinbaum is a management scientist in the Cyber and Intelligence Policy Center at the nonprofit, nonpartisan RAND Corporation.