Tech Firms Seek Washington's Prized Asset: Top-Secret Clearances

Major tech companies such as Facebook and Twitter are interested in hiring workers with top-secret security clearances as they deal with foreign meddling on their platforms and come under increased risk of hacks, reports Bloomberg. From the article: In doing so, companies such as Facebook are competing with defense contractors, financial firms and the U.S. government itself. Security clearances are a rare and valued commodity, whether at a bank trying to prevent hackers from stealing credit-card data and emptying accounts or at a manufacturer building parts for a stealth fighter or missile-defense radar system. Bringing former government cyber warriors on board at companies can facilitate interactions with U.S. agencies like the NSA or CIA as well as help the firms understand how to build stronger systems on their own. "They have the tradecraft," said Ronald Sanders, a former associate director of the Office of the Director of National Intelligence and now director of the school of public affairs at the University of South Florida. "And the trade craft is some of the best in the world."

Clearance does not necessarily imply anything

[El+Cubano]

As with anything the government does, there is a considerable tooth-to-tail ratio. For every person with a security clearance doing actual intelligence work (including cyber), there are least 10 others who have a clearance without doing that sort of work. For instance, the secretaries and administrative assistants, the HR personnel, the maintenance personnel, the groundskeepers, the managers who sit in meetings all day, the budget analysts, the financial personnel, the IT support staff, the janitorial staff, etc.

I point it out so that people understand that the pool from which the tech and defense firms are trying to hire is not of size N, but probably of size 0.2 * N. They might benefit from having some support staff with clearances, though they can certainly get by without it where the government cannot (support staff in classified facilities have to be cleared). The real challenge is that they are all competing for a small number of experienced intelligence professionals with active clearances.

BTW, you will not see them outsourcing these jobs to H1B workers.

In fact, that is an interesting thing about being a contractor for the government. If you are a worker bee, then you are practically immune from outsourcing. If another company gets awarded the contract you are working on, you can bet that with nearly 100% certainty the new winner of the contract will attempt to hire away all the workers that were on the old contract. Not only are you effectively immune from outsourcing, but you have a high likelihood of being able to continue working in the same geographic area (and maybe the same office/project) through any of a number of changes of employer. Try that in the civilian world. The tech companies will have to pony up, because the defense contractors already do.

Re:Clearance does not necessarily imply anything

[Gilgaron]

This is insightful... the 'tradecraft' and the clearance as completely different things. The whole idea when you get into this sort of thing is that you only know the minimum possible to be effective. I have heard there is even demand in people with inactive clearances since it is easier to reactivate than start from scratch.

Re:Clearance does not necessarily imply anything

[tsqr]

This whole thing sucks for people who haven't been cleared (Because it's not possible unless you're hired for a job where the government actually requires it) and reeks of favoritism for past governmental employees.

I'd like to see federal legislation passed that either prohibits employment/job discrimination based on the possession at the time of hiring of a government security clearance, OR security clearances are automatically revoked or cancelled when leaving or changing employers and have to be re-verified to be re-instated after hiring to a new job, OR a law prohibiting an individual holding clearances from causing any of the clearances they already hold to be disclosed to a recruiter or prospective employer, other than ability to get a clearance or already having a clearance will have to be verified after a hiring decision.

While you're at it, why not wish for a law prohibiting discrimination based on the prospective employee's skill set? The current system reeks of favoritism for people who know how to do things.

Here's my personal experience, having held a secret clearance for 35 out of the last 40 years while working for defense contractors. Security clearances are de-activated when a cleared employee changes employers. If the new employer requests re-activation within a short period of time, there is some paperwork and minimal vetting to go through. If the request is not made within a short period of time, the employee goes through a re-verification process that requires a re-submission of all the very detailed personal information that was submitted the first time, and waits a long time (currently about a year) to be cleared. Then periodically (every 10 years or so), the employee goes through the whole thing again. If the cleared employee shifts from a position requiring a clearance to one not requiring a clearance, the clearance is suspended. If the employee returns to a position requiring clearance within six months, the clearance can be unsuspended quickly; if not, it's de-activated. If not re-activated within a fairly short period of time (6 months, I believe), it's cancelled.

I shouldn't have to say this, but not everyone can get a clearance. Do you have a non US person that's a close relative? Recent bankruptcy? Other financial problems? Ever been arrested for anything? Ever been charged with a crime? Ever had a restraining order issued against you? Less than honorable military discharge? Used any illelgal/controlled drugs or substances in the last 7 years? Court-ordered psychiatric treatment? Ever held a non-US passport? Ever been officially reprimanded for workplace misconduct? Ever been fired from a job for cause? Failed to pay Federal, state, or other taxes? Ever used a credit counseling service? Been delinquent on any Federal debt (hint: Federally guaranteed school loans)? Ever defaulted on a loan? Ever had anything repossessed? Been evicted for non-payment of rent? Ever been sued? Ever sued anyone? Ever been a member of an organization that advocates or practices acts of violence to discourage others from exercising their Constitutional rights (hello, antifa)? Any of these can disqualify an individual, and some of them are immediate disqualifiers.

Re:Clearance does not necessarily imply anything

[Gr8Apes]

There's already a file on you and the gov never ever throws anything away.

thats a confusing headline

[AkumaKuruma]

just because people have clearances doesn't mean they have skillsets that would benefit this. It just means they don't have the markers that make them untrustworthy with highly sensitive information. there are plenty of people who hold a top-secret clearance that don't know where the "any" key is

it sounds more like someone got cyber-security industry confused with security clearance. i understand their need for cyber-defensive capabilities. some banks, like USAA, actually run their own in house cyber operations desk to help protect their digital assets. cyber-security as a trade spans across all digitally connected industries (govt, banking, industrial, commercial....) and they are all being head-hunted by the same groups. this would just be another company throwing their sharks into the feeding tank.

What is this, I don't even

[0xdeadbeef]

Security clearances mean fuck all. It only proves you passed a background check. Bragging about it is a negative signal.

What bullshit is this article trying to sell? Who benefits from this? Contracting companies?

Re:What is this, I don't even

[Baron_Yam]

>Security clearances mean fuck all. It only proves you passed a background check.

I have worked government contracts in semi-secure environments (just police checks, not full background investigations). Nobody gets past the front desk without being cleared, so if you're a vendor and want a contract, it's incredibly useful to be pre-cleared.

I've seen a few instances where someone got checked last minute at the front door and didn't pass. It's stupid that they tried, embarrassing for the vendor, and delays the work.

Re:What is this, I don't even

[Baron_Yam]

While history shows us secrecy is frequently used to cover up incompetence or prohibited activity, it's ALSO used because it's a lot easier to accomplish certain goals if you don't tell everyone what you're doing first.

Imagine if the cops had to give criminals access to their active investigation documents, for instance. Similar concerns apply at higher levels of government.

It would be really nice to live in a world where we all get along, but we don't. As long as there are different groups in competition, the side that gives up secrecy will lose.

Re:What is this, I don't even

[chihowa]

So what this all adds up to is that it means that tech companies want people who are already cleared because they're too lazy or too cheap to go through the process themselves. Instead they'd rather some other company go through the expense and then poach employees off them.

That sums it up. If they aren't willing to foot the cost and wait for the process, they aren't terribly concerned about keeping you on in the long-term anyway. Requiring an active security clearance a good sign to potential applicants in itself.

Re:What is this, I don't even

[Jfetjunky]

From first hand experience, clearance != good performer. So what are you left with? Hoping they'll divulge secrets? That's the whole point of the security clearance. They see things and work on things they CAN'T and WON'T (or at least shouldn't) share anywhere else.

I had a friend who wanted security clearance so he could talk to other people with clearance and learn cool secrets. It doesn't work that way. You seriously do need a reason to be exposed to classified information, you can't just start sharing it freely once you're "in the club".

I call BS

You don't need any security clearance to work on a company's most secret stuff, or defend them from (cyber-)attacks or anything.
If they're recruiting people with (a need for a) clearance, it simply means they're under government contract, either directly or through another contractor.
Thank you Bloomberg for letting us know tech firms are working for the TLAs.

Re:Security clearance

[XXongo]

Why doesn't Facebook and others do what the defense industry does - get one if their employees to apply?

Because you can't just "apply" for a secret clearance; you must show that you have a specific requirement for one.

You can't have cleared employees just because.

[jeff4747]

To have cleared employees, your company has to be working on a government contract that requires a clearance. So Facebook, Twitter and similar can't just decide to hire cleared employees. They have to go through the process to become government contractors, and then win a contract that requires a clearance.

Also, if you have a clearance and stop working at a job that requires a clearance, your clearance goes away. So once Facebook hires someone with a Top Secret clearance, they no longer have a Top Secret clearance and lose access to the information the article claims Facebook wants.

Even if Facebook, et al manages to go through all the steps to get a contract that requires cleared employees, they can't work on whatever Facebook wants. Those employees have to work on that contract. Those employees also can't just say "Hey, we need to do _____ to stop ______ from hacking us", because that's classified information. The employee can't just share it with everyone at the company.

This author should really have spent a minute or two researching how clearances work before writing this shitty article.

Re:You can't have cleared employees just because.

[PPH]

Also, if you have a clearance and stop working at a job that requires a clearance, your clearance goes away.

To be accurate, it becomes inactive. All the background checks that were done on an individual are still on file. And in many cases they are still being done*. So people in these positions are of value because they can be issued a new clearance pretty quickly.

*People leaving many classified positions have systems capability knowledge and remain targets of foreign intelligence services. Sometimes for years or even the rest of their lives. The DoD (for one) keeps an eye on ex-contractors in such positions.

Re:You can't have cleared employees just because.

[swb]

Maybe they just want free, government-certified background checks.

I'm also assuming they're looking for people with only the most senior security clearances, the kind that are only really certified by the FBI or some other government intelligence agency.

It might be useful if you're just looking to hire someone with an extremely reliable background who exceeds private sector levels of background certification to work on critical security systems.

Re:and for a job that needs the clearance!

[Gr8Apes]

Once you have it you can maintain it if you desire. It's a cost item. Just because you have it doesn't mean you get any access to anything, it merely means the government keeps tabs on a whole list of things on you and you will have some reporting requirements.

Re:Security clearance

[PPH]

This.

In fact, it's usually the government that makes a clearance a condition of a contract. And it's in the best interest of the company to minimize the number of people that need to be covered by a clearance.

A lot of people are looking at this clearance issue from the point of view of selling jet fighters or submarines to the government. Where their primary business is to sell such goods. Facebook and Twitter would be better off not having cleared employees. And developing their own anti-hacking tools and processes completely unencumbered by government secrecy requirements. Unfortunately, the NSA (and other TLAs) have managed to become the gatekeepers of inter company intrusion data. Which they need to keep their systems clean.

Let's enlighten the internet about US clearances

[RightwingNutjob]

I'm sure that no one will blab anything of interest to an adversary government.

Jesus, come on guys. How many "anonymous users" have posted an Ask Slashdot about some arcane details about US cyber security in the past 20 years? Think before you flap your lips, eh?

I had a full scope TS/SCI clearance once...

It wasn't worth it. Constant invasive background checks on you and people close to you; you have to disclose basically everything about your life to the government, such as everywhere you've lived for the last seven years, monthly bank statements for all of your back accounts for the last year, personal information about all of your in-laws, and so on; and you have to constantly take training classes that teach you how to be paranoid and never trust anybody else. I was starting to experience serious anxiety problems, all so that I could work in a concrete bunker that had no connection to the outside world, on dummy terminals that connected to ancient computers that were doing classified work that you're not sure the government even should be doing.

I quit and decided that I'll never work at another job that requires a government clearance, and I've been much happier for it.