Add to collection(s) Add to saved
  1. Business
  2. Management

ESCC Clearance Handbook_Draft 10-27-14

advertisement 
Electricity Subsector Handbook on the
Private Sector Clearance Program for
Critical Infrastructure
Description of the Clearance Nomination Process, and Clearance Holder’s Roles
and Responsibilities
Table of Contents
Executive Summary ...................................................................................................................................... 2
Overview ....................................................................................................................................................... 2
Background ................................................................................................................................................... 2
ESCC Liaison and DHS/IP Relationship .......................................................................................................... 3
PSCP Nomination Process ............................................................................................................................ 4
Identification and Application Phase .................................................................................................... 4
Justification ........................................................................................................................................... 5
Nomination Approval Phase ................................................................................................................. 7
Security Clearance Processing (Pre-Investigation Phase, Part 1 of 2) .................................................. 8
Security Clearance Processing (Investigation Phase, Part 2 of 2) ......................................................... 9
Roles and Responsibilities of Industry Members with Clearances ............................................................. 9
Safeguarding Classified Information ..................................................................................................... 9
Initial and Annual Security Training ...................................................................................................... 9
Reporting Significant Life Events......................................................................................................... 10
Security Violations .............................................................................................................................. 10
Termination of Need to Know............................................................................................................. 11
Deactivation of a Clearance ....................................................................................................................... 12
Use of Clearance for Information Sharing ................................................................................................. 12
Establish Contacts and Attend Briefings ............................................................................................. 12
Visit Authorization Request ................................................................................................................ 12
Developing Unclassified Documents and Tearlines ............................................................................ 13
Building the Trust Relationship Model ............................................................................................... 13
Information Sharing with Federal Partners for Further Intelligence Evaluation ................................ 13
Access to Greater Analytical Capabilities ............................................................................................ 13
Development of Strategic Level Policy................................................................................................ 14
Industry as a Resource to the Federal Government for Incident Response ....................................... 14
Appendix A..………………………………………………………………………………………………………………………………………… A1
DHS PSCP External Fact Sheet… ………………………………………………………………………………………………….… A1
1
Executive Summary
Overview
The Department of Homeland Security (DHS) in coordination with the Electricity Subsector Coordinating
Council (ESCC) have identified the need for industry executives and subject matter experts (SMEs) to
obtain Federal security clearances in order to facilitate access to classified materials and threat
information related to the industry. The DHS Private Sector Clearance Program (PSCP) for Critical
Infrastructure ensures that select critical infrastructure private sector owners, operators, and industry
representatives, specifically those in positions with responsibilities for ensuring the protection, security,
and resilience of their assets, are identified and processed for Secret level clearances1. Granting of
security clearances to select industry representatives facilitates access to classified information to better
enable risk-informed decision making; assists in determining the content, structure, and types of
information most useful to critical infrastructure owners, operators, and industry representatives; and
allows greater participation in the protection of critical infrastructure and the security of the homeland.
Based on a January 30, 2014, meeting between the ESCC and Government Executives, DHS and the ESCC
agreed to develop an industry handbook regarding DHS’ PSCP and the roles and responsibilities of
industry personnel who are granted security clearances. This handbook is meant to be any industry
resource, which describes the PSCP nomination process and provides guidance on the clearance holder’s
roles and responsibilities and means to effectively use their clearances for information sharing purposes.
Background
Ensuring critical infrastructure security and resilience requires ongoing cooperation between
government and the private sector. While the vast majority of information that DHS shares with the
private sector is unclassified, instances occur where the information to be shared is classified, requiring
a Federal security clearance for access. In recognition of this need, the President issued Executive Order
(EO) 13549 in August 2010, directing the establishment of a “Classified National Security Information
Program for State, Local, Tribal, and Private Sector Entities.” The DHS Office of the Chief Security Officer
(OCSO) exercises responsibility for the supervision, oversight, and direction of DHS’ security programs
for personnel security, information security, and the implementation of EO 13549.
In support of OCSO, the DHS Office of Infrastructure Protection (IP) established the PSCP for critical
infrastructure to ensure that select critical infrastructure private sector owners, operators, and industry
representatives may be processed for security clearances. These individuals must have a demonstrated
and foreseeable need to access classified information, be in a leadership, managerial, or executive-level
position, and able to capitalize on the value of the classified information shared.
More recently in February 2013, the President signed EO 13636, Improving Critical Infrastructure
Cybersecurity2, which states “It is the policy of the United States Government to increase the volume,
1
The DHS/IP PSCP issues Secret level clearances. Top Secret level clearances may be issued by the Department of Energy via a
separate program with different selection criteria and justification requirements.
2
https://www.federalregister.gov/articles/2013/02/19/2013-03915/improving-critical-infrastructure-cybersecurity
2
timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these
entities may better protect and defend themselves against cyber threats.” EO 13636 also directed DHS
to expedite processing of security clearances:
“(d) The Secretary, as the Executive Agent for the Classified National Security Information Program
created under Executive Order 13549 of August 18, 2010 (Classified National Security Information
Program for State, Local, Tribal, and Private Sector Entities), shall expedite the processing of security
clearances to appropriate personnel employed by critical infrastructure owners and operators, prioritizing
the critical infrastructure identified in section 9 of this order.”
To ensure implementation of EO 13636, IP has been given the role and responsibility of identifying
appropriate private sector stakeholders who are in a position to assist DHS and interagency partners in
determining the content, structure, and types of information most useful to critical infrastructure
owners and operators in reducing and mitigating cyber risks and to further enhance the DHS
infrastructure security and resilience mission. Security clearances enable selected owners, operators,
and representatives to access classified information and more fully participate in the protection of
critical infrastructure and the security of the homeland.
Industry also recognized the need and urgency for industry SMEs to obtain and use security clearances.
The North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection
Committee (CIPC) and the ESCC, under NERC leadership, developed a Personnel Security Clearance Task
Force Report (PSCTF)3 in June 2013. This report proposed a model for identifying, prioritizing, and
nominating the top four candidates within bulk power system organizations for U.S. government
security clearances. The report identified the need to engage more senior executives at electric utilities
in discussions in the classified space.
In response to EO 13636 and the identification of the need for classified discussions with the newly
initiated ESCC leadership and the Energy Government Coordinating Council, DHS representatives, with
industry concurrence, directed the development of a handbook to facilitate the processing of security
clearances for the Electricity Subsector and provide guidance on use of classified information.
The following sections will help PSCP nominees from the Electricity Subsector navigate the application
process, understand their responsibilities for maintaining a clearance, and participate in classified
information sharing sponsored by the U.S. Federal Government.
ESCC Liaison and DHS/IP Relationship
An ESCC Liaison position has been established to help facilitate the efficient processing of security
clearances for the Electricity Subsector. The function of the ESCC Liaison is to communicate on a regular
basis with the IP Sector Outreach and Programs Division (SOPD) Electricity Liaison Team and PSCP
Administrator to assist in the pre-vetting of clearance requests, managing the flow and maintaining
awareness of the status of clearances in process, and as necessary, assist in providing more detailed
justification for the requested clearance and priority of the application. This relationship helps to
provide immediate feedback to those processing applications and provides a focal point for industry
applicants.
3http://www.nerc.com/comm/CIPC/Personnel%20Security%20Clearances%20Task%20Force%20PSCTF%20201/Personnel%20S
ecurity%20Clearances%20Task%20Force%20Report.pdf
3
The ESCC Liaison is selected from the staff of the ESCC Steering Committee companies. Add generic
email once ESCC portal is established (e.g. ESCCLiaison@ESCC).
PSCP Nomination Process
Identification and Application Phase
The first step in the clearance application process is to identify nominees for security clearances.
Through the DHS PSCP (PSCP@hq.dhs.gov) , DHS/IP Sector-Specific Agencies (SSAs)4, Protective Security
Advisors (PSAs), and Sector Liaisons, as well as other Federal officials designated as “Nominators” by IP
may identify and nominate private sector officials who may require access to classified information to
act on or otherwise fulfill an authorized DHS-related function associated with national security. The
DHS/IP Electricity Liaison team (electricityliaisons@hq.dhs.gov ) and PSAs (PSCDOPS@hq.dhs.gov) are
the primary nominators for the Electricity Subsector. Private sector individuals, organizations, or
associations may not initiate nominations or self-nominate, but may recommend an individual for
nomination to an approved Nominator. An eligible nominee must be an employee —not a contractor or
consultant—of the reference utility with a valid need to know.
Once a nominee has been identified, the nominee may assist the Nominator in completing a Critical
Infrastructure Private Sector Clearance Program Request, DHS Form 9014. The completed form is then
forwarded to the DHS/IP Electricity Liaison team (electricityliaisons@hq.dhs.gov) for initial review and
pre-vetting with the ESCC Liaison before being forwarded to the PSCP Administrator for formal
processing.
The pre-vetting process is an informal check and balance process, between the DHS/IP Electricity Liaison
team and the ESCC Liaison, outside of the formal PSCP nomination process. The ESCC Liaison verifies a
nominee’s place of employment, position within the utility or organization, and reviews the
nomination’s justification. Preference during the pre-vetting process is given to senior-level positions of
an organization or a designee of the Chief Executive Officer (CEO) or CSO, SMEs, and members of the
critical information sharing forums and associations listed below.
Note: Applications require utility senior management approval; without this approval,
applications will likely be returned to the nominee for further justification after the first review.
Note: A nominee is strongly encouraged to submit an email or letter on official company
letterhead from their Security Coordinator, Company Senior Manager, or Chief Security Officer
(CSO) approving the nominee for a security clearance. This correspondence should include the
name of the utility and the senior manager’s name, contact number, and email address.
DHS-sponsored clearances are nominally granted at the Secret level to industry participants who meet
certain criteria and have successfully completed the DHS clearance process. A nominee who cannot be
4
SSA nominations are only for select individuals connected with a DHS mission related activity. Each Federal agency is
responsible for the issuance of security clearances and access to classified information associated with their respective national
security mission activities. As “Nominators,” SSAs are proposing candidates who are associated with the DHS partnership
framework and are critical infrastructure owners and operators, sector leadership (i.e., Sector Coordinating Council members),
or SMEs identified by DHS to assist in analyzing critical infrastructure and national security-related information to further
enhance the DHS infrastructure protection mission.
4
verified as electric utility employee or does not have a valid need for access to classified information
may be denied by DHS/IP at this step.
Justification
Clearances are not granted to every nominee. The Nominator must identify a compelling need for
access to classified information and the nominee’s ability to access classified materials, as well as
articulate the need for DHS to share classified information with the individual. A Nominator may ask a
nominee to assist in completing the justification portion of the DHS Form 9014. The first line asks for
the nominee’s position within the company. The second line asks for the nominee’s job responsibilities.
The third line asks for any relevant association memberships (Sector Coordinating Council [SCC], ISAC,
etc.) to which the nominee belongs. The fourth line asks the nominee to identify the sector with which
the nominee is affiliated. If a nominee belongs to an entity with multiple sector affiliations such as a
combined electric, gas, and water utility, the sector in which the nominee predominately works should
be designated. Nominees from large utilities with multiple clearance holders should reference the NERC
PSCTF Report5. For cases where the number of clearance holders requested exceeds the number
recommended by the NERC PSCTF model, additional detailed justification and validation from the utility
or the ESCC Liaison may be required in order to process the request.
Below is a list of relevant association memberships that may be entered into the third line of the
application (DHS Form 9014: Subject’s association memberships include):
 SCC members;
 Recognized SME within the SCC;
 Member of a critical infrastructure advisory body including the National Infrastructure Advisory
Council; National Security Telecommunications Advisory Committee; Enduring Security
Framework; Unified Coordination Group; Threat Engagement Working Group; Critical
Infrastructure Cross Sector Council;
 Corporate CEO or CSO, or their equivalent or designated Cyber and Physical representative for
nationally critical assets or systems (as identified under the EO 13636 or National Critical
Infrastructure Prioritization Program);
o Nominee would use the information to influence organizational behavior, make risk
management decisions, or make/influence risk management investments;
 Specific staff who support a nationally critical asset and require classified information to conduct
critical security and resilience functions (e.g., security managers and intelligence/risk analysts);
 Identified SMEs in critical infrastructure security and resilience;
 A SME at a trade association within the Electricity Subsector; or
 National Cybersecurity and Communications Integration Center (NCCIC), National Infrastructure
Coordinating Center Watch, and/or Critical Infrastructure Crisis Action Team designated private
sector representative with responsibilities to access classified information as part of these
organizations’ operations.
To help the ESCC Liaison better communicate the nomination’s priority, nominees should ensure the
functional area and SME skill set they represent are clearly stated in the remarks section of the DHS
Form 9014.
5http://www.nerc.com/comm/CIPC/Personnel%20Security%20Clearances%20Task%20Force%20PSCTF%20201/Personnel%20S
ecurity%20Clearances%20Task%20Force%20Report.pd
5

Membership in Electricity Subsector leadership or technical committees will help justify the
nominee’s need to know and potential candidacy for a clearance.
o NERC CIPC members
o ESCC members
o Regional CIPC members
o SMEs on working groups or task forces needing clearances
o Other Electric utility employees identified by using the NERC PSCTF report matrix

Identification of functional registration type in the application will help to prioritize any
applications in the queue.
o Reliability Coordinator
o Balancing Authority
o Transmission Owner
o Transmission Operator
o Generation Owner
o Generation Operator
o Distribution Provider

Providing as much detail in the application will help justify the nomination. The nominee should
identify areas of expertise.
o Executives – Corporate Officers, Directors, and Senior Managers of an organization who
have comprehensive enterprise security and risk management responsibilities. These
executives should have decision making authority in terms of bulk power system
operations and be in a position to effect change, authorize expenditures, exercise
formal policy approval, accept fiduciary responsibility, and be available for immediate
contact. These qualifications are critical when actionable intelligence must be acted on
throughout an organization, but the details of which cannot be shared outside of
classified spaces.
o Cybersecurity SMEs – Individuals who understand the organization’s cyber systems and
how they interact with various functional areas, both vertically and horizontally, and
have the skills, authority, and focus to include the enterprise system and functional
subsystems, e.g., Corporate Networks, Energy Management System/Supervisory Control
and Data Acquisition system (EMS/SCADA), Generation/Transmission Control, and
Market Management Systems linked to EMS/SCADA.
o Physical Security SMEs – Individuals who understand the organization’s physical
systems, and have the skills, authority, and focus to include the enterprise system and
functional subsystems, e.g., CSO, Directors of Security Operations Centers, and
Managers of physical security guard forces.
o Operational SMEs – Individuals who are able to affect real time operations and make
decisions on operating posture based on emerging threat information.
6
Example DHS Form 9014:
Nomination Approval Phase
The PSCP Administrator will vet the nominee’s information against the criteria for participation in the
PSCP. Incomplete requests or requests requiring further justification will be returned to the Nominator.
After review by the PSCP Administrator, the application is routed to the IP Office of the Assistant
Secretary (OAS) for review and nomination approval. Upon approval, the forms are routed to the IP
Security Office for further processing.
If the application is returned, the Nominator and/or ESCC Liaison will provide further justification for the
clearance nomination and resubmit to the PSCP Administrator. This added step will add time to the
application process; therefore, nominees should ensure they provide as much detail as possible in the
initial application.
7
Security Clearance Processing (Pre-Investigation Phase, Part 1 of 2)
The IP Security Office will contact the nominee directly to collect sensitive Personal Identifying
Information (PII) needed to begin the security clearance process (e.g., Date of birth, Place of birth, and
Social Security Number). PII should not be transmitted in clear text via email over the Internet. The IP
Security Office will provide instructions on how to transmit any required PII.
Note: Nominees should whitelist the DHS.gov domain name so the email notification for the
request to collect PII is delivered in a timely manner. If nominees have not heard from DHS or
the ESCC Liaison after three to four weeks of filing the DHS 9014 form, they should contact the
ESCC Liaison (e.g. ESCCLiaison@ESCC) to help facilitate communicating the PII.
Once the nominee’s PII is obtained, the IP Security Office will enter the information into “eQIP”6, a
secure government portal for investigation processing. Once IP Security has initiated the nominee in
eQIP, the nominee will be able to access the eQIP site and complete the required online security
questionnaire.7 Additionally, the IP Security Office will email a forms package to the nominee with
instructions on how to proceed. The forms package includes a set of security forms and instructions on
how to obtain fingerprints locally if within the National Capital Region (NCR). Individuals that are not
located in the NCR will be sent, via U.S. Postal Service mail, fingerprint cards along with instructions.
Once the nominee completes the eQIP process and submits all required forms, signature pages, and
Electronic Questionnaire for Investigation Process (eQIP) is the name of the U.S. Government system used to collect and
manage clearance applicant information.
7 Nominees may download a copy of the security questionnaire, Standard Form 86 from
(http://www.opm.gov/forms/pdf_fill/SF86.pdf) prior to being granted access to eQIP in order to have the required information
readily available.
6
8
fingerprint cards, the IP Security Office will submit the completed application package to OCSO for
further security clearance processing.
Note: The nominee must complete his or her security questionnaire in eQIP within 45 days of
initiation, or he or she will be inactivated and may be removed from consideration. If this
situation occurs, the nominee should contact the Nominator to request a re-nomination into the
program.
Security Clearance Processing (Investigation Phase, Part 2 of 2)
OCSO will initiate a background investigation8, conduct the adjudication, and make a determination
concerning the nominee’s eligibility for a security clearance and access to classified information9. Upon
initiation of the investigation process, DHS may grant an interim Secret clearance for exceptional
reasons or circumstances to expedite access to classified information when there is a mission
requirement. Interim Secret clearances are typically granted in seven days following a favorable
determination from OCSO. The average timeline to complete the full security clearance process
(investigation, adjudication, and determination) is approximately two-to-three months, but may take
longer depending on each nominee’s circumstances. IP Security will notify the nominee via email of the
decision to grant or deny the security clearance.
Roles and Responsibilities of Industry Members with Clearances
Each individual who has obtained a security clearance through the PSCP is required to perform certain
actions to maintain his or her clearance. These actions include:
Non-Disclosure Agreements
Upon receipt of a favorable personnel clearance determination and before the security clearance is
granted, each individual is responsible for completing the following forms and promptly returning to
OCSO and IP Security:
 Complete a Classified Information Nondisclosure Agreement (SF-312)
 Complete a DHS Non-Disclosure Agreement (DHS Form 11000-6)
 Review Statement of Understanding Relative to the Protection of Classified National Security
Information and sign letter of acknowledgement
Safeguarding Classified Information
A cleared individual is responsible for safeguarding all classified information that he/she has accessed in
accordance with the terms of the SF-312 (Classified Information Non-Disclosure Agreement), the
“Statement of Understanding Relative to the Protection of Classified National Security Information,” and
other applicable Federal standards.
Initial and Annual Security Training
To maintain a clearance, the cleared individual must complete both initial and annual refresher security
training. Upon notification of a favorable clearance determination, the cleared individual will be
provided instructions on how to complete his or her initial security training. The annual refresher
security training is administered by the PSCP Administrator, who will notify clearance holders via email
8
OPM Frequency Asked Questions regarding investigations:
ihttp://www.opm.gov/faqs/topic/investigate/index.aspx?cid=56d6e92e-6e27-4b6a-8969-4a7a1bfba76d
9
For some nominees, issuing a clearance may require a Foreign Ownership, Control or Influence determination first.
9
when the training is due. PSCP participants should notify the DHS/IP PSCP Administrator
(PSCP@hq.dh.gov ) or the Electricity Liaison team (electricityliaisons@hq.dhs.gov) of any change to their
email address so that it can be updated.
Reporting Significant Life Events
A cleared individual must report to IP Security Office (ipsecurity@hq.dhs.gov) any information or
significant life events that may have a bearing on continued eligibility for access to classified
information. A list of reportable events is included in the training briefing given to all individuals cleared
through the PSCP, and includes any change of the following:
 Name
 Marital Status
 Citizenship changes
 Adverse information, such as
o Recent arrests, criminal charges (including charges that are dismissed), citations, tickets,
summons or detentions by Federal, State, or other law enforcement authorities for
violations of law within or outside of the U.S. (Traffic violations for which a fine of up to
$300 was imposed need not be reported, unless the violation was alcohol or drugrelated)
o Alcohol or drug related problems
o Personal or business-related bankruptcy filing
 Loss or compromise of classified information
 Any unofficial contact with foreign nationals
 If a member of the individual’s immediate family is a citizen or resident of a foreign country
 Any potential employment or service with a foreign government, organization, entity or interest
Security Violations
If a cleared individual is aware of any security violation he/she or another cleared individual have
committed, then he/she shall promptly report the violation to IP Security (ipsecurity@hq.dhs.gov).
Report of Foreign Travel
All foreign travel, both business and leisure, should be reported in advance of departure. The clearance
holder should contact IP Security (ipsecurity@hq.dhs.gov) to obtain a Notification of Foreign Travel
Form. Once completed, the form should be forwarded to IP Security for processing. For foreign travel
not reported in advance, the form should still be completed and submitted to IP Security. The DHS
Office of Security may have additional questions since the travel was not reported in advance. IP
Security will advise the traveler if additional information is required.
10
Termination of Need to Know
Upon leaving his/her position of employment and/or no longer retaining a need to know with regards to
classified information, the cleared individual shall contact IP Security (ipsecurity@hq.dhs.gov) and the
PSCP Administrator (PSCP@hq.dhs.gov) to commence the debriefing process and removal from the
program.
11
Deactivation of a Clearance
DHS will deactivate a clearance for any of the following reasons:
 Failure to complete annual security refresher training
 Change in employment (a new DHS Form 9014 must be submitted to reactivate)
 Change in citizenship
 No access to classified information for more than one (1) year
Use of Clearance for Information Sharing
Ensuring our nation’s critical infrastructure remains secure and resilient requires ongoing cooperation
between Government and the private sector. The PSCP enables selected industry representatives to
access classified information and more fully participate with government partners in the protection of
critical infrastructure and the security of the homeland.
However, cleared individuals may not always know how to share the information they receive during a
classified briefing, or how to optimize use of their clearance to the benefit of their organization, the
public-private partnership, or other sector partners. The following guidance will help cleared industry
members effectively use their clearances for information sharing purposes.
Establish Contacts and Attend Briefings
Cleared individuals should reach out to their local PSAs, Fusion Centers (https://nfcausa.org/), Federal
Bureau of Investigation Field Offices, Secret Service Offices, and other Federal partners to introduce
themselves and to extend an offer to provide subject matter expertise as required. In doing so, the
individual strengthens the public-private partnership, becomes aware of points of contact at secured
facilities within his or her local area, and gains knowledge of when a classified meeting or briefing of
interest may be scheduled.
Additionally, cleared individuals should coordinate with their local partners and the IP Security Office to
“perm-cert” their clearances for the briefing facilities in their areas.10 Having one’s clearance already in
place at a local briefing facility, where secure phone and email exchanges can occur, will expedite the
flow of critical information when the need arises.
Visit Authorization Request
Invitation to a classified meeting may require a clearance holder to have his or her security clearance
information passed to the sponsoring organization for validation. An individual’s security clearance
information can only be passed from one security office to another. A clearance holder can request his
or her clearance information be passed by contacting IP Security (ipsecurity@hq.dhs.gov) to obtain a
DHS Personnel Visit Authorization Request Form (DHS Form 11000-7). Once completed, the form should
be forwarded to IP Security for processing.
Permanent Certification, or “perm-cert,” allows a person who is cleared through one U.S. Federal Department or Agency to
have his/her clearance passed to another U.S. Federal Department or Agency for a period of up to one year.
10
12
Example DHS Form 11000-7
Developing Unclassified Documents and Tearlines
A cleared individual can add value to classified discussions when development of an unclassified
document or tearline is required. As an industry representative, his or her subject matter expertise may
be able to assist government partners and intelligence assets in better understanding the implications of
threat information received and how best to express that information to a larger audience or industry
partners. Examples of products that benefit from the public-private partnership are the United States
Computer Emergency Readiness Team bulletins and Electricity Sector Information Sharing and Analysis
Center (ES-ISAC) Alerts that indicate a need for action, but do not reveal specific classified information.
These reports may be based on classified intelligence, but only include details at the unclassified or
Official Use Only level.
Building the Trust Relationship Model
Utility employees granted security clearances are expected to integrate their threat analysis efforts with
the ES-ISAC and other information sharing forums to maximize the usefulness of the classified
information. Producing unclassified industry guidance and alerts helps industry develop situational
awareness based on the trust of the content coming from industry SMEs.
Information Sharing with Federal Partners for Further Intelligence Evaluation
The electricity industry has begun to engage with the Federal Government to share real time data flows
to identify malicious code. The bidirectional sharing of information can help the federal partners
evaluate intelligence data and provide feedback on industry issues of concern. Some of this intelligence
evaluation is done in the classified space.
Access to Greater Analytical Capabilities
Individuals cleared at the appropriate level may also have greater awareness of, and potentially access
to, tools and technologies that will enhance the information sharing process. One example is the
Cybersecurity Risk Information Sharing Program (CRISP)11. The Department of Energy and industry are
11
CRISP is a public-private partnership, co-funded by the U.S. Department of Energy's Office of Electricity Delivery and Energy
Reliability and industry. The purpose of CRISP is to collaborate with energy sector partners to facilitate the timely bi-directional
13
integrating the CRISP technology and analytics capability into the ES-ISAC and strategic utility locations
to help determine threats, vulnerabilities, trends, and impacts to the Electricity Subsector and
interdependent critical infrastructure sectors. This effort includes integration into DHS’ NCCIC. Another
example is the National Cyber Investigative Joint Task Force and its analytic capabilities. Understanding
these programs and capabilities strengthens the public-private partnership through classified
information sharing, as SMEs work together to identify cyber-related threat actors, compromises,
exploited tools, and vulnerabilities relevant to the electric industry.
Development of Strategic Level Policy
Cleared individuals can participate in various national and regional-level working groups that focus on
the security and resilience of critical infrastructure in the classified space. Participating in these working
groups, along with effective use of one’s subject matter expertise, can assist in developing sound
strategic-level policy and inform future initiatives between government and industry. The joint
meetings between the ESCC and Government Executives are a good example of this type of
collaboration.
Industry as a Resource to the Federal Government for Incident Response
Electricity industry representatives have provided valuable assistance during national incident response
operations. Having industry SMEs with clearances allow government partners to grant access to various
operation centers and/or request their assistance during various classified incident-related conference
calls.
sharing of unclassified and classified threat information and develop situational awareness tools to enhance the sector's ability
to identify, prioritize, and coordinate the protection of their critical infrastructure and key resources.
14
Appendix A - DHS PSCP External Fact Sheet
Private Sector Clearance
Program for Critical
Infrastructure
Ensuring critical infrastructure security and resilience requires ongoing cooperation between Government
and the private sector. While the vast majority of information that DHS shares with the private sector is
unclassified, there will be instances where the information to be shared will be classified, requiring a
Federal security clearance for access. In recognition of this need, the President issued Executive Order (EO)
13549, directing the establishment of a “Classified National Security Information Program for State, Local,
Tribal, and Private Sector Entities.” The Office of the Chief Security Officer (OCSO) exercises responsibility
for the supervision, oversight, and direction of the Department’s security programs for personnel security
and information security, among others and the implementation of EO 13549.
In support of OCSO, the Office of Infrastructure Protection (IP) has established the Private Sector
Clearance Program (PSCP) for critical infrastructure to ensure that select critical infrastructure private
sector owners, operators, and industry representatives—specifically those who have a demonstrated and
foreseeable
need
to
access
classified
information—are
in leadership, managerial, or executive level positions and are in a
Eligibility criteria for PSCP are provided in
position to capitalize on the value of the classified information
Executive Order (EO) 13549 Section 5.g:
shared are processed for clearances. Security clearances enable
“[P]ersons outside government who are critically
selected owners, operators, and representatives to access classified
involved in ensuring that public and private
information and more fully participate in the protection of critical
preparedness and response efforts are integrated
infrastructure and the security of the homeland.
as part of the Nation’s Critical Infrastructure or
Sector-specific agencies (SSAs)12, DHS IP Protective Security
Key Resources (CIKR), including:
Advisors (PSAs) and Sector Liaisons, and other Federal officials

Corporate owners and operators determined
designated by IP (“Nominators”) identify and nominate private
by the Secretary of Homeland Security to be
sector officials who require access to classified information to act
part of the CIKR
on or otherwise fulfill an authorized DHS-related function

Subject matter experts selected to assist the
associated with national security. The justification for applicants
Federal or State CIKR
nominated for a security clearance should be clear, concise, and

Personnel serving in specific leadership
positions of CIKR coordination, operations,
meet the criteria identified in the eligibility call-out box on this
and oversight;
page. Private sector individuals, organizations, or associations

Employees of corporate entities relating to
may not initiate nominations.

Subject Criteria
The application review process will be based on factors such as:
•
The private sector official (nominee) is in a position to
appropriately
support
the
protection
of
critical
the protection of CIKR
Other entities involved in public safety or
related activities that support the security
of our communities and the nation, but who
are not otherwise eligible for the granting of
a personnel security clearance pursuant to
E.O. 12829, as amended.”
SSA nominations are only for select individuals connected with a DHS mission related activity. Each Federal agency is responsible for
the issuance of security clearances and access to classified information associated with their respective national security mission
activities. As “Nominators” SSAs are proposing candidates which are associated with the DHS partnership framework and are critical
infrastructure owners and operators, sector leadership (i.e., Sector Coordinating Council members), or subject matter experts (SME)
identified by DHS to assist in analyzing critical infrastructure and national security-related information to further enhance DHS’s
infrastructure protection mission.
12
A-1
infrastructure and the security of the homeland.
•
DHS has a demonstrated need to share classified information with an individual.
•
The sponsored nominee requires access to classified information to appropriately represent a
critical infrastructure or to advise the Department on the relevance of the classified information.
•
The nominee must demonstrate willingness to access classified information, such as by attending DHS
classified briefings, or to participate at State or local fusion centers or other Federal facilities where
classified information is available.
•
The nominee is able and willing to participate in the security clearance process, complete required
training, and diligently respond to requests for information as needed .
•
The nominee meets Executive Order 13549 Section 5.g eligibility criteria.
Frequently Asked Questions
What is required in the justification for an application?
The justification should explain the nominee’s role and responsibility in relation to the critical infrastructure
mission. Justifications should include which EO 13549 criteria the nominee meets and should verify that the
nominee’s access to classified material meets the stated criteria. Nominators with a knowledgeable
understanding of nominees, their organization, and their relationship to the DHS critical infrastructure
mission should write the justifications.
Who sees the nominee’s sensitive Personally Identifiable Information?
The only persons authorized to see the applicant’s nominee’s sensitive Personally Identifiable Information
(PII) are the IP Security personnel and authorized security specialists in the OCSO Personnel Security
Division.
What is the purpose of a background investigation?
The scope of the investigation varies with the level of the sponsored security clearance. It is designed to allow
the Government to assess whether a nominee is trustworthy and reliable to be granted access to classified
information. Nominees must meet certain criteria relating to their honesty, character, integrity, reliability,
judgment,
mental
health,
and
potential
for
foreign
influence.
What can an applicant expect during the investigation process?
DHS will receive and review required documents for completeness and accuracy. Credit and criminal history
checks will be conducted on all nominees. 13 Interviews will be conducted of persons who know the nominee
and of any spouse divorced within the past 10 years. Additional interviews will be conducted, as needed, to
resolve any inconsistencies. Residences will be confirmed, neighbors interviewed, and public records queried
for information about bankruptcies, divorces, and criminal or civil litigation. The background investigation
may be expanded if a nominee has resided abroad or has a history of mental disorders or drug or alcohol
abuse.
The
nominee
will
have
a
personal
interview.
What can a nominee do to keep the time needed to perform the background investigation as short as possible?
 Provide accurate and complete information on the security questionnaire
13 For a Top Secret security clearance, the background investigation includes more detailed record checks which verify birth, education,
employment history, and military history.
A-2
 Be as specific as possible on general entries, listing employer(s), location(s), and dates assigned to
each location and indicating all dates, including breaks in employment within the investigation
scope
 List any Federal security clearances previously held or any currently held clearance, for example,
as a military reservist. If known, list investigation type, investigation date, clearance type granted,
by which agency, and the clearance date.
What is involved in the adjudication process?
The adjudication process involves an evaluation of pertinent data contained in a personnel security
investigation as well as any other relevant information to determine whether an individual is eligible for
access to classified information. Any doubt concerning personnel being considered for access to classified
information will be resolved in favor of the national security. The adjudication process is where a final
determination is made whether to grant an individual access to classified information.
What will happen if the nominee declines to provide some of this information?
The background investigation is a condition for a clearance. Providing the information is voluntary, but
nominees will not be considered for a security clearance if they choose not to provide the required
information.
What is the difference between an interim and a full security clearance?
Interim clearances are issued for exceptional reasons or circumstances to support the NPPD mission and to
expedite access to classified information when there is a mission requirement. Generally, there is no
difference between an interim and a full security clearance as it relates to access to classified information.
However, an interim clearance may preclude the use of certain classified equipment and may prevent access
to classified information that is originated from an intelligence agency until a final is granted. When interim
access is granted, the background investigation must be expedited, and if unfavorable information is
developed at any time, the interim security clearance may be withdrawn. DHS does not issue interim Top
Secret clearances.
How long does the clearance granting process take?
Each application is unique, and factors such as travel, foreign contacts, or multiple residences may influence
the investigation and adjudication timelines. The nominee may be contacted for completion of additional
security paperwork, and the investigation cannot proceed until all applicant information is received. Upon
initiation of the investigation process, interim Secret clearances are typically granted in 7 days. The average
timeline to complete the investigation, adjudication, and receive an approved Secret clearance is estimated to
be 2–3 months.
If a nominee chooses to withdraw from the security clearance process, will they still be informed about
counterterrorism and threat related issues important to their sector?
DHS maintains several robust information sharing programs and strives to make information unclassified as
often as possible. Visit DHS.gov/Critical-Infrastructure to learn about the information-sharing mechanisms
available.
How can less favorable information (i.e. credit history) in a nominee’s background affect the investigation?
Less favorable information will not necessarily disqualify a candidate from receiving a clearance, but
resolution of the issues will take additional time. If the issues are significant, they may prevent a clearance
from being approved.
A-3
The Private Sector Clearance Program Process
Identify Subject
• SSAs, PSAs, DHS IP
Sector Liaisons and other
Federal officials
designated by DHS IP
(“Nominators”) identify
qualified individuals who
require access to
classified information
based on the criteria in
EO 13549 and their daily
work with industry
(“Subjects”). See footnote
1.
Submit Application
Approve & Initiate
Formal Application
• Nominators work with
nominees to complete and
sign the DHS Form 9014,
with complete justification,
and submit to the PSCP
Administrator.
• The PSCP Administrator
reviews the submitted
forms for completeness,
eligibility, and justification.
• The PSCP Administrator
routes the form to the
Office of the Assistant
Secretary (OAS) for
review, approval, and
signature.
• Upon approval and
signature, the forms are
routed to the IP Security
Office.
Security Application
Preparation
Security Clearance
Processing
Annual Clearance
Training
• The IP Security Office
contacts the nominee to
obtain additional
information to initiate the
formal application.
 Once nominee completes
the application and
submits information, IP
Security submits
completed package to
OCSO
• OCSO initiates the
investigation,
adjudication, and
subsequent determination
of eligibility for access to
classified information, in
conformity with the
provisions of E.O. 12968,
as amended.
• Clearance holders must
complete an annual
security refresher course.
• Clearance holders must
notify IP Security and the
PSCP Administrator of
any significant life
changes or events,
including a change in
company.
• DHS has the right to
deactivate a clearance at
any time.
Contact Information
All questions should be directed to the PSCP Administrator at PSCP@hq.dhs.gov.
A-4
Related documents
Instructional Leadership Award Nomination
Instructional Leadership Award Nomination
WAMFT Systemic Treatment Planning 101
WAMFT Systemic Treatment Planning 101
Reporting Requirments (Dec 2013)
Reporting Requirments (Dec 2013)
Supervisory Academy & HR Award - Georgia Association of Homes
Supervisory Academy & HR Award - Georgia Association of Homes
UNIVERSITY DISTINGUISHED GRADUATE FELLOWSHIP
UNIVERSITY DISTINGUISHED GRADUATE FELLOWSHIP
A Very Big Branch
A Very Big Branch
Back Rake
Back Rake
Glenace Edwall - NAMI Minnesota
Glenace Edwall - NAMI Minnesota
Download
advertisement