Bush security plan calls for background checks

Computerworld - WASHINGTON -- Once a cabinet-level Department of Homeland Security is established, the Bush administration plans to convene a panel of government and private-sector experts to determine the legal guidelines for subjecting tens of thousands of private-sector employees to background investigations.
The panel -- outlined in the president's National Strategy for Homeland Security released last week (see story) -- would be convened jointly by the secretary of Homeland Security and the U.S. attorney general. It would examine whether current employer liability statutes and privacy concerns would hinder "necessary background checks for personnel with access to critical infrastructure facilities or systems."
That means tens of thousands of private-sector employees working in industries such as banking, chemicals, energy, transportation, telecommunications, shipping and public health would be subject to background checks as a condition of employment.
Tom Ridge, the current director of the Office of Homeland Security and the leading contender to become Bush's nominee for the cabinet post, said on July 21 that the nation remains at risk from an unknown number of terrorist cells operating within the U.S. And according to the national strategy, that situation could be further complicated by malicious insiders with authorized access to critical facilities.
"Personnel with privileged access to critical infrastructure, particularly [IT-based] control systems, may serve as terrorist surrogates by providing information on vulnerabilities, operating characteristics and protective measures," the Bush strategy states.
The administration's desire to ensure that employees working at critical infrastructure facilities -- 90% of which are owned and operated by private companies -- could also provide additional incentive for the Bush administration to establish the post of chief privacy officer within the proposed Homeland Security cabinet-level office.
"I certainly think that we are very open to having that discussion," Steve Cooper, president Bush's CIO for homeland security, said today. "I suspect that the American public is also interested. I think the dialogue is welcome."
But the challenge of conducting background investigations on such a massive scale may be far greater than anybody has acknowledged so far, said Bill Malik, a security analyst at KPMG LLC.
"The biggest problem with background checks for folks working on critical infrastructure is the broad use of third parties and contractors involved in the work," said Malik. "The worry at a nuclear power plant is not so much the regular staff but the cleaning crew, the groundskeepers, the caterers and the painters.
"And from a law enforcement perspective, it is actually easier to covertly identify a suspicious person and place them under surveillance than it would be