Summary
A 30-year-old security engineer with a master's degree was denied a security clearance due to concerns under Guideline E (Personal Conduct) and Guideline M (Use of Information Technology Systems). The Statement of Reasons detailed several allegations of unauthorized access and manipulation of information technology systems between February and April 2013.
Specifically, the applicant was found to have gained unauthorized access to webpages, servers, and personal information of random individuals on both personal and corporate systems. He also uploaded and deleted files from privately-owned webservers without authorization and uploaded programs to information technology systems, which granted him browser and root access to servers. Additionally, the applicant used default credentials without authorization to sign into privately-owned network printers.
The judge determined that the applicant's intentional and recent conduct demonstrated a lack of reliability and trustworthiness. Disqualifying conditions under both guidelines were raised, and while one mitigating condition was applied, insufficient evidence was presented to show that the applicant had taken steps to mitigate his behavior or that it would not recur. Consequently, the security clearance application was denied.
Why the Applicant Was Denied
- Applicant engaged in unauthorized access to numerous information technology systems, demonstrating a lack of reliability and trustworthiness.
- The applicant's conduct was intentional and recent, raising significant security concerns.
- Insufficient evidence was provided to show that the applicant had taken steps to mitigate his behavior or that it would not recur.
Conditions Referenced
- AG ¶ 40(a)raisedIllegal or Unauthorized Entry Into Any Information Technology System or Component Thereof
- AG ¶ 40(b)raisedIllegal or Unauthorized Modifications, Destruction, Manipulation, or Denial of Access to Information, Software, Firmware, or Hardware in an Information Technology System
- AG ¶ 16(d)appliedPersonal Conduct That Creates a Vulnerability to Exploitation, Manipulation, or Duress
- AG ¶ 16(e)appliedPersonal Conduct That Creates a Vulnerability to Exploitation, Manipulation, or Duress
- AG ¶ 17(d)rejectedThe Individual Has Acknowledged the Behavior and Obtained Counseling to Change or Taken Other Positive StepsApplicant acknowledged wrongdoing but provided no evidence of positive steps taken to mitigate the behavior.
Key Rule Quoted
“Any doubt concerning personnel being considered for access to classified information will be resolved in favor of national security.”
Procedural Posture
- SOR issuedMar 13, 2014
- Answer filedMay 22, 2014Applicant elected to have the case decided on the written record.
- Hearing held—Decision based on written record.
- Decision dateDec 22, 2014
Cite For
- Denial of Security Clearance Due to Unauthorized Access to Information Technology Systems
- Lack of Mitigating Factors for Personal Conduct Violations
- Importance of Demonstrating Reliability and Trustworthiness in Security Clearance Applications