“The coronavirus pandemic separated thousands of U.S. service members, Defense Department civilians and contractors from the highly classified information they need to do their jobs each day — data they can’t just bring home or access on the unsecured internet.
AFRL calls the initiative deviceONE. This month contractors authorized to handle classified equipment began home deliveries of jump kits consisting of modified off-the-shelf laptop computers. The laptops are loaded with software developed under a National Security Agency project to securely connect users to classified networks hosted on servers in Hawaii. About 20 kits have gone out so far from an initial batch of 40.
The uses will be myriad. At AFRL, for example, engineers or other professionals could log onto deviceONE to help prepare computer models of aircraft or projectiles for wind tunnel tests, said John Woodruff, the program manager for the SecureView laptops who is based at AFRL’s Rome, New York, site.
Thousands more deliveries will follow, as vendors such as Dell, HP and Panasonic deliver more laptops to AFRL for modification. Those won’t just go to AFRL workers, but also staff at dozens of other Air Force organizations, and possibly other military organizations, Woodruff told me in a phone interview.
The program could last far beyond the COVID-19 lockdowns, potentially giving airmen and troops who depend on classified data a convenient new way to access those networks at far-flung, austere locations in Afghanistan, countries in Africa and elsewhere.
DeviceONE is part of the Air Force’s Advanced Battle Management System effort, which seeks to find new ways to connect aircraft, satellites and operations centers and share data in the field. The initiative has three elements:
Virtual Desktop Information, or VDI, a series of cloud-type servers at Pacific Air Force’s Hawaii headquarters that store data and applications such as Microsoft Outlook — basically everything to run a user’s entire desktop remotely.
SecureView, the lightweight, thin client-style laptops that do little more than access the classified network and don’t allow anything to be saved to the hard drive.
Commercial Solutions for Classified, or CSFC, program, which connects the SecureView laptops with the VDI servers. CSFC, based on technology developed roughly six years ago by the National Security Agency, combines virtual private networks to process classified information.
AFRL was already working on combining those preexisting technologies, but the coronavirus pandemic made the need to get it into the field even more pressing.
AFRL hurried to release the latest version of SecureView, and then worked with several Air Force organizations to get deviceONE approved for rollout at the end of March. The approval process took place at “unprecedented speed,” Woodruff said. “What normally takes months was compressed to five days.”
Now that the first 40 kits have been prepared with the proper security and other software, Woodruff expects the next thousand laptops to arrive by late April.
The next phase of the project will lay the groundwork for deploying several thousand more deviceONE units. Each user’s computer costs less than $2,500, Woodruff said, and adding thousands of more users to Pacific Air Force’s infrastructure will likely cost between $6 million and $10 million.
A nontechnical roadblock could lie ahead, Woodruff suspects. Suitable laptops could become scarce as governments, schools and companies around the world shift to teleworking.
Woodruff said AFRL has kept good relationships with top officials at vendors such as Dell, to try to convince them to prioritize their orders as much as they can.
“We’re all trying to work remotely all of a sudden,” Woodruff said. “It’s very difficult to get the quantity of laptops that we’re discussing, quickly, from the manufacturers.”
‘It is really important to adjust and amend contracts so that contractors can continue to work with the government counterparts.’ If that’s teleworking, that’s teleworking, if it’s moving to a different location, it’s moving to a different location.”
“As millions of Americans prepare to work from home in an effort to slow the spread of the coronavirus, Defense Department managers and the companies that support them are waiting for guidance on just how they should be clearing their offices.
Set aside the workers who build planes, ships, tanks and other weapons on special assembly lines around the country. Plenty more are holders of security clearances who can’t do their jobs without special computers and facilities that protect classified information. Among them: analysts, war planners, and engineers designing next-generation weapons.
But the situation is murky even for the hundreds of thousands of government contractors who don’t need access to secret information. As the Pentagon begins sending nonessential employees home, it’s unclear what’s going to happen to them.
“There’s almost no guidance going out about contractors,” said David Berteau, a former Pentagon official who is now CEO of the Professional Services Council, an organization that advocates for government contractors. “Part of that problem is, contractors are managed on a contract by contract basis.”
And in many cases, these employees’ contracts don’t even mention remote work.
“You don’t want to change contracts from the top down,” Berteau said. “But you can send out guidance to contracting officers that says, ‘It is really important for you to adjust and amend contracts so that contractors can continue to work with the government counterparts.’ If that’s teleworking, that’s teleworking, if it’s moving to a different location, it’s moving to a different location.”
For years, the U.S. government has done drills and exercises to prepare for scenarios where workers cannot access secure facilities, said Berteau, who served as assistant defense secretary for logistics and materiel readiness during the Obama administration.
But: “We have not taken those lessons from the simulations seriously enough that we’ve done the preparation necessary to execute it,” he said. “So now we’re having to do it in real time. It’s important that we get it done. It’s important that we keep the government working. It’s important that contractors are part of that keep the government working goal. And it’s important that they have guidance [and] it’s integrated across the government in order to make that happen.”
As for the government workers and contractors who must access classified information, there’s no alternate, for now at least, to having a secure government facility.
“You can’t go home on your laptop and plug it in and get classified data,” Berteau said. “It’s my personal belief…that we could do a lot more than we are doing.”
But, he noted, it would likely cost a lot to buy the equipment needed to make that happen.
“We have got to be taking notes as we go about what we need to do better … so we’re more ready the next time it comes,” Berteau said. That would be a federal government, executive branch, responsibility, but it would also be a congressional responsibility to make sure it happens and that the resources are available to do it.”
“The number of House employees with top secret clearances is not publicly available, but it is likely only several hundred. By comparison, approximately 1.2 million executive branch employees and contractors hold top secret clearances.
It’s likely that more than 100,000 executive branch employees and contractors hold TS/SCI clearances, not counting foreign officials who are “in access.“
“Testimony of Mandy Smithberger, Director of the Center for Defense Information at the Project On Government Oversight (POGO), before the House Appropriations Committee, Legislative Branch Subcommittee.
Thank you Chairman Ryan, Ranking Member Herrera Beutler, and Members of the Committee for allowing me to provide testimony on behalf of the Project On Government Oversight (POGO) and Demand Progress on strengthening Congress’s capacity to oversee the executive branch. We represent nonprofit organizations focused on strengthening the legislative branch’s ability to legislate and conduct oversight. We respectfully request that your committee provide personal office staff of members on key committees with the clearances they need to properly support Members of Congress in their review of information the executive branch has deemed classified, and to report on the provision of those clearances. Accordingly, our request implicates the operations of the House Sergeant at Arms.
First, we thank you for being stalwart defenders of Congress’s constitutional duty to conduct oversight. We especially appreciate that last year the committee requested that the Sergeant at Arms produce an unclassified report on the average and median length of time for House staff to obtain a clearance.1 This report, which was due on March 1, will help the House identify whether staff are being granted clearances on an appropriate timeframe and in line with norms and practices for executive branch staff. This is an important first step.
We must modernize how Congress conducts oversight, and that must include responsibly expanding access to classified information.
We believe it is essential for key House staff to have access to Top Secret/Sensitive Compartmented Information (TS/SCI) to strengthen the House’s oversight of traditional national security matters such as the spending and operations of the military and the intelligence community, as well as emerging concerns such as election security and cyber threats. The House Permanent Select Committee on Intelligence, the House Appropriations Defense Subcommittee, and the House Armed Services Committee all play pivotal roles in overseeing our national security. While Members of Congress are entitled to access classified information by virtue of the constitutional offices they hold and do not need security clearances, they must largely rely on their personal office staff to sift through reams of information and brief them on issues. Those staff often do not hold sufficient clearances to access certain sensitive information, thereby undermining the support they can provide and weakening Congress’s ability to legislate or conduct effective oversight.
The need for Congress to improve its own access to this information becomes more apparent in light of the executive branch’s over-classification of information, and, in some cases, weaponization of the classification system to avoid any accountability.2 From 2007 to 2017, the amount of TS and TS/SCI information has more than tripled.3 Over-classification has become so cumbersome that even the vice chairman of the Joint Chiefs of Staff, General John Hyten, complained that it has become “unbelievably ridiculous.”4 Defense contractors are celebrating the “unprecedented” increase in classified spending,5 which naturally increases the risk of overspending and mismanagement.
In the Project On Government Oversight’s congressional oversight manual, former Representative Mickey Edwards (R-OK) challenged the executive branch’s assertion that it should control Congress’s access to information. “There is no authority in the executive branch to tell Congress who can or cannot have the information it seeks,” he said.6 While Congress codified some executive branch authority to limit access to sensitive information in the National Security Act of 1947, those provisions have, over time, been broadened to an unwarranted degree, and these limits must be challenged if Congress is to maintain its ability to conduct effective oversight.7
Years of executive overreach by Democratic and Republican administrations have severely diminished Congress’s power. Congress must reassert itself as a coequal branch fully able to perform its oversight duties.
The number of House employees with top secret clearances is not publicly available, but it is likely only several hundred. By comparison, approximately 1.2 million executive branch employees and contractors hold top secret clearances.8 It’s likely that more than 100,000 executive branch employees and contractors hold TS/SCI clearances, not counting foreign officials who are “in access.”9 Similarly, the legislative branch receives approximately 0.7% of the non-defense discretionary federal budget—approximately $5 billion—to oversee the entire federal government.10 By contrast, this year the intelligence community requested $85 billion, or more than 16 times all the money spent on the legislative branch.11 This significant disparity in both resources and people with access puts Congress in an inherently weak position when it comes to effectively conducting oversight.
Critics of this proposal have argued that rather than increasing congressional access to highly sensitive information, Congress should combat over-classification. It would be a mistake to force Congress to choose one over the other. “Secrecy, while necessary, can also harm oversight,” the 9/11 Commission warned in 2004.12 Over-classification is a serious problem because it impedes sharing information within the federal government and with state and local governments, placing the public at risk.13 Over-classification also undermines the legitimacy of this designation and threatens the protection of legitimate secrets.14 Excessive secrecy also spawns the related problem of uncoordinated, haphazard declassification, as the Commission on Protecting and Reducing Government Secrecy, commonly known as the Moynihan Commission, pointed out in 1997.15 While we support efforts to reduce the overall amount of classification,16 we still think that Congress must also work toward ensuring it has adequate access to controlled information. It is important for Congress to stand its ground in the face of the executive branch’s assertion that it has the sole authority to make classification decisions.17
It is important to remember that providing select House staff TS/SCI clearances will not necessarily give them unfettered access to classified information. A determination must still be made that they have a need to know. This need-to-know determination, made by the entity that holds the classified information, will ensure that information is available only to those who have an actual need for it. The granting of a TS/SCI clearance addresses an administrative hurdle—the determination that a person can be entrusted with this information—but it works hand-in-glove with the demonstration of a need to know and it would not improperly infringe on the executive branch’s classification powers.
The costs of implementing this reform are likely to be minimal. The Congressional Budget Office scored a similar amendment in the Senate as having “no budgetary impact.” The costs of clearances for congressional staff are borne by the agency granting the clearance, not Congress.18 We anticipate that there would be some funding needed for the legislative branch to maintain records of nondisclosure agreements, store classified documents, and track individuals granted clearance, and we urge the committee to increase funds for the Sergeant at Arms accordingly. Additionally, as most of the personal office staff of the relevant committees likely already have TS clearances, providing additional access should not be burdensome.
The cost of not implementing this reform, however, is significant. Without adequately credentialed staff, Congress cannot ensure that we have an executive branch that operates effectively and ethically to protect our country, and in compliance with its constitutional responsibilities. Former House Intelligence Committee Chair Mike Rogers (R-MI) and former House Intelligence Committee Ranking Member Jane Harman (D-CA) spoke last year about how adequate context and knowledge are necessary to precisely target questions to executive branch officials who are reluctant to provide Congress with information.19 While we believe every committee is under-resourced, this is an area where civil society cannot access the information to fill in the gaps. Too often, Congress is instead forced to rely on leaks to the press to learn when national security agencies waste money, violate citizens’ constitutional rights, or abuse their power.
Without adequately credentialed staff, Congress cannot ensure that we have an executive branch that operates effectively and ethically to protect our country, and in compliance with its constitutional responsibilities.
The House Intelligence Committee includes members who serve on the Foreign Affairs, Judiciary, Armed Services, and Appropriations committees.20 The purposes of this cross-seating are to ensure that those committees’ interests are respected and to provide a diversity of viewpoints and expertise while guarding sensitive information before the committee.21 But, without TS/SCI clearances, Congress is not getting the full benefit of this structure and is hampered in its ability to ensure that legislation serves the interests and priorities of the American people. Current members of the House Intelligence Committee are trying to remedy this by pushing for expanded TS/SCI access among their personal office staff.22
The Senate has recognized the need for enhanced access, and has provided designees with TS/SCI clearances for members of the Senate Select Committee on Intelligence. Consequently, the Senate has been able to engage in more robust oversight. Even so, senators are working to expand TS/SCI clearances to personal staff for nearly all senators, with an amendment offered to that effect as part of the fiscal year 2020 appropriations bill.23
To make sure that our most sensitive national security information is properly protected, we urge the committee to increase counterintelligence training for all congressional staff who receive security clearances to help prevent the occurrence of improper leaks. This training should be akin to that provided by intelligence agencies to their own personnel. In addition, the House should expand its reporting on the timeframe it takes to receive a clearance to include an accounting of the number of staff who hold clearances, and the level at which they hold it. This would put the House in line with executive branch practices.
In our experience, congressional staff take significant care to properly safeguard sensitive information, even documents that have pseudo-classifications like “For Official Use Only,” also known as Controlled Unclassified Information (CUI). If staff mishandle this information, they should be held to the same standards and subject to the same punishment as executive branch employees, including criminal prosecution.
We must modernize how Congress conducts oversight, and that must include responsibly expanding access to classified information. Years of executive overreach by Democratic and Republican administrations have severely diminished Congress’s power. Congress must reassert itself as a coequal branch fully able to perform its oversight duties.”
“He was given a security clearance to conduct his work, which allowed him to access top secret information.
Martin, a former Navy officer, was arrested in August 2016 when law enforcement agents raided his Glen Burnie, Md., home and found he had stored a massive trove of government documents and digital files in his home and vehicle.
Prosecutors did not accuse Martin — known as “Hal” — of trying to leak the information, but he came under suspicion as a source for Shadow Brokers, a group that posted tools the NSA used to hack into computers of foreign targets online. Martin had worked for the NSA unit that used the tools.
His attorneys claimed he suffered from mental health issues and was hoarding the data and did not have any intention of harming national security. Prosecutors never found evidence that Martin shared the secrets with anyone.
As part of a plea bargain, prosecutors have requested a nine-year prison sentence. Martin is scheduled to be sentenced July 17.
Another NSA employee was sentenced to more than five years in prison last year after taking home classified materials. Intelligence officials believe Russian hackers stole the top secret information from Nghia Pho’s computer.
Reality Winner, 27, an NSA linguist, was also sentenced last year to more than five years in prison for leaking classified information on Russia’s election interference.”
“We can share that information with the Congress behind closed doors, but we don’t want to share that information with our competitors,”
Chief of Naval Operations, Adm. John Richardson, issued a March 1 memorandum urging all naval personnel “to ensure we are not giving away our competitive edge by sharing too much information publicly.In their desperation to convince Congress that budget gridlock hurts military readiness, Navy officials made public some information that they shouldn’t have, Acting Secretary Sean Stackley told reporters here today.
Many of my fellow reporters here at the Navy League’s Sea-Air-Space conference said they’d felt a chilling effect from the CNO’s memo. I myself saw three admirals cite the need to say less in public. And, unlike in past years, the CNO himself didn’t address the conference in any public forum. (Richardson was consumed with prep for today’s congressional hearing on the danger of a full-year Continuing Resolution, Stackley said).
So naturally the new policy came up when Stackley sat down with us this afternoon. His response is worth quoting at length.
“We’re having a dialogue with Congress, trying to get Congress to understand the impacts associated with Continuing Resolutions, the shape that our budget is in, and the impacts that has on things like fleet readiness,” Stackley said. “And in doing that… what had been happening is, people were leaning further and further into talking about details associated with readiness — hey, that’s classified. We don’t promulgate that information.”
“We can share that information with the Congress behind closed doors, but we don’t want to share that information with our competitors,” Stackley continued, “so there has been a pullback in terms of how much detail we put out regarding materiel readiness.”
Stackley’s staff clarified to me afterwards that he was not accusing anyone of improperly disclosing classified information. That’s a relief. But a central point of the CNO’s memo, and of Stackley’s comment, was that even unclassified data can be damaging if disclosed.
“China’s watching everything that we do, and we want to be very measured about what we put out in open, public forums,” Stackley said. “Are we in fact sharing information that creates vulnerabilities, crosses the line in terms of security?”
“I’ve read pieces myself, I’ve seen things in the literature (that made me think), ‘what the heck is this doing in the press?’” Stackley said. “These are our secrets, and we don’t need them to know exactly what we’re doing, how we’re doing it.”
“We do have a responsibility to share information with the public, (but) we need to be more measured about the information we’re pushing out in the public domain,” Stackley said. “There’s some recalibration going on, rightfully so. We have a very aggressive competitor out there.”