“Having a top-secret clearance may no longer be the insignia of an intel worker, according to the intelligence community’s national counterintelligence chief.
“The IC’s [Intelligence Community] culture used to look at having a top-secret clearance as a “pass-fail” test to get in, [William] Evanina said, but that doesn’t mean employees can’t do their jobs from home — as long as it’s done securely.”
“We are just as successful, with some exceptions, with people working at home than we were before. And I think we have to be flexible and look at our private-sector model and maybe extrapolate that into our intelligence community,” National Counterintelligence and Security Center Director William Evanina said during a May 13 INSA virtual event.
Evanina said he could see not requiring clearances for some positions in the next few years due to teleworking abilities. “Just because you work in the IC, and just because you have a top-secret clearance, does that mean that everything you do is classified?”
“Right now, our communications from home to work is not safe, whether it’s in the private sector, especially not in the government,” he said. “We have to find effective security solutions to get to where we want to be.”
The government rolled out its much-criticized Trusted Workforce 2.0 framework in 2019, aiming to reduce the amount of time needed to clear new employees and re-investigate those moving across agencies.
The IC merged two hiring processes, for security clearances and employee suitability, into one earlier this year. The move was meant to clarify the role of human resource officers in ensuring candidates were right for job demands.
Evanina said the security clearance backlog has dropped to 180,000, with upwards of 50% more new applications coming in compared to 2019. That target beats the one set by the President’s Management Agenda at a 200,000 caseload of active investigations, and it is a significant dip from the reported 231,000 cases in January.”
“As coronavirus has disrupted society over the last few weeks, some of the distancing measures that once seemed drastic have become acceptable — in a few cases even preferable to the way things worked before.
Nowhere has this been truer than the workplace, where companies and employees have found remote operations far more feasible than expected.”
“University of Chicago researchers recently analyzed government employment and income data by industry and concluded that 34 percent of U.S. jobs can “plausibly be performed at home.” Journalist Liz Farmer predicts that “the long-expressed resistance of companies and individual bosses to WFH arrangements will decline markedly after they see how well the arrangement has worked.”
But COVID has also taught us that leading an entire organization through the transition to distance work in a matter of days or weeks can be wrenching, akin to passing through the five stages of grief. In an article about how corporations are adjusting to COVID-mandated remote working arrangements, Australian start-up accelerator Steve Glaveski sees a broad spectrum of adaptation beyond pre-COVID practices:
No deliberate action. This is where most companies were at the beginning of the COVID-19 outbreak, with little to no capacity for widespread remote work.
Recreating the office online. This is where most traditional organizations have landed. More effective companies offer access to e-tools, but without any redesign of how work gets done.
Adapting to the medium. These companies are investing in better equipment (for example, they may provide employees a cash grant to improve their lighting for video calls). Their work favors text-based communication, with fewer meetings that have clear agendas and include only ‘must have’ participants.
Asynchronous communication. These companies are structured more in line with how work gets done than where or when. They are typically global and recognize that presence does not equate to productivity.
These companies field purely distributed teams that work better than in-person teams. There are a handful of companies like this, and most are in the tech industry.
Glaveski acknowledges that moving across this spectrum won’t work for all industries, and he notes three common challenges to effective distance work that need to be addressed: team building and bonding, the value of informal office communication, and endpoint security.
How IBM Made the Transition
Fletcher Previn — IBM’s chief information officer — recently offered a candid description of how he and his colleagues grappled with these challenges and others as they pivoted the organization’s global workforce of 350,000 people to working from home over a four-week period this spring. Pre-COVID, Previn said, about 30 percent of IBM’s global workforce predominantly worked from “other than a traditional office” (i.e., from a client site or home). This figure shifted to about 95 percent within a matter of days.
He explained that there were two key components to this transition – technological and cultural.
Previn says that the company benefited from having a longer-term internal IT strategy to enable workers to self-service. This began with mailing employees their mobile devices instead of delivering them in person, and creating an internal app store to distribute software. Those measures meant that all employee hardware and software could be delivered outside the office, making it easier to transition quickly to remote work.
IBM had also adopted a standardized set of tech tools to enable collaborative work across the globe through remote meetings, file sharing, remote access and cybersecurity (the company is shifting from a VPN-based to a zero-trust model). Over the past year, Previn created a common “tool box” that employees can access based on their job function (e.g., consultant, scientist, analyst):
In terms of security, Previn says that his team detects a lot more cyberattacks and fraud attempts on home-based workers. In response, they’ve increasing training to identify phishing and tightened endpoint controls on inbound emails and other traffic. In addition, they are using AI to look for unusual behavior based on a user identity, location and the device being used.
While the tech tools are a necessary prerequisite for working from home, Previn noted that there are also cultural issues. For example, traditional ways of balancing work and personal life need to be redefined as employees work in new settings with new routines. He advocated a model of small three-person teams interacting with each other and with other teams not only through scheduled meetings but spontaneous communications that help maintain human bonds and trust. Previn said he schedules virtual happy hours with his team to bring people together informally rather than just for agenda-driven meetings.
To help ease the cultural transition to distributed teams, IBM HR developed a series of training guides and online modules on how to lead remotely, and tips for remote workers and their managers.
Long-Term Benefits of the Transition
One factor that enabled IBM and many other companies to respond quickly to COVID was the longtime use of distance work tools to improve cross-organizational collaboration, even when the parties at both ends of the line sat in offices. A 2013 survey by McKinsey Consulting found multiple expected benefits to these measures, such as reduced travel costs and increased employee satisfaction.
But the survey also discovered that there was faster access to internal experts and corporate knowledge when using collaborative tools. This implies that in both the private sector and government contexts, it’s less important where you do knowledge-based work than it is how you do it – using collaborative tools in a team-based work environment.
In the last two months, the corporate world has gradually come to realize that it cannot wait to adapt these tools fully to an at-home workforce. Companies have shifted from a strategy of “do what is most urgent and feasible now and postpone everything else until we return to the office” to “we have to make everything work remotely because who knows how long this will last and we can’t push things off any longer.”
For most companies, that means mastering levels three and four of Glaveski’s remote work hierarchy by embracing text-based communication, fewer meetings and asynchronous schedules.
And a few small tech companies have even reached the “nirvana” state that Glaveski describes. For example, Pipedrive, a new software company with staff in both the United States and Europe, responded to COVID by becoming a completely virtual company inside of 24 hours, according to futurist Heather McGowen. And one tech company, Automattic (the company behind WordPress, which powers 35 percent of all websites on the internet), beat COVID to the punch. It is 15 years old and has nearly 1,200 staff scattered across 75 countries – and no offices!
It is easy to think of the current disruption in workplace operations as a temporary shift that will reverse itself after the COVID threat recedes. But as McGowan suggests in Forbes, this pandemic “might be the great catalyst for business transformation,” producing changes in months that might have otherwise taken years to transpire.
“We’re seeing changes that affect work, learning, and daily life,” she writes, “changes that will become a new normal and that take place against a backdrop of several fundamental shifts.”
For example, a slow evolution in corporate culture even before COVID was giving employees greater autonomy and an increased role in meeting business goals. Companies are beginning to recognize culture, creativity and innovation as ingredients of success, and managers increasingly trust their people to “do the right thing.” Corporations have started to consider employee welfare as a central goal in addition to profit. These trends too are bound to accelerate as social distancing continues, and will persist long after it ends.
Future columns will explore these distance work approaches further and how they can be adapted to a government context.”
“As quarantines and self-isolation guidelines have taken hold, not everyone has workstations or agency-issued laptops with card readers at home, leaving some feds and contractors with no easy way to fulfill the government’s primary identity and access requirement.“
“The coronavirus outbreak has shuttered federal office buildings and sent employees to work from home. While most expect those facilities to eventually reopen, the shift to telework is changing how agencies and contractors conduct identity and access management.
The decades-long dominance of Personal Identity Verification (PIV) and Common Access Cards (CAC) as the preferred method to regulate employee access to physical and IT resources may be coming to an end.
According to a January 2020 estimate from the National Institute of Standards and Technology, the federal government and its base of contractors combined use nearly 5 million PIV cards. Digital security contractor Gemalto, which makes smart cards, estimates that the Department of Defense has approximately 4.5 million CAC cards in use at any given time.
Civilian agencies and the military are scrambling to purchase new computers and equipment, but they are competing with private industry and other organizations for limited supplies. The Army recently cited impending supply chain shortages to process an immediate sole source purchase of 200 Dell ruggedized laptops and docking stations that will “allow government workers to telework to avoid exposure to the potential COVID-19 while still completing the mission.” Other agencies like the Department of the Interior have made similar purchases.
“Every day that passes confirmed COVID-19 cases spike and the death toll increases,” the Army wrote in an April 10 justification. “It is imperative that these [notebooks] are obtained as quickly as possible to protect public health.”
Jeremy Grant, a coordinator with the Better Identity Coalition, a non-profit advocacy organization made up of companies across the financial, health care, telecommunications, payments and security sectors, said adjusting to the new reality has been particularly problematic for the federal government.
“On the government side, it’s definitely presenting some special challenges, given that while it’s a great model and very secure, everything about the PIV is premised on this very robust in-person identity and proofing process,” said Grant, a former senior executive advisor to NIST, in an interview. “The challenge has been that we built this policy assuming you can always have this in-person process. Now that it’s not feasible, what are you supposed to do to make things secure?”
Further, new hires normally go through a thorough onboarding process to obtain their cards that often includes in-person interactions to collect biometrics like fingerprints for their PIV credentials. In a March 25 memo, the Office of Personnel Management noted that many of the federal, state and local offices that vet newly hired government employees are “temporarily closed” due to the coronavirus outbreak, making it difficult or impossible to fulfill FBI-requirements for fingerprints to process background investigations and criminal history checks.
The memo advises agencies to use a number of alternatives during the crisis, such as deferring the fingerprint collection, delaying the final reporting and adjudication of a new employee’s background investigation or conducting temporary identity proofing through remote tools like video link, fax or email. New hires that vetted under the interim guidance will be required to undergo in-person identity-proofing when their agency returns to full capacity.
Just when that will be is the subject of much debate and speculation from epidemiologists and health experts, who have offered a wide range of estimates for when the world can expect to safely return to offices and resume group gatherings. Some experts have predicted the status quo could hold until next year or even 2022 if a new vaccine isn’t discovered quickly. That has some cybersecurity and tech companies predicting a broader shift in the global economy where remote work — and all its implications — could be here to stay.
“BYOD is now the reality and will continue to be in the future, because I don’t think we’re going back to that type of work environment that we used to be in,” said Greg Touhill, former federal CISO and current president of AppGate, during an April 15 webinar hosted by Billington CyberSecurity.
Duo Security, which makes and sells remote access tools, is betting that governments and private industry will use the crisis to restructure the way they conduct identity and access management — moving away from physical access cards and toward solutions that allow workers to use their personal devices. Most organizations, the company’s Advisory CISO Sean Frazier said in an interview, are looking for quick and easy ways to “keep the lights on” and ensure business continuity in the wake of the sudden switch.
“I think the PIV card of … 16 years ago when it came out was a really good idea, but we’ve kind of moved on from it from the perspective of agility,” said Frazier. “It’s not necessarily the easiest technology to ramp up quickly. So for example if you have some kind of event where all of a sudden your workers are remote and they’re working from home using personal technology, it was really never designed for that. People are right now kind of scrambling and looking for comparable controls.”
Frazier’s boss, Head of Advisory CISOs Wendy Nather, warned that organizations aren’t setting up their remote infrastructure for the long haul.
“A lot of organizations are thinking that this is a temporary aberration, and so when they put in an infrastructure to enable remote working they’re putting in the fastest and cheapest thing they can find and they figure they’ll just pull it back later when this is over,” she said. “We don’t know when this will be over. Even if it is over, we don’t know how many employees are going to be willing to come back into the office.”
Nather said agencies should also be increasing physical security to protect IT and other assets at their now largely empty office buildings and facilities. The Department of Veterans Affairs, for example, recently purchased new PIV card readers for one of its medical centers in Kansas City, Kan., and has cited the pandemic in multiple emergency procurements for security services to prevent unauthorized access to VA facilities during the COVID-19 outbreak.
Agencies that have historically avoided modernizing their IT and security infrastructure to handle large numbers of remote employees must now rush to implement ad-hoc protocols and purchase equipment to ensure their employees can access agency systems. The Department of Health and Human Services put out a special notice April 16 detailing an urgent COVID-related requirement for a multi-factor authentication and identity assurance solution that can provide remote access to agency resources.
“There’s a lot of employees who were never approved for remote working. Now they’re signing in through their personal devices,” Grant said. “What information do you let them access? Odds are their home device is not going to have a smart card reader built in, so how do you build in some multifactor authentication?”
There are a number of ideas to bridge the access gap in the short term, from implementing new multifactor authentication processes, using app-based solutions, leveraging one-time passwords or even purchasing and distributing Yubikeys and other authentication hardware to agency personnel. Another option could be a larger move to rely more on authenticators that are already embedded in many of today’s commercial computers and phones, allowing employees to use their personal devices to verify their identity.
Shifting your organization’s security mindset from protecting data, not devices, could also help.
“Yes, [employees] may use their own personal technology but I as a business or agency still have to protect my data, so I’ve got to make sure that if they’re coming in with a personal device, I know that device’s software is up to date, that encryption is turned on, that they’re using enabled biometrics so I can provide identity … comparable to what a PIV might provide,” said Frazier.”
“The coronavirus pandemic separated thousands of U.S. service members, Defense Department civilians and contractors from the highly classified information they need to do their jobs each day — data they can’t just bring home or access on the unsecured internet.
AFRL calls the initiative deviceONE. This month contractors authorized to handle classified equipment began home deliveries of jump kits consisting of modified off-the-shelf laptop computers. The laptops are loaded with software developed under a National Security Agency project to securely connect users to classified networks hosted on servers in Hawaii. About 20 kits have gone out so far from an initial batch of 40.
The uses will be myriad. At AFRL, for example, engineers or other professionals could log onto deviceONE to help prepare computer models of aircraft or projectiles for wind tunnel tests, said John Woodruff, the program manager for the SecureView laptops who is based at AFRL’s Rome, New York, site.
Thousands more deliveries will follow, as vendors such as Dell, HP and Panasonic deliver more laptops to AFRL for modification. Those won’t just go to AFRL workers, but also staff at dozens of other Air Force organizations, and possibly other military organizations, Woodruff told me in a phone interview.
The program could last far beyond the COVID-19 lockdowns, potentially giving airmen and troops who depend on classified data a convenient new way to access those networks at far-flung, austere locations in Afghanistan, countries in Africa and elsewhere.
DeviceONE is part of the Air Force’s Advanced Battle Management System effort, which seeks to find new ways to connect aircraft, satellites and operations centers and share data in the field. The initiative has three elements:
Virtual Desktop Information, or VDI, a series of cloud-type servers at Pacific Air Force’s Hawaii headquarters that store data and applications such as Microsoft Outlook — basically everything to run a user’s entire desktop remotely.
SecureView, the lightweight, thin client-style laptops that do little more than access the classified network and don’t allow anything to be saved to the hard drive.
Commercial Solutions for Classified, or CSFC, program, which connects the SecureView laptops with the VDI servers. CSFC, based on technology developed roughly six years ago by the National Security Agency, combines virtual private networks to process classified information.
AFRL was already working on combining those preexisting technologies, but the coronavirus pandemic made the need to get it into the field even more pressing.
AFRL hurried to release the latest version of SecureView, and then worked with several Air Force organizations to get deviceONE approved for rollout at the end of March. The approval process took place at “unprecedented speed,” Woodruff said. “What normally takes months was compressed to five days.”
Now that the first 40 kits have been prepared with the proper security and other software, Woodruff expects the next thousand laptops to arrive by late April.
The next phase of the project will lay the groundwork for deploying several thousand more deviceONE units. Each user’s computer costs less than $2,500, Woodruff said, and adding thousands of more users to Pacific Air Force’s infrastructure will likely cost between $6 million and $10 million.
A nontechnical roadblock could lie ahead, Woodruff suspects. Suitable laptops could become scarce as governments, schools and companies around the world shift to teleworking.
Woodruff said AFRL has kept good relationships with top officials at vendors such as Dell, to try to convince them to prioritize their orders as much as they can.
“We’re all trying to work remotely all of a sudden,” Woodruff said. “It’s very difficult to get the quantity of laptops that we’re discussing, quickly, from the manufacturers.”
“Social distancing, masks and virtual meetings are the new normal across government, including at the Department of Defense. But what will working in DOD look like on the other side of the COVID-19 curve?”
“I don’t think the world’s going back,” Dave Mihelcic, the Defense Information Systems Agency’s former CTO who now consults with DMMI, told FCW, noting that he’s already setting up virtual meetings on mobile devices to keep business going domestically and internationally. “There’s some big advantages to letting people work from home.”
Lower facility costs and better recruiting capabilities are easy wins with the majority of a workforce being remote. And there are several areas that will see significant changes in the near future: The explosive demand for secure devices being chief among them.
“You will see more interest in general in mobility and telework, specifically within organizations other than DOD that have to deal with very sensitive information. And much more interest in better security, and the ability to do multiple levels of security on single devices,” said Terry Halvorsen, a former DOD CIO and now Samsung’s CIO and executive vice president for IT and mobile business.
Mihelcic said with that demand will come the need for IT workers to provision devices without touching them.
“DOD may need to rethink parts of how it does IT and be better prepared for how to do things remotely in a no-touch environment,” he said. “How do you minimize the number of people who have to touch an item?”
Mihelcic predicted those solutions, whatever they are, will not only need to work with all of DOD’s mission partners but support a culture shift where data collection, sharing and analysis are all more precise.
Data access and processing at edge environments will become paramount post-pandemic, . Halvorsen said, because “you’ve got the ability now to store amazing amounts of data at the edge…. The phone I’m talking to you on, I’ve got a terabyte of storage on it.”
The computing power now available for edge devices paired with “augmented intelligence” that can be used to “filter the big volumes of data” will make working remotely much easier, he said.
“One of the other problems you’ve got when people are all working on edges, some of the tools that help people filter in and cut the data down are not available,” he said. “Today we flood people generally with data, not so much valuable information, but lots of data.”
Halvorsen said applications and data access aren’t guaranteed even when the network is available — an issue for government and industry.
“I think you will see an explosion in secure applications that allow this to be done more securely and to actually do more with the data, more analytical tools that can operate in a mobile fashion,” he said.
But there’s no large-scale data sharing without cloud, which will definitely become more important in future emergency events, Mihelcic said.
“If there was an environment that supports edge computing and edge cloud better — that’s the future and that’s helpful,” he said.
When asked how the Joint Enterprise Defense Infrastructure, the Pentagon’s embattled $10 billion cloud effort that’s under protest, would be helpful if it were already in place and running before the coronavirus infections spread throughout the U.S., Halvorsen said DOD is already on the path to more edge computing power and cloud usage.
“If there was an environment in place that supported edge computing and edge cloud better, and I think that’s where DOD is going to go, regardless of how JEDI turns out.”
“Get a glimpse at how the business of government contracting has shifted to a different pace and cadence amid the COVID-19 pandemic in this episode with Amber Hart and Lisa Shea Mundt, the founders in charge at market intelligence firm The Pulse of GovCon.“
“With some exceptions, much of the world has shifted to a largely stay-at-home setup that is causing both government contractors and their agency customers to think and collaborate in different ways with much of their personnel working remotely. With their business development and proposal consultant hats on, Hart and Mundt share insights into how GovCon firms and agencies have made that shift and what that looks like now in terms of daily operations.
Hart and Mundt also have their eyes on where federal dollars are going as part of the overall COVID-19 response and have important words of wisdom every business should take heed of before looking to position for that funding.”
“Lawmakers want federal agencies to publicly post their contingency plans so everyone has a better idea of what to expect as more federal employees move to telework and other alternative operations. Official agency advice is scarce.”
“Some agencies posted some contractor-specific contingency guidance in the last few days ahead of the March 19 letter from Senate lawmakers, but federal contractors FCW has spoken with in the last few days said official agency advice for contractors is scarce.
The Environmental Protection Agency and the U.S. Agency for International Development rolled out guidance for their contractors at the end of last week, telling them to keep in close contact with their agency contracting officers, as well as check their contracts’ language for information on how to move ahead.
In a March 19 letter to the acting directors of OMB and OPM, Sen. Mark R. Warner (D-Va.) and seven other senators called on those agencies to require all federal agencies to post their contingency plans for COVID-19 outbreaks, so the public knows what services to expect and federal contractors have some guidance on how to comply with their contracts.
“Making these [contingency] plans transparent and readily available is key to ensuring that our constituents understand what services are continuing in the midst of the uncertainty and disruption caused by COVID-19. It is also important for federal employees and contractors to understand and properly implement the required mitigation measures and for policymakers to ensure compliance with these measures,” said the letter.
The letter said posting the plans was in line with the way the government handles the plans during a non-Coronavirus related government shutdown.
The Professional Services Council urged Russell Vought, acting OMB director, to extend telework to the contractor workforce where possible.
Many contractors are being sent and home told that “telework is not authorized under the contract,” PSC President and CEO David Berteau wrote in a March 18 letter to Vought.
“Sending contractors home without authorizing telework effectively ends the important work being done for the government by those contractors,” Berteau wrote. He said the lack of guidance also undermines the intent of the President when OMB told federal agencies to allow government workers the “maximum telework flexibilities.”
Additionally, the National Defense Industrial Association, the U.S. Chamber of Congress, PSC and other trade groups are urging Congress to include contractor telework and assistance for contractors who can’t work because of closed federal facilities in coming pandemic relief legislation.
EPA and USAID rolled out guidance for their contractors on March 13 and March 12 respectively, telling the businesses to keep in close contact with their agency contracting officers, as well as check their contracts’ language for information on how to move ahead.
USAID told contractors in its notice that contractors shouldn’t begin any new work or change work plans without getting written approvals from agency contracting officers and managers.
It told contractors not to begin any new work or change approved work plans.
The agency also said it is considering setting up an expedited procedures package for disease emergency response.
USAID contracting officers, said the agency, will get in touch with contractors if it needs to redirect resources. It said it said it would consider additional contract implementation expenses due to the virus on a “case-by-case basis.”
USAID advised contractors with workers infected by the virus and temporarily unable to work to “continue to incur operating costs–to be able to restart activities immediately if circumstances or instructions change.”
On March 13, the EPA posted a Coronavirus FAQ for small businesses that answered some basic questions about how they should proceed. The guidance advised contractors to review their contracts to see how, and if, those documents offer any latitude for delays. It advised small business contract holders to look to the Federal Acquisition Regulation for further information on how federal contract performance is handled under extreme circumstances, including pandemics. It warned that “force majeure” clauses common in the language of many commercial contracts, are not the same under the FAR.
Contractors that have “Excusable Delays” provisions in their contracts that cover contingencies including epidemics.
EPA advised contractors to consult with customer agencies closely on whether specific federal workers or sites would be available or open for work. It said contractors might also get wind-down and startup costs covered if work can’t be done because of absent workers or closed sites.”
‘It is really important to adjust and amend contracts so that contractors can continue to work with the government counterparts.’ If that’s teleworking, that’s teleworking, if it’s moving to a different location, it’s moving to a different location.”
“As millions of Americans prepare to work from home in an effort to slow the spread of the coronavirus, Defense Department managers and the companies that support them are waiting for guidance on just how they should be clearing their offices.
Set aside the workers who build planes, ships, tanks and other weapons on special assembly lines around the country. Plenty more are holders of security clearances who can’t do their jobs without special computers and facilities that protect classified information. Among them: analysts, war planners, and engineers designing next-generation weapons.
But the situation is murky even for the hundreds of thousands of government contractors who don’t need access to secret information. As the Pentagon begins sending nonessential employees home, it’s unclear what’s going to happen to them.
“There’s almost no guidance going out about contractors,” said David Berteau, a former Pentagon official who is now CEO of the Professional Services Council, an organization that advocates for government contractors. “Part of that problem is, contractors are managed on a contract by contract basis.”
And in many cases, these employees’ contracts don’t even mention remote work.
“You don’t want to change contracts from the top down,” Berteau said. “But you can send out guidance to contracting officers that says, ‘It is really important for you to adjust and amend contracts so that contractors can continue to work with the government counterparts.’ If that’s teleworking, that’s teleworking, if it’s moving to a different location, it’s moving to a different location.”
For years, the U.S. government has done drills and exercises to prepare for scenarios where workers cannot access secure facilities, said Berteau, who served as assistant defense secretary for logistics and materiel readiness during the Obama administration.
But: “We have not taken those lessons from the simulations seriously enough that we’ve done the preparation necessary to execute it,” he said. “So now we’re having to do it in real time. It’s important that we get it done. It’s important that we keep the government working. It’s important that contractors are part of that keep the government working goal. And it’s important that they have guidance [and] it’s integrated across the government in order to make that happen.”
As for the government workers and contractors who must access classified information, there’s no alternate, for now at least, to having a secure government facility.
“You can’t go home on your laptop and plug it in and get classified data,” Berteau said. “It’s my personal belief…that we could do a lot more than we are doing.”
But, he noted, it would likely cost a lot to buy the equipment needed to make that happen.
“We have got to be taking notes as we go about what we need to do better … so we’re more ready the next time it comes,” Berteau said. That would be a federal government, executive branch, responsibility, but it would also be a congressional responsibility to make sure it happens and that the resources are available to do it.”