In August Harold Martin, a contractor, was arrested and charged with theft of highly classified materials and information from his duty position at the National Security Agency (NSA). A search of his home discovered a multitude of evidence that Martin had been removing classified material from his work location for years in both hard copy and electronically. Investigators report that they found dozens of computers and hundreds of thumb drives and hard drives.
The investigation reports indicate that at some point in the preceding year, Martin had a conflict with co-workers and was moved from one contract to another by his employer. I see two problem areas in this case that may have facilitated and prolonged Martin’s theft.
When Conflicts are Security Concerns
First, the alleged “conflict with co-workers” should have been investigated by security personnel to ascertain the nature and extent of the incident. I have experienced this situation in my own organization and they are sometimes not easy to investigate or resolve to everyone’s satisfaction. However, moving the employee to another contract and essentially hiding the problem is not the correct action to take. A thorough investigation to prove or disprove allegations is necessary and may or may not result in the suspension of the individual’s access to classified information.
Paragraph 1-301.a of the National Industrial Security Program Operating Manual (NISPOM) details reporting adverse information concerning cleared employees to the Cognizant Security Agency (CSA) and clearly stated that “Reports based on rumor and innuendo should not be made.” If the “conflict” was a simple misunderstanding or a “he said, he said” situation, then no harm, no foul, no report to the CSA. However, if the conflict was more extensive or indicative of requiring a formal investigation, then a report to the CSA may have been warranted. The on-going investigation should provide clarification of this reassignment.
The Negative Impact of the Reduced Cleared Workforce
Secondly, several articles indicate that contractor companies sometimes hide personnel by “pooling” cleared employees. This, again, is not the correct action to take and clearly violates the NISPOM. Paragraph 2-200.d of the NISPOM states that contractors shall limit cleared personnel to the minimum number of employees necessary for operational efficiency, consistent with contractual obligations and other requirements and that contractors shall not establish pools of cleared employees.
For large companies with numerous contracts at various clearance levels, “pooling” cleared employees is easy and, I have heard, often done. The primary reasons to “pool” employees is to avoid breaks in access which may require re-investigations to be submitted and to keep valuable employees “on the books” while pending contacts awaiting the award process. Defense Security Service Industrial Security Representatives (ISR) just have too many companies assigned to them to do detailed analysis on a frequent basis to catch these companies. In some instances, companies are not inspected by the ISR for 18 to 24 months, leaving compliance with the NISPOM solely on the company Facility Security Officer.
Of course, Martin is under extensive investigation to completely uncover the extent of, and motivation for, his conduct, as well as any administrative actions that were or were not taken. Perhaps we will see his case someday on Dateline or American Hoarder. I do not mean to sound flip, but I am just glad he was caught and very glad that he is not one of my employees.