Former Director of National Security Agency Michael Hayden responds to the latest intelligence leak: “’I don’t mean to judge them at all, but this group of millennials and related groups simply have different understandings of the words loyalty, secrecy and transparency . . . .’” Former Pentagon Under Secretary of Defense for Intelligence Marcel Lettre responds: “As we seek innovation in military and intelligence capabilities to build an edge over our adversaries, we need in parallel to innovate in our protections against insider threats.” Here are five hot tips Lettre offers to cleared professionals everywhere.
MAKE PROTECTION PART OF THE PACKAGE
The most advanced technology money can develop and buy is only an advantage if the competition cannot get ahold of it. However, Lettre suggests, we’re blinded by the amazing technology and fail to see inherent vulnerabilities. While it might be impossible to design any 100 percent leak-proof or hack-proof technology, we at least try. “Every time you consider investing in a new capability or technological advantage,” Lettre advises, “ask your team to also show you how it will be protected against adversaries who want to steal, copy, or reveal it.” Asked, they may come up with some ingenious ways to increase security of the new technology. When they do, “hold one member of your senior team accountable for ensuring there is a comprehensive, enterprisewide strategy in place.”
RESPECT CIVIL LIBERTIES, LOUDLY
“’So we bring these [millennials] into the agency,’” General Hayden observes, “’but culturally they have different instincts than the people who made the decision to hire them,’” Under Secretary Lettre might argue the “different instincts” are a commitment to civil liberties they understand the constitution protects. “Ensure you are personally confident you can reassure the American public that cyber and intelligence tools used by the military and the intelligence community are used to protect them, with appropriate privacy and civil liberties protections in place,” advises Lettre. No doubt, the moral and ethical landscape among cleared professionals has evolved, and when technology violates civil liberties, Lettre seems to say, we’re daring people to expose the violation. And it’s leaders’ responsibility—especially leaders in government—to make sure civil liberties are, in fact, protected: “Second, satisfy yourself that privacy and civil liberties protections are strong.” Then, he writes, build trust and “make your own judgments and share with the American people your assessment, frequently and loudly.”
PROTECT THE NETWORK
For old-timers, the Cloud is scary—having all that information floating around, accessible to everybody all the time. Understandably, keeping programs and data locked on the local server is much safer. Not so, Lettre argues. From Lettre’s perspective, the Cloud doesn’t mean more vulnerability to more threats. The Cloud means exponentially fast reaction times to identified weaknesses. Lettre explains that “security is improving as we can more rapidly deploy new protections across the full network, improve our ability to tag sensitive data and content, automate access by need to know, and track that access.” And while many shudder to think about artificial intelligence lending a hand, Lettre welcomes AI that will, as he sees it, “enhance our ability to hunt for anomalous or alarming behavior while further limiting the impacts on those in our community who are doing nothing wrong and focused on the mission.”
TRANSFORM THE CLEARANCE PROCESS
The clearance backlog is bad. Very bad. “With additional applications being filed daily, it’s difficult to see how NBIB will reach the end of the tunnel,” observes Melissa Jordan. And the 2018 target for substantial progress may be too long for some. Under Secretary Lettre’s as frustrated as everyone. “This system has failed to catch insider threats who have done great harm.” He writes. “At the same time, it drives tremendous waste and inefficiency into managing our cleared workforce across government and the defense industry.” Lettre believes that the massive footprint we all leave in automated records—presumably, from official government records to social media and internet activity records—can serve as a quicker and more effective way to evaluate a threat. “Insist,” Lettre writes, “we move expeditiously to a system that relies less on manual background investigations and increasingly on automated records checks, continuous evaluation and artificial intelligence-enabled data analytics to monitor the reliability of people who hold classified security clearances and access our facilities across government and industry.”
PARTNER WITH INDUSTRY
One very wise senior leader once acknowledged that the feds cannot do it alone, whatever sizeable challenge it is. To that end, smart, forward-thinking leaders reach out to for-profit and not-for-profit partners, collaborate with other stakeholders, and build relationships that can help address big challenges. Lettre seems to agree: “keep asking for help from industry and technology leaders and other key stakeholders outside of government. In my experience, most corporate leaders want to help make government more effective and want to find ways to contribute to the national security.” I think he’s right.
What Under Secretary Marcel Lettre is suggesting, is encouraging, is a genuine cultural evolution in how the cleared community approaches security. That takes time. But perhaps we’re ready for the next great evolutionary leap.
