Too often we who manage cleared programs focus too narrowly. Those excellent, well-trained French engineers who built the Maginot Line, (a line of connected fortresses built to prevent the Germans from breaking into France as they did in World War I), failed to notice that their adversaries could simply go around it through Belgium. This is exactly what the German Wehrmacht did in the Second World War. All that detailed, outstanding French technical effort was wasted because they hadn’t seen the larger picture. We see this today in our defensive security preparations.
Old School Espionage
Everyone has been following the recent spy scandal concerning submarine design theft. An American nuclear engineer and his wife have been indicted on charges of attempting to sell classified information to a ‘foreign power’. This is traditional, in fact old-school espionage. Of particular interest were his comments upon discussion with his ‘foreign spy counterpart’ (actually an undercover FBI agent). The engineer said he quietly stole single documents or small packets of information and carried them out of the building over several years, so he wouldn’t be noticed. We say his espionage was old school because defense against such theft could have been the focus of a security briefing in 1951. Yet this happened in 2021. In this case, preparations against old school espionage worked. Are we preparing ourselves properly for modern threats to our programs today? We are apparently—at least in this case— well prepared against such labor intensive espionage. But what about now, in our Artificial Intelligence and electronically dominated world?
New World Needs New Defense
We are in a new world, and must expand our current defenses accordingly. Today, professional espionage by nation states and their recruited spies seldom employ the secret rendezvous, brush passes on sidewalks, or dead drops. Rather, electronic means of theft and communication are employed. Malware, intrusion devices, and electronic sabotage are threats against which we must plan, too. We must have skilled practitioners who understand these arts, who can assess these threats and advise accordingly.
People are more comfortable in environments they know. We can establish a host of briefings which draw from cases analyzed in the past. Yet the question must always be raised, will these case studies help us now? Briefing cleared personnel on current, existential threats is critical if we wish to keep our staff cognizant of what they must do to defend our programs. While it is quite true that recruitment of spies among our people is often much as it was in the past, their means of communication are much more secure than in days gone by. Communication was always the weakest link in espionage. A spy could steal information, but how he got it to his handler was the greatest danger for him or her. Only seldom did a spy risk his position to actually meet his handler, and then usually in some secure location abroad, a favorite location being Vienna, for example. This is why an awareness of all foreign travel and connections by our employees is still important. It was one of the first clues which led to the arrest of a State Department couple who’d spied for Cuba for over twenty years. Today, the means of gathering information might only rely on a spy inserting a collection device, a USB say, into a stand-alone computer system. He then has accomplished his mission, having compromised a system now ‘controlled’ by a hostile force. He doesn’t collect the information himself, but rather allows the controller to manipulate the device. Our spy is free to be tasked to accomplish another mission.
Defend the Threats of Today
Don’t plan to build another security Maginot Line. Build defenses cued to actual threats today. We are always in a race to see who can outwit the other side. Can their stealing defeat our best attempts to protect our interests? Let’s hope not. Better said, let’s be sure their efforts fail. Let’s try our best to ‘make their raid become our ambush’! Don’t gamble on whether we’ll win. Know. Work with your supporting investigative agencies. Have them provide updates to your threat assessments regularly. If you suspect you aren’t receiving answers to questions which seem to be left in abeyance, ask to speak to a senior agent. Your insistence could mean the answer to defeat those who would steal the information you are there to protect.