Security professionals should remember: We don’t work in a vacuum. Although our projects are separated from the rest of the company, our cafeterias are not, nor are the breakrooms or restrooms. We chat and discuss events of the day, and the progress of our classified programs. Oh no, we don’t discuss specifics, but we discuss enough so that any reasonably astute spy might conclude what we are up to. Once a code word project, a cost figure that doesn’t match known products, or even something as simple as the physical location required to complete our projects is leaked, trouble can develop. A roving spy, or compromised computer, or even an innocent who likes to discuss work at home might pick up on the compromise.

We cannot count on everyone to remember everything they should or shouldn’t do. We can’t even count on all our people to remember what’s classified and what’s not. To hear even a well-constructed security briefing once a year is not enough. There have to be posted signs, and warnings, and computer notifications that you must not discuss classified. But there’s even more. Spies and competitors, have long since figured out to approach someone ‘off line’. They might magically appear at a barbecue, or call from a hotel, or just drop by the after-work ‘watering hole’. In those pleasant venues they might even broach the subject they’re really interested in. ‘What are you up to at work?’

That is where a critical coordination comes in. Any official request, no matter how benign, should be referred to your Public Affairs Office. Once, a technician was called long distance from abroad. It was a real person he’d met only the preceding month at a conference overseas. The inquirer wanted to confirm, for future investment, if the people at that address were working on a particular project. In fact, the inquisitor recalled to our employee she’d discussed something to that effect when they’d met before. “No”, our person who reported the incident said, “I don’t recall any discussion about work.” They did exchange cards, but that was that. In fact, this call was a ploy. It was an attempt to capitalize on collegiality, or even friendship, to elicit information. To his credit, our employee referred the caller to his Public Affairs Office, who handled his inquiry. They of course know to refer it to investigators when the issue appears it might be  beyond a normal business inquiry.

Your Public Affairs Officer must be aware of the relationships of your various projects in the company. They must not only know a line and block chart, but what can, and cannot be released. The very security of your cleared programs depends on this. It helps tremendously too, because now your employees don’t have to remember any more when a ‘chance encounter’ occurs that they must refer it to your PAO. Note, too, that we haven’t stated that the PAO must be cognizant of the exact nature of your cleared program, if it is not helpful. But they must know whether or where they should refer inquiries about it, or provide no response to an inquirer. Or, refer it to investigators.

Sitting down regularly with your PAO officers is extremely valuable. They are responsible for knowing what can, and cannot be released under the Freedom of Information Act, for public releases, for advising on any contact with news agencies that might occur, and a host of other public eventualities. For example, if there is a fire in your facility, the first people to arrive will probably be news reporters, not firefighters! Further, they are linked into the public discourse about your company’s projects. They might be, for instance, aware of whether your company is under investigation by journalists for actions which may or may not be true. They can advise on a host of things which you may not even be cognizant of. Take the time to be sure any of your public actions, especially testing, is run by them. They can advise, for instance, whether environmental concerns are an issue, or if public awareness would be counterproductive. Coordination discussions with public affairs officials on the myriad eventualities of any cleared program is time well spent.

 

Related News

John William Davis was commissioned an artillery officer and served as a counterintelligence officer and linguist. Thereafter he was counterintelligence officer for Space and Missile Defense Command, instructing the threat portion of the Department of the Army's Operations Security Course. Upon retirement, he wrote of his experiences in Rainy Street Stories.