Picture your cleared program from beginning to end. First, it is designed. Then a company configures various components. These parts arrive at your location through a system commonly referred to as a supply chain. It is assembled at your plant, and then dispatched. Its deployment is accomplished by professionals who must train the recipients on its use. Each step of the way is filled with security requirements. Each one of your team members must be made aware of his/her role in keeping the whole project safe.
Balancing Security with Need-to-Know
Often, many security managers demand ‘less is more’. This means they will only advise those who have literal contact with the device. Only such people are advised of its presence, its movement, and its protections. To justify this, they overuse the ‘need to know’ principle. “What?” they say, “If I advise too many of what we’re doing, we could compromise it!” They shudder as they tell you their logic. “What if a spy were to find out about this? He could compromise it, and our effectiveness would be zero. Mission failure.”
Consequences of Overusing ‘Need to Know’
Really? If, on the other hand, you were to advise other intelligence and security professionals along the manufacture and delivery route described above, you might preclude compromising the mission yourself. Consider if you left out the Navy when you went to deploy a radar north to, say, Alaska. It arrives, and cannot function due to wind and weather conditions – any naval intelligence service could have told you about. Effectiveness of your deployment: zero. Not a single spy did you in. Instead, hubris and near paranoia were given free reign, and so your project failed.
Engaging the Right People in International Projects
We who protect classified information and physical projects know there is much we can do to assure they arrive secure and usable at the deployment location. Yes, we follow certain principles, such as ‘need to know’. Of course, we must judge that need professionally. Who can give us the best information about each component of a mission? If we are dealing with international projects overseas, we need to know who can be, indeed should be, properly involved.
Leveraging Diplomatic Channels for Security
If our project will impact NATO, we must assure that our liaison with that multinational organization is activated. Be assured, any employment of an American project overseas will mandate working with local authorities. Yes, here is where a sound understanding of ‘need to know’ comes in. If I am going to work in a given country, m y first stop should be with the American Embassy assigned to that country. There I can learn what agencies will be helpful. For instance, many nations have their own internal and external intelligence equivalents which must be notified. Count on your U.S. Embassy team to advise you on that. Do not stumble into a country on your own. Further, the Embassy might even refer you back to Washington, DC. There you might be directed to appropriate American investigative, research, or analysis teams specially organized to support missions such as yours. For many years, for instance, there was a Special Representative team organized to support American activities in Afghanistan and Pakistan. They had a role in who was able to act in those countries. Their mission was so sensitive it was given clear guidelines by our State Department. It was reassuring to have professional diplomats available to help our various missions headed inland.
Working with Government Entities for Security Compliance
As you walk through your manufacture and deployment missions, you won’t go wrong by working from highest government office to the lowest. If I’m director of the FAA, I will be able to advise you of what mechanisms from my office can support your flights of equipment overseas. Likewise with the naval services, which can assist in advising what can be done at sea. Bear in mind too that each nation has a U.S. State Department specialist to help you. It is his or her job to monitor any and all developments in a given country. For instance, strange colonial holdovers around the world might require coordination with national owners of small pieces of real estate you need to stop at for supply replenishment or refueling.
Reassessing Known Security Measures
Of course, generally speaking most of what you will provide in your classified production and deployment is already prepared for. If the program has been in place for years, you’ll benefit from much of what went before. What shows true professionalism, however, is how even known security measures are re-evaluated. British intelligence officers could not explain why team after team of their deployed underground anti-communists were rounded up upon arrival in the former Communist bloc countries. Someone finally said, ‘I think we have a spy compromising them’. It took years, but they finally pursued that anomaly enough to discover that a highly placed SIS officer, Kim Philby, was indeed betraying them to the Communists in Moscow.
Ensuring Ongoing Security Vigilance
Study each step of your project, verify that those who need to know do, and those who don’t, don’t. But be judicious, don’t assume that all is well because it has been done over and over. Validate with each shipment that the right people know, that they are checked out, and that their knowledge is required. You’ll get your items safely to the battlefield, and safely protect our deployed service members.
