Ours is a difficult world in ways our ancestors would not recognize. Today, we who try to protect cleared programs and personnel must be aware of so much more of our professional environment. Why is this? The interactions of themes are endless, multi-layered, and often unique. Two generations ago, East European refugees to the West were monitored because some might have been compromised and recruited by Warsaw Pact Intelligence Services. Today, immigrants flow around the world, driven variously by wars, famine, and economic livelihood quests. These too are exploited by adversaries seeking to infiltrate any of our systems which might serve their advantage. Whereas once we needed awareness of teams of surveillants physically following our activities, today the local surveillance teams can marshal entire closed-circuit camera systems throughout a city to observe what we do. Need we add what space-based surveillance, not to mention drones, can do? An analyst at the Institute for Strategic Studies has noted that two dozen years ago a terrorist could sling a couple of rockets at a military base. Today the same terrorist organization can carefully target a selected building with a cheap, weaponized drone and do remarkable damage. Modern communications, satellites, and AI have revolutionized our security concerns. Our attention to those developments constantly requires technical updates, not to mention professional skill sets being taught on any university campus you care to mention.
Spend time in study
We, who work in cleared programs, must be aware of such changes, and how to counter them. Admittedly, no one person can do so. Thus we need to find talent that can. We need to know the capabilities of systems that might be targeting us. Ask yourself when you last attended formal training. Are you aware that if you work for the federal government, you can request formal training in systems related to your line of work? Security personnel can request courses through universities. Indeed, language training is not out of the question either, if you find your cleared projects require work with foreign agencies. Often, corporations can do the same. If you discover during your reading that something might be a threat, learn about it. Can you imagine living in Gaza, and not wondering what those drones hovering overhead can do? What ordnance can they cause to be called in? What can a drone see of your cleared project being tested in a secure field? Some know and can counter those drones. It is critical to remember that we are protecting classified projects. So too must we remember there are others, adversaries, who also spend their entire days attempting to defeat, deny, or destroy our protective capabilities. They do what they must if they understand you and your team to be a threat. Oh, as computer specialists remind us, they won’t always strike when you are ready. They’ll strike when it is worst for you.
Learn from the Past
Our nation delivers vast amounts of military hardware around the world. We send what is intended to serve our interests, even though it is used by others. What if that capability was compromised before it left the U.S.? What if due to our lack of attention we didn’t do all we could to counter known adversarial actions before we sent our equipment or classified projects abroad? Study what programs have been compromised already, and learn from these experiences. Read how we responded to the compromised gasoline delivery pipeline system across the southeastern United States. Observe how our health personnel dealt with the giant compromise of military pharmacies. Our adversaries certainly are. Recently we’ve seen FinnAir flights being canceled because their GPS systems were compromised. How and why this happened in a Russian zone of interest have caused serious evaluations by analysts. We know those on our side are studying this and similar events in detail, but so are the adversaries. They are taking note of everything required, and how long it takes to get these vital services going again. Yes, we might not even see gasoline and pharmacies as classified programs, but they are vital to running our cleared programs once a crisis requires them for use; gasoline for movement, pharmacies for the health care of our service members. Oh, and we should add here an adversary might see the advantage in damaging our hospital care systems overall in a crisis, as the pharmacy attack demonstrated. That alone would be a major failure of our defenses.
The enemy is always learning too
What to do? We’ve advised on the importance of having good liaison with local authorities, likewise with spending the money on technical talent. What more can a security office do to ensure we keep abreast of those who are ‘out to get us’? It is best to know who they are. Yes, there are threat assessments that your supporting investigative elements can provide. But then there’s you. How many times do you hear ‘I’ve got so many years doing this work’ as if that is an explanation for something? How many valuable years does your security manager, or technical expert, or linguist have? Have they remained current in threats directed at your program? Have they kept current with the shifting sands of history? Do they understand why today we need to be aware not only of who our adversary is but what nations might that enemy draw upon to defeat us? We should never, ever be satisfied with what we once knew to see us through today. Our adversary certainly is not. We need to be able to see the world through his eyes, too.