© Mhieronimus | Dreamstime.com - Hollywood Sign Photo |
I recently had the fortune of being on a radio talk show for security professionals. This show has an audience of approximately 10,000 listeners with varied corporate and law enforcement security experience. However, very few of the audience members work in the defense contractor industry or under the National Industrial Security Program.
I had wanted to be a guest on the show since I had heard about it
earlier this year. I had found them in a google search and discovered that they
had covered the National Industrial Security Program (NISP) with some college students. The conversation, though serious, proved light as the talk
show hosts engaged the guests and audience in an entertaining manner. They actually made
NISP seem very interesting.
I had to ask myself, "When was the last time a
security briefing, training, or seminar was engaging, serious, and comical at
the same time?"
That was the question on my mind as I listened to the
interview. The students did a great job talking about the security clearance
topics. The most entertaining part of the show was listening to assumptions the
hosts had about security clearances and protecting classified information. I
thought I could help with those concerns and volunteered to be on the show.
Like most good security managers, the show vetted Red Bike Publishing, our
books, and credentials and decided to invite me on the show.
I went in with the understanding that this was their show
and I was a guest. I probably would not get much time to speak as they did have
a show to do. I felt my job was to complement the show by engaging their
comments, concerns, and issues the best I could from a NISP point of view. I
also realized this was a good opportunity to educate a broader security
audience.
The concerns they shared showed a fundamental
misunderstanding of how government contracting, classified contracts, andsecurity clearances work. This fundamental misunderstanding is often shared by those not in the know and often manifests
in the movies and TV shows we watch today. For example, on an episode of
Hawaii Five-0, a husband had stolen classified information off his wife's laptop
computer at home while she slept. What?
Without fully understanding the NISP, the general public could draw conclusions that cleared employees keep
classified information on laptops and bring them home at night. The Hawaii Five-0 character stated words to the
effect of, "he broke into her laptop and stole her security
clearance". Wait, what?.
You may have noticed similar discrepancies, but that's
ok. It's Hollywood where monsters, fairies, and magic exists. Additionally, the
nightmarish mishandling of classified information in the hands of incompetent
people burdened by an overbearing bureaucrat is also wrongly portrayed. Not to forget also, most Hollywood movies feature defense contractors as evil and villainous, but we know different.
In spite of the Hollywood nightmare, cleared employees are trained to understand how the NISP works and how classified information is really protected.
Similar misunderstandings revealed themselves during the
radio show. Here are some question topics that arose and that many FSOs and security managers may face. How would
you have responded?
1. Wouldn't it make more sense to clear everyone to the
TOP SECRET level and protect everything at TOP SECRET?
This is the assumption
that all classified information CONFIDENTIAL through TOP SECRET should be
treated as TOP SECRET.
2. When private companies are working on their classified
products, who knows how it is protected and if there is enough protection?
This
is the assumption that classified information is generated by everyone and
there is on oversight by anyone. This also discounts the government contracting
process.
3. Bad guys are constantly attacking our computers and
taking our classified information.
This assumes that classified information is
processed on open computers and networks and takes us back to the Hawaii Five-0
scenario.
4. People with security clearances are doing what they
want with no oversight.
This assumes that the security clearance investigation,
whole person concept adjudication, and continuous evaluation process do not
exist.
There were so many other issues, too many to cover for this
article.
As I encountered each of the obstacles, I began to weave
a story of how the NISP worked as the hero to ease their fight the monsters of bad security management and our
"endangered" secrets. I began by explaining the following: government contracts,
six step OCA process, security classification level assignment and
notification, markings, DD Forms 254, required initial security briefings, SF312 training, annual security awareness training, NISPOM guidance, derivative classifier training, OPM security
clearance investigation process, continuous evaluation, periodic re-investigations, and Defense Security Services education, partnerships, and
reviews. There was not enough time to go
into everything, but I used the allotted time to educate and correct their
misguided assumptions.
However, these mistaken beliefs are not only shared by
Hollywood and the general American public; newly cleared employees may share
similar beliefs.
So, how should a facility security officer and cleared employees respond? Would they lambaste the less knowledgeable person, take time to train them, or become frustrated and walk away.
So, how should a facility security officer and cleared employees respond? Would they lambaste the less knowledgeable person, take time to train them, or become frustrated and walk away.
I've had the opportunity to see all three approaches. The correct and most effective approach is to take the time to train and correct the problem. Next time you engage employees, perform training, or advise a program, be ready for anything, treat the topic with respect and correct the situation.