I worked in an area of security for 10 years that not too many know. It is called Industrial Security, the oversight of contractor measures to protect classified information provided to them by Federal government agencies. It was interesting work that got me into hundreds of businesses that make things for government use. That work is done, or not done today, by the Defense Security Service. I just read a GAO report that had a lot in it that many government employees might pass over without another thought. It was a bad repot on an agency that has gone rapidly downhill. [The first 10 pages are background that is not needed for anyone that has any knowledge of Industrieal Security].
We used to do an inspection of large contractors twice a year, and no company went longer than a year. This report says in 2016 DSS did not conduct security reviews in 60% of its facilities. That is a disgrace. What happens when these reviews are not done is managers who do not value security in their own facilities, will stop doing much of the work that protects classified information. There are about 5% of the 12,000 facilities that are difficult inspections because management does not like to do security. I had one of them tell me to take all the classified material back to our office and not come back, but he found that he could not perform on the contact without it. I had one that repeated fired his security staff every time there was a bad inspection, and the majority of them were bad. The problem was not his staff; it was him. I had one that hired a principle officer who was a foreign national and could not be cleared, after I told him that would invalidate his facility clearance. It did, and it cost them over $100,000 to compensate the person hired and hire another person. The employees are rarely the problem - senior managers are.
This GAO report says DSS has not done much to correct its own deficiencies, or lay out plans that establishes a basis to budget for correction. This is a basic management responsibility. It does not have the resources it needs to meet the requirements and has not done what it needs to do to get them.
The second part of this report deals with Foreign Ownership Control and Influence which is a small, but important part of security. It is a specialized area that requires review to prevent foreign ownership of contractors working on government programs. When it is not done correctly it can lead to pressure by foreign firms on how performance on those contracts is done, or disclosure of classified information to foreign nationals at Board meetings. This is an area that needs more attention for good reason, with China buying up everything in sight.
It is sad to see DSS in such a state. It is even more sad that the Defense Department let the get to such a state by doing nothing about improving their capabilities. If Defense is going to manage the program it needs to fund it.
No comments:
Post a Comment