It’s time to rethink how we handle, view, and work with classified info post-pandemic
It is encouraging to read that the Defense Department has nearly one million employees currently teleworking, up from 95,000 just a few months ago. The DOD’s Commercial Virtual Remote Environment (CVR), recently announced by CIO Dana Deasy, has allowed nearly half of its workforce to pivot to remotely accessing sensitive information and is an encouraging next step toward a secure cloud-based collaboration platform. Much like the private sector, the DOD reacted quickly to environmental change to continue to meet the mission.
However, the pandemic highlights the fact that we must do more to remain competitive.
The national security community has long struggled with the dilemma that safeguarding classified information means requiring cleared personnel to work in sensitive compartmented information facilities (SCIFs). The result is that program and technology development, particularly collaboration between the public and private sectors, is often hampered by delay or cost—or even access to emerging technologies that could make a difference.
COVID-19 must be a wake-up call that to sustain this critical public-private partnership we must take a hard look at what really needs to be classified, who truly needs a clearance, and how we can maintain a nimble, skilled, and diverse national security workforce while still protecting our nation’s secrets.
Low-side development is flexible and cost-effective
We can all agree that innovation and cost control are essential—so how can we adjust our classified work practices to drive success in these areas? Requiring most public-private sector development to be conducted within SCIFs is not only expensive and geographically restrictive, but it means that an armed conflict, natural disaster, or other catastrophe that limits access can effectively idle the workforce and grind program execution to a halt.
One way to address this issue is low-to-high development and configuration. As an organization that operates in this space, we find that more than 90% of development and configuration work can occur on the low side since typically it is the data itself that is classified. The remaining 10% can be completed on the high side.
When a vast majority of development is conducted in an unclassified setting, SCIF-related challenges created by a global pandemic, or even weather delays, are minimized. We are seeing this now across our programs where the few that have made the shift to unclassified are continuing to advance their roadmaps and deliver critical capabilities while others are just keeping the lights on. Low-to-high development enables quicker, better, and more economical solutions to meet our nation’s security needs. Through containerization, this approach even enables most patching and upgrades to occur on the low side reducing the number of people needed to sit inside a SCIF.
Low-side development also opens more opportunities for public-private sector collaboration, which is where the magic happens. Industries such as aerospace and defense, energy, financial services and public utilities have much to gain from learning from and working closely with the Defense Department and the Intelligence Community (IC), and vice versa. The harder we make it, the less this mutual synergy will ever pay off. We may not be able to apply this to every mission, but we are missing opportunities to advance if we continue to operate as we have.
Recruiting the best and brightest is key
Less classification means access to another critical need—people. Despite recent improvements, the federal security clearance backlog still numbers in the hundreds of thousands. If we want to leverage the best and brightest talent, we must be nimble and open-minded about how we attract and acquire it. We cannot afford to wait years for clearances to be processed—and in times of a volatile economy, neither can the candidates.
If we can limit the need for cleared personnel to be in SCIFs only when necessary, we can broaden the premium talent pool. With access to a larger and more diverse pool of resources, we can tap into the next generation of tech talent that otherwise would not want to (or be permitted to) work in a classified environment. We must change our mindset about who can truly contribute to the national security mission, instead of who looks good on paper and can pass a polygraph. Not to mention – uncleared but highly capable talent costs less.
Remote work technology is the new reality
Aside from where we work, how we work has been completely transformed in just five months. Video-conferencing technology has been around for nearly a century, but it took a global health crisis to make it mainstream. Now our ability to conduct secure video calls from our laptops, tablets and smartphones is ubiquitous, which speaks volumes about our ability to change when necessary.
It is likely we will never go back to the old ways completely—nor should we continue defending our nation’s security with the same old bag of tools. We must explore other operational aspects that can evolve to the new remote work reality. Just as we have fast-tracked video conferencing and digital transformation over the past five months, we need to accelerate initiatives around national and cloud security, supply chain visibility, and data modernization, to name a few. While the federal government has so far mitigated the current pandemic well enough to continue operating, we must identify new ways of working so we can be as ready as possible for the next global surprise.
The bottom line
After the Japanese attack on Pearl Harbor, the United States led the world on a journey towards improved coalition warfare. Following the terrorist attacks of Sept. 11, we improved our intelligence and law enforcement techniques to share sensitive information across agencies. Today, we must seize the COVID-19 crisis as the next critical impetus to rethink our legacy practices for classification levels, security clearances, the use of SCIFs, and how government and industry work together. Embracing this new reality can be key to ensuring our public and private sectors are as prepared as possible to defend America. If we fail to step up to this challenge, we run the risk of falling behind our adversaries, possibly for good.
Mark Testoni is the CEO at SAP National Security Services, Inc. (SAP NS2®). Prior to joining SAP NS2, Mark held leadership positions at SAP and Oracle and served twenty years in the United States Air Force.