December 3, 2024
You might have noticed the U.S. government has had a few problems keeping secrets in recent years. Everything from junior underlings walking out the door with classified information to senior officials mishandling national secrets has made the headlines. Heather McMahon and Michael Schellhammer think they may have found the leading cause that many of us might consider an old trusted friend: paper. They make a case for the U.S. government to join the rest of the world, or at least the commercial sector, and embrace the digital age. With newer digital devices that have better access controls, allow remote wipes, and are just more secure all around, Heather and Michael argue that now is the time to make the move as an aging and reticent federal workforce starts marching towards retirement.

Our modern intelligence apparatus is being defeated by paper, a 2,000-year-old medium.

An unindicted co-conspirator in national security leaks remains at large: paper. For the U.S. government to prevent more leaks, it will have to lock up this culprit.

Between the disclosure of top secret information on the Discord gaming platform, allegedly by a Massachusetts Air National Guard member, the improper storage of classified documents at Mar-a-Lago, discovery of classified documents at the residences of President Joe Biden and former Vice President Mike Pence, and recent arrest of a Department of State contractor, nearly 1,000 classified pages escaped from secure facilities, causing severe national security harm and national embarrassment. The Department of Justice prosecuted a series of cases over the past two decades involving trusted insiders improperly removing classified documents from secure spaces. Our modern intelligence apparatus is being defeated by paper, a 2,000-year-old medium.

Defense Secretary Lloyd Austin responded to the Discord leak by directing program improvements that will reduce security risks. To complete Austin’s intent and uniformly protect sensitive information, however, the U.S. government should reduce its reliance on the paper that leakers are so fond of by taking three simple steps:

First, realize that paper is not the communications medium of the future

Despite decades of automation, the U.S. government still moves much of its information by paper. This creates an environment of false security, where smuggling documents is easy to commit and difficult to catch. Former U.S. Air Force analyst Reality Winner, convicted in 2017 of removing classified information from a secure facility, told the FBI, “There’s little to no security on documents.” In addition, lost or smuggled papers cannot be wiped remotely and can exist for years in file cabinets, storage rooms, or garages before ending up online, in the press, or in the hands of foreign intelligence services. Urging the White House to go paperless, our colleague Beth Sanner, formerly of the Director of National Intelligence Office and a seasoned White House briefer, said that “the mountain of classified material flowing around the White House–and other national security agencies and departments–presents an inherent vulnerability.” To glimpse the security measures required to secure paper, witness the searching of people entering and exiting the Pentagon earlier this summer. Now imagine the incredible impracticality of implementing similar searches at U.S. government facilities around the world.

Such security issues persist because inside many government offices, it is still 1985. Although designed to support information technology, office layout and business processes are legacies of the industrial age, “conceptualized as a machine for paperwork” according to the Washington Post.

Employees also rely on paper for comfort and convenience. Hard copy “briefing books” endure as staples for senior leaders. “You can’t hack paper” is still a refrain. The authors have witnessed some offices that duplicate automated systems with hard copy documents.

Reliance on paper reflects antiquated security ideals that inhibit efficiency and create vulnerabilities. Today’s government security experts are expected to respond to incidents at the speed of commercial technology and human ingenuity. With paper-focused systems, overworked security professionals respond to leaks at glacial paces hampered by old technology and methods. Many seasoned officials charged with investigating leaks, including the authors, have weathered the senior leader criticism: “Why am I hearing this from the media before hearing it from you?” Reliance on paper diverts effort from proactive programs that could identify risks and prevent leaks before they happen.

Outside the U.S. government, the commercial sectors are leaving paper behind. Since 2013 International Paper, the oldest and largest paper company in the world, sold off its sheet paper business and reoriented towards packaging and fibers. In 2021, Forbes reported that reducing paper increases efficiency. The business world moves information on fast and secure 5G networks. You are probably reading this on a tablet or mobile phone, possibly connected to a private network. The fields of medicine, air travel, banking, insurance, and others all move your private information in mobile, efficient, and secure architectures.

Second, embrace information age technology for security

The DoD recognized the trend away from paper decades ago. A 2012 DoD Mobile Device Strategy advised transitioning to mobile devices, including for classified information, to improve productivity. The Defense Information Systems Agency (DISA), recognizing that “mobility is the future,” began programs in 2017 for specially-approved tablets and phones that allow key leaders to access classified information on the move. None of these devices contain data at rest, which prevents compromise of classified information if lost or stolen. The program “received positive feedback from combatant commanders, praising the enhanced capability.” Although the DoD normally bans mobile devices in secure work areas, a 2018 national policy directive approved by the DoD Chief Information Officer (CIO) intended to increase workforce efficiency through expanded mobility outlines security requirements for allowing mobile device use within secure workspaces. The policy “will definitely improve productivity,” said Therese Firmin, DoD Deputy CIO.

The Department of State is also moving beyond disseminating paper-based information. Having provided some access to unclassified cables over mobile phones for years, the Department’s Bureau of Intelligence & Research (INR) plans to expand access for personnel to efficiently view a wider range of unclassified open-source intelligence products on enhanced mobile devices worldwide to improve operational effectiveness and diplomat safety. By following the leads of the DoD and State, other government agencies and departments can expand similar programs judiciously on unclassified and classified networks to help move away from the paper-based and briefing-book culture.

Potential leakers, instead of being able to simply walk out of secure spaces with paper, will face electronic barriers and tracking measures.

To do so, the government must balance digital efficiency with proper security. Implementing “Zero Trust” principles, where network security requires identity verification and use validation at several levels, can reduce access to the easily smuggled paper documents. Current wireless intrusion detection systems and related security-focused technology can mitigate mobile device features that have historically been problematic. Potential leakers, instead of being able to simply walk out of secure spaces with paper, will face electronic barriers and tracking measures. Note that according to the FBI, it was U.S. government audits or monitoring that aided investigators in both the Winner and Discord platform leaks long after the hard copy theft went undetected.

Finally, let the culture support the workforce

With paper-based systems embedded at every level of government, success will require cultural change. Up-and-coming professionals already expect such change. By 2025, 31% of the Federal workforce will be eligible to retire. The new generation of workers who succeed them are digital natives who seek flexibility in hybrid offices. Intelligence agencies from the CIA to the German foreign intelligence service are seeking new work environments. And a 2023 survey identified digital technology initiatives and workforce hiring and retention as the two top issues for businesses through 2024. Modernizing now to improve security will help attract the best and brightest employees who want to serve the public in a digital environment.

Conclusion

For the sake of security, efficiency, and the workforce, it’s time for the government to embrace the information age and break its bad paper habit.

Considering the constant international competition at the strategic level, the most efficient, flexible, and secure information systems are as vital to national security as advanced weapons. Competitors appreciate this. The United States can be even more powerful if we move information faster than our adversaries, staying ahead of them instead of constantly playing catch up. Ongoing U.S. government efforts to root out malicious or careless insiders, strengthen personnel vetting processes, and improve classified and sensitive information handling are important but will take time. As a faster countermeasure, government agencies can immediately improve security by eschewing paper and adopting modern devices, ditching the environment that hands leakers an accessible medium for harm.

Heather McMahon is a former senior intelligence and counterintelligence officer with experience as Senior Director at the President’s Intelligence Advisory Board, the Department of Defense, the U.S. Army, and the intelligence community. A graduate of West Point, she is currently the Deputy Executive Director of the University of Maryland Applied Research Laboratory for Intelligence and Security (ARLIS).

Michael Schellhammer is a retired intelligence and counterintelligence officer with over 30 years experience in the U.S. Army, Department of Defense, and the intelligence community. He is a graduate of the AY17 Distance Education Program at the U.S. Army War College.

The views expressed in this article are those of the author and do not necessarily reflect those of the University of Maryland, U.S. Army War College, the U.S. Army, or the Department of Defense.

Photo Credit: Image by Freepik

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to a friend