A House Subcommittee is reviving a decade-old debate over the need to expeditiously replace the older security locks on safes for storing classified documents with new, more sophisticated electromechanical locks.
“The secure storage of classified information is a matter of paramount importance to the national security of the United States,” wrote Rep. John F. Tierney (D-MA) earlier this month. Yet, he complained, government contractors that have possession of classified materials have been slow to upgrade their locks and safes to meet the new government standards.
Rep. Tierney’s House National Security Subcommittee is therefore “conducting an investigation” focusing on industry’s ability and intention to carry out the mandatory upgrade to improved locks and containers prior to a 2012 deadline. Almost 20,000 “substandard security containers” are supposed to be replaced in the next three years, according to the Defense Security Service.
“Based on Industry’s slow rate of transition over the past decade, and the substantial number of substandard security containers still in use, it appears that Industry may not have adequate plans in place to complete the transition by October 1, 2012.” Rep. Tierney described his concerns in an October 7 letter (pdf) to William J. Bosanko, director of the Information Security Oversight Office. The letter was released at a recent meeting of the NISP Policy Advisory Committee.
Although Rep. Tierney did not mention it, the origins of the requirement to upgrade security locks for storage of classified documents are tainted by parochial financial concerns, and the move is questionable on security policy grounds.
Beginning in the 1990s, the lock conversion requirement was zealously advocated by Senator Jim Bunning (R-KY) whose constituents, not coincidentally, included the manufacturer of the proposed replacement lock. The manufacturer also enlisted the lobbying support of Douglas Feith, who went on to become the Bush Administration’s controversial Under Secretary of Defense for Policy. See “Sen. Bunning Pushes Electronic Locks to the Dismay of Industry, DoD” by Hampton Stephens, Defense Information and Electronics Report, August 10, 2001.
But there has never been any known compromise of classified information in government or industry that was attributable to a faulty security container or lock. For that reason, the cost-benefit ratio of a systematic retrofit does not seem very compelling, particularly when compared to other potential uses for the limited supply of security dollars.
On the other hand, the fact that self-serving financial interests drove the political debate does not mean the security issue is entirely groundless, an independent security consultant told Secrecy News. Existing mechanical locks “can be penetrated surreptitiously within 20 minutes,” he said, and the older barlock containers that are still in use “can be penetrated surreptitiously within seconds.”