Frank A. McDonough is the former deputy associate administrator of the General Services Administration’s Office of Intergovernmental Solutions.
And he knows nothing about controlling and protecting classified data.
That much is clear from his recent string of absurd assertions in Federal Computer Week that Hillary Clinton somehow knew the State Department’s cybersecurity program was so riddled with vulnerabilities that she chose—as if in a stroke of brilliance—to deploy her own private email servers because that’s what the rest of her cybersecurity-savvy colleagues in the U.S. Senate had always done and that proved to be more secure than a centralized server subject to Department of Homeland Security monitoring.
This kind of bizarre analysis ranks right up there with those who argued that using outdated programming languages, like COBOL, is more secure because our nation’s adversaries don’t have the technical acumen to figure out how they work. Yes, this is an argument that seemingly sophisticated cybersecurity thinkers have, at times, actually supported.
Your humble correspondent does, in fact, know more than a thing or two about handling classified information. Having spent seven years in the intelligence community (including time as an Information Systems Security Officer and an officer responsible for Cryptologic equipment), I know what it is like to live in a constant state of vigilance handling top secret, code-word information. And I can give you a real-life example from my career that illustrates the difference between the professionals who understand the importance of protecting intelligence data (note I didn’t say classified data) and the dorm room advisers serving on Hillary Clinton’s State Department staff.
First, we were always concerned with the threat of providing adversaries the ability to derive classified data from large volumes of unclassified data. People have a tendency to think just because a document is not marked with a classification label that it bears no sensitive information. Nothing could be further from the truth. That is true in the intelligence community and perhaps even more so in the world of the secretary of State, where sophisticated adversaries dedicate massive resources to intercept your communications and understand your plans, policies, intent, and negotiating positions.
But even when dealing with documents that are clearly marked with the appropriate classification, there are things you just don’t do. During the height of the war in Bosnia-Herzegovina, I was sent to Europe to coordinate intelligence operations for what we thought at the time would be an opposed landing by U.S. Marines on the shores of Croatia to save the United Nations Peacekeeping force. I traveled alone, wore civilian clothes, and was unarmed.
My first indicator that something was awry came when I walked into Adm. Leighton Smith‘s office in Naples, Italy, and was greeted by my former regimental commander. Small world, I thought—that is, until he smiled and said to another officer, “looks like we found our courier.” After several clumsy attempts were made by “allied” nations to figure out what our plan was, I was approached with a request that, at the time, seemed highly unusual. A senior U.S. officer asked me if I would be willing to physically carry the entire military operation plan for the invasion (known then as OPLAN 40104) back to the U.S. because they were having trouble with their network connectivity.
“Don’t worry. It’s nothing the Serbs don’t already have,” the officer said to me in front of a female U.S. Navy commander, whose eyes became as big as saucers.
I knew almost immediately what was happening and what it would mean for me personally if I said yes to this request. There was a major undercurrent within senior U.S. military circles that the war in Bosnia wasn’t worth the life of a single American soldier, sailor, airman, or Marine. And they seemed willing to do anything to avoid getting involved in yet another part of the world where people had been killing each other for thousands of years over ethnicity and religion.
At the time, all I could think about was that I would be alone and unarmed, and I was operating in a part of Europe that was likely surrounded by Serb intelligence. That would be one hairy trip back to the states, assuming I got that far. I told that officer—who outranked me by four pay grades—that he would have to find another way to transmit the plan because I could not properly protect the classified information contained in its hundreds of pages. At this point, the Navy commander’s eyes had widened to the size of dinner plates. The officer walked out and I never heard about the request again.
I tell this story because the talking heads and the columnists who know nothing about the classification system or why certain information is classified at the highest levels should stop assuming Americans are stupid. Even the uninitiated can see through absurd explanations that attempt to justify the reckless behavior of senior Clinton staff. And to be clear, the same holds true for every other Cabinet-level official—Democrat or Republican—who put sensitive national security information at risk because of private email use.
I refused to carry a highly classified document without proper protection through cities and commercial airports in Europe because I had been trained to understand the impact that the loss of certain types of information could have on my nation’s security—not to mention that I also felt like I was being set up. Even at my level, I knew the risks and I understood the threats were active around me.
Members of the president’s Cabinet need to exercise better judgment. And when they don’t, the career officials who know how information is supposed to be handled and protected—especially career IT and security personnel—need to step up and do their jobs.