28 Jun, 2013
Revelation of NSA Surveillance Proves Poor Security at Security Companies
WASHINGTON–(BUSINESS WIRE)–June 24, 2013 – The biggest intelligence leak in the history of the National Security Agency occurred this month with revelations regarding the agency’s expansive surveillance efforts, including the publication of a secret court order giving the government access to telephone records of millions of Americans and documentation of a previously undisclosed “PRISM” program through which the NSA gathered user data from Google, Facebook, and other popular Internet destinations.
Those initial leaks were provided to The Guardian by Edward Snowden, the former employee of defense contractor Booz Allen Hamilton. While Snowden continues to communicate with the media, and with his leaks stirring continued controversy in Washington, government contractors will become an important part of the debate.
Francis Hoang, partner at Fluet Huber + Hoang PLLC, has extensive experience representing clients in the defense, intelligence, and homeland securities industries. A former Associate Counsel to the President of the United States, he holds an active TS-SCI security clearance. Below, he answers the most pressing questions facing government contractors in the wake of the NSA-related leaks:
In response to these leaks, do you expect the government to investigate not just Snowden, but Booz Allen Hamilton itself?
Investigators will certainly be looking at Booz Allen—and particularly whether its compliance and security programs were lax. And you can expect the response to be much wider than that. Before working at Booz Allen, Snowden worked at Dell, which just points to the fact that the leaks and the government’s response to them are something for the entire defense and government contracting community to be concerned about.
What should contractors be focused on as they prepare for enhanced government scrutiny?
Contractors should be reviewing their compliance programs on all fronts. That would include a close look at obvious concerns such as the physical and electronic security of sensitive material and of course employee hiring procedures. It should also extend to their compliance with export regulations, the degree of access contractors grant to visitors, and other security issues not immediately implicated by the NSA leaks. They should also examine the security requirements of their current contracts.
How can a contractor audit its own performance on those different fronts?
At minimum, they should be ensuring that their existing policies address operational risks, that their training programs educate employees on security issues, and that they provide an adequate framework for employees to report and resolve those issues. In many cases, contractors can benefit from an outside audit of their security practices and procedures, or from consulting with a lawyer or other specialist in corporate compliance.
Do you expect a wave of new restrictions on contractors to go into effect as a result of these leaks?
I don’t believe so. Existing regulations provide plenty of enforcement tools for the government to encourage contractor compliance and penalize wrongdoing. These range from contract termination to informal sanctions to formal suspension and debarment. I would expect, however, that agencies would use those existing tools more aggressively following the NSA leak.
Will recent events increase the price of contractor services, due to their increased risk of liability?
Probably, but not in the way you might think. The number of contractors that pay a penalty or other direct cost will be relatively small. In contrast, many contractors will see their costs increased indirectly, through increased insurance premiums, increased legal and other compliance costs, and more customer scrutiny, which will require time and energy in response. There also will be heightened scrutiny of areas not related to the recent leak. There may be an increase in Defense Contract Audit Agency audits, for example, or Defense Contract Management Agency investigations of issues that previously might have gone overlooked. These will all drive up overhead costs and G&A expenses.
For more information, visit http://www.fluetlaw.com.
Liked this article? Share it!