OPSEC for Dummies
By Greg Delawie, Ambassador (ret)
A couple of years ago I visited the National Cryptologic Museum, located just outside the gates of the National Security Agency (NSA) in Fort Meade, Maryland. Alongside terrific displays about Women in Cryptography and the WWII Navajo Code Talkers (both reportedly removed by the Administration in a fit of misogyny and racism) there was a display of several different “secure” telephones (pictured above) developed by NSA for government use over the decades. I realized in an instant that I had used every one of the old models in the display at various points during my 35-year career as a State Department Foreign Service Officer.
I think of this now due to the March 24 report that the Secretary of Defense and other senior Trump Administration officials had used regular unclassified cell phones with the Signal app to engage in a text discussion of sensitive defense information regarding a missile attack on Yemen’s Houthis. I’ll say up front that had I been caught doing anything like this at State I would have been fired, and possibly prosecuted, faster than a congressman running from a town hall meeting. “SignalGate” is orders of magnitude worse than former SecState Hilary Clinton’s unclassified email server because SignalGate clearly involved highly classified information about both intelligence matters and a planned military operation; adversary interception of this information could have put American service members at risk, a threat made clear on March 26 when the texts were published by The Atlantic’s Jeffrey Goldberg, whom Trump officials had included in the chat.
But apart from the Trump Administration’s historic incompetence in including a reporter in a text chat about sensitive national defense issues, why was using a regular, unclassified cell phone wrong? And what is a “secure” phone anyway?
Careless Talk Got There First
Unclassified electronics, especially things that have radios like cell phones do, are dangerous to use for secret stuff because they are not hard for adversaries to penetrate, or monitor, and find out what you are saying. During the Cold War, both the U.S. and the Soviet Union spent small fortunes conducting signals intelligence (SIGINT) of various kinds to eavesdrop on sensitive communications. The Allied Museum in Berlin has an illuminating exhibit about an American penetration of a Soviet government phone hub using a tunnel under the Berlin Wall. Many speculated in the 1970s that the Soviets placed their U.S. embassy on Mount Alto – the second-highest hill in Washington – so it would have line-of-site radio access that would allow it to eavesdrop on many key U.S. Government buildings.
Countries invested in this eavesdropping technology because it worked and produced real intelligence. And these efforts did not end with the Cold War, they just became more sophisticated and advanced. Today it is not just Russia that is using SIGINT to try to learn what the U.S. Government is up to, but China, North Korea, and probably many other countries as well. Those of us who were tasked with defending the United States “against all enemies, foreign and domestic,” needed to be very careful that we did not inadvertently reveal sensitive information by communicating it to colleagues via insecure means. In fact, we were required to attend annual briefings on the protection of classified information.
But sometimes you had to talk about sensitive issues to colleagues in other buildings, other cities, or other countries rather than just whisper to them in your office. To enable this to happen without revealing sensitive information to adversaries, the NSA was tasked with developing special phones like those in the picture above that would scramble conversations so that even if someone were eavesdropping on the line, they would hear nothing but electronic gibberish. These phones used sophisticated mathematics to encrypt conversations so they were unintelligible to anyone without a similar phone on the other end. Various Executive Orders over the years required the use of NSA’s phones for anyone in the entire U.S. Government who needed to carry out classified conversations with others.
Loose Lips Sink Ships
Operations security, or “OPSEC,” is a set of measures that our government has implemented for decades to make it harder for adversaries to learn information that we want to keep hidden. Among those issues are sensitive diplomatic information, intelligence, and military operations. There are various levels of classification, such as “Confidential” or “Top Secret” that relate to the harm that might befall the U.S. if the information leaked out.
Many former USG officials, such as FBI agent Robert Hansen or US Army specialist Chelsea Manning, have been prosecuted and imprisoned for intentionally selling or leaking classified information. While SignalGate may not have been an intentional leak, it was certainly done with reckless disregard for the requirements of the U.S. Government, and may have even violated the law, since Goldberg notes the text chat included the name of a serving intelligence officer. But even more importantly, disclosure, even inadvertent, of sensitive defense information about an ongoing operation puts the lives of U.S. service members conducting the operation at risk.
The level of incompetence displayed by the Trump Administration’s SignalGate is phenomenal. Senior officials such as those who participated in the text chat have access to modern NSA secure phones at any time and could certainly have used them instead of unclassified cell phones. It is horrifying that these senior officials, many confirmed with the advice and consent of the Senate, have so little regard for protecting American service members, intelligence officers, and U.S. national security. While no Americans may have come to harm this time, our adversaries have nevertheless gained valuable knowledge about how operations like this are planned and carried out. The officials involved in this fiasco do not deserve the trust of the American people and should resign.
