Assistant Secretary of State for Diplomatic Security and
Senior Adviser to the Secretary of State on Security Issues
House International Relations Committee
May 11, 2000
Mr. Chairman and Members of the Committee, I am appearing before you today to answer your questions about the recent laptop incident. I am also prepared to discuss other domestic security issues affecting the Department of State.
I accepted the position of Assistant Secretary at the State Department with the full realization that the job would be challenging. But, I could never have envisioned the enormity of that challenge. I doubt that there are many outside the agency who appreciate the magnitude of the task thrust upon DS, the complexity of the issues faced in managing a global security program responsible for the protection of so many lives, and the challenges in facing off against sophisticated espionage services as well as transnational organizations focused on the destruction of American interests around the world.
On a positive note, I was extraordinarily gratified by the capabilities and professionalism of the people working in the Bureau of Diplomatic Security. They are clearly first rate. But I was shocked to learn just how much the State Department's budget had been cut and, to my regret, how hard those budget and personnel cuts had hit DS. I found that DS had people in all areas of its responsibilities who, in my experience, were second to none in other similar agencies but it became painfully obvious that DS, although talented and dedicated, had far too few people to meet the challenges it was about to encounter. Following the fall of the Soviet Union, DS was authorized to hire only a handful of agents, engineers, and civil service security personnel. Twenty percent of DS positions worldwide were reduced. The worldwide guard program was decreased by five percent. Rules and regulations concerning security were loosened to the point that holding employees accountable for serious security issues became more difficult. It is my assessment that the budget and personnel cuts had significantly eroded the Bureau’s ability to fulfill even its most basic services. They had reached the point that when there were major conferences in the US, requiring significant manpower to staff protective details, numerous operational offices had to be shut down to support the effort. In some respects, this type of scenario still continues to this day.
Let me give you a few examples of how DS’ programs were "streamlined" during that period. Among the activities affected was our Office of Counterintelligence. The number of positions was reduced from 41 to 26, and funding for the program was cut from $225,000 to $65,000. Staffing for programs in the Department that handle procedural and information security issues was reduced by more than fifty percent.
Our technical countermeasures programs suffered a similar fate as limited funding forced the Bureau to fund only priority life safety programs rather than invest in upgrading its antiquated countermeasures program. The Department’s reaction to imposed fiscal constraints and a popular opinion that the cold war had ended and now the world was a better place had devastating consequences for DS programs.
In 1997, the Bureau's hiring picked up considerably, and while it appeared they were making strides in restaffing to the point of making it ready to meet its existing challenges, the bombings in East Africa occurred.
Let me say that those bombings have dramatically changed the magnitude and intensity of our overseas security programs and the support of this Committee in regard to our specific needs has been much appreciated.
As you are aware, nearly all of the new positions acquired since the bombings have been directed at overseas staffing or in support of our overseas operations, chiefly with antiterrorism in mind. The Department is currently reviewing staffing levels in other areas that may have been neglected including counterintelligence, dignitary protection, and domestic facility security which continue to be significantly understaffed and underfunded.
THE DS MISSION
Let me describe for you the universe of our efforts. We are in the protection business. We protect people, facilities, and classified information. And we do this at our posts throughout the world.
Let me give you some idea of the magnitude of our global life safety responsibilities. We protect approximately 10,000 State Department employees in the United States. Overseas, we are accountable for the protection of an estimated 75,000 US citizen employees and their families. Add to that number more than 37,000 foreign service employees working for our embassies and consulates. Each year we also protect approximately 130 distinguished high profile foreign visitors to the United States such as Yasser Arafat, the Dali Lama, and ministerial level dignitaries. And that is an encapsulated view of just our mission to protect people.
Mr. Chairman, in my view, the breadth of this global mandate is unique in the federal government.
Our missions for protecting facilities and information are equally demanding. DS has designed programs to counter a global array of security challenges presented by elements ranging from common criminals to terrorists and spies. Our programs include safeguarding classified and national security information, personnel investigations, computer security and information security awareness programs, and the conduct and coordination of counterespionage and counterintelligence investigations.
In the past year much has been made of security incidents at Main State. Providing security for this building is a problem, not impossible, but still ver challenging.
The Department of State building is the second largest government building in the Nation’s Capital. It is occupied by 8,500 employees and receives over 200,000 official visitors and tourists each year. The main State building covers two square blocks and has eight stories and a basement. There are 2.6 million square feet of space with 1.8 million square feet of occupied space. It has 5 pedestrian entrances, 3 basement entrances to a 900 plus vehicle garage, 2 loading docks, 43 elevators, 5400 windows, 9 acres of roof, and 13 emergency generators. The building has virtually no setback from the street thus affording little opportunity to screen either visitors or vehicles at appropriate distances.
The building serves as the hub for American diplomacy. It hosts numerous international conferences and major events involving world leaders each year. The building is the platform for the nation’s daily press briefing on events around the world. It houses the nation’s State Dining Rooms and an unrivalled collection of colonial and early Federal decorative "priceless" art objects insured for $100 million.
The Department has in place procedures and safeguards to protect our facilities during construction and renovation. As this Committee is aware, Main State is currently undergoing a major ten year renovation project. Security measures such as the development of construction security plans, construction surveillance, vetting of workers, screening of materials and other precautions are integrated into this project. Other construction projects performed within the building are routinely scrutinized by DS officers to determine the level of sensitivity and to ensure that proper security countermeasures are utilized.
In other words, the State Department building is a very large and busy institution. Protecting it is an immense challenge.
Three incidents in the Main State building have brought home to all of us the need to strengthen domestic information security. In February 1998 an unknown male in a tweed coat carried away classified documents from the Secretary’s suite of offices. That case, which was investigated by the FBI, is in an inactive status at this time.
The second incident came to light on December 8, 1999, when Russian Intelligence Officer Stanislav Gusev was arrested on the street outside the State Department as he listened in on a meeting in the Department’s Oceans and International Environmental Scientific Affairs’ conference room via a bug planted in the chair railing. Gusev, who had diplomatic immunity preventing his prosecution in the US, was asked to leave the country. The investigation by the FBI continues into, among other things, how the bug was planted. Spinning off the bugging case was an inquiry into how a computer software contract was managed and whether the system on which the software was placed had been compromised. That inquiry is still underway.
The third incident is, of course, the laptop incident which is currently under investigation by the FBI and DS. Ambassador Roy has already described for you how the laptop was used, the circumstances surrounding its disappearance, INR’s referral of the matter to DS, and the Secretary’s five point response to the incident.
Mr. Chairman, we have learned some very valuable lessons from these incidents. The fundamental problem which has brought the Department to the point at which it now finds itself is not an absence of proper policies and procedures, as those are and have been in place. The problem is simple carelessness. That is, non compliance and/or disregard for established regulations. These incidents have prompted us to take measures which complement existing regulations and procedures and are designed to change the lax attitude toward security at the State Department.
I believe that substantial progress has been made over the past two years. We have tightened security in the Secretary’s suite of offices. We have adopted a rigorous, comprehensive escort policy, worked to strengthen computer safeguards, and assigned uniformed officers to floor specific patrols inside the building. At Main State we have an after hours inspection program of department offices. And we continue a program of bringing Marine Security Guards in training into the Department ten times a year to conduct security sweeps. We have closed D street outside the building to traffic and installed cement barriers around the entire building, thus lessening our physical vulnerability. Now, we have provided security awareness briefings to over four thousand department personnel. But, these are only the first steps. Much more needs to be done.
In March I convened an interagency review panel comprised of senior security representatives from the FBI, the Department of Defense, the US Secret Service, the CIA, and the Diplomatic Security Service. The panel was asked to review the countermeasures currently in place to protect against unauthorized access to the Main State Department Building and classified information. I also requested that they make recommendations to improve security at the Main State Building. On Monday of this week, I received the panel’s report. I plan to present the report to the Secretary when she returns to Washington and intend to use it to correct systemic vulnerabilities at Main State. Once the Administration has had an opportunity to review the report, I will be delighted to share it with you, Mr. Chairman, and the Committee.
The panel confirmed our assessment of known weaknesses in our programs and recommended both short and long term solutions that it believes will enhance security at Main State. Their findings center on Main State’s access controls, its physical security, information security, security awareness, our uniformed protective officer program, and the creation of a chemical/biological program. I am convinced that the development of a strategic plan to fund and implement these findings will result in significant improvement in our programs.
The Secretary’s leadership in raising security awareness has been invaluable. She has personally emphasized security at every opportunity for the purpose of strengthening the culture of security at State. As you know, on May 3 she held a Department-wide town meeting on security because of the laptop incident. In the course of the meeting, she stressed that each of our employees must be "our neighbor’s keeper" when it comes to security. The position that she has taken with respect to individual responsibility among our diplomats, that regardless how "skilled you may be as a diplomat … if you are not professional about security, you are a failure," has resonated throughout the Department. Further, when she told the Department employees that the press reports were accurate, and she was, indeed, "furious" about our security lapses, any mistaken belief anyone might have had that the Secretary wanted simply to let this blow over and be forgotten was forcefully corrected.
I believe that what we have done and are doing, combined with the stark, ugly reality of what security failures produce, have gone a long way in raising awareness at the Department. I think that we have reached the point where the decided majority of State Department employees has recognized that a threat exists; that poor practices are unacceptable; that security is a high priority with the Secretary, this Administration, and this Congress; and that employees will be held accountable for lapses. I can assure you that the Secretary and I will continue to drive home those points as forcefully as possible.
As I said earlier, I believe that the lax attitude in the Department toward security is no longer tolerable. I fully expect that we will see that the Department’s efforts aimed principally at better education at existing requirements and designation of individual responsibilities have borne fruit and that there will be substantial and voluntary adherence to security rules and procedures. But if I am wrong, we are fully prepared to use enhanced disciplinary procedures to further underscore the seriousness with which we view this issue.
Mr. Chairman and Members of the Committee, this concludes my statement,
and I would be happy to answer any questions you have about the matters
which have brought us here today.