By Lance Williams
SOUTHEASTERN KENTUCKY BUREAU
But the locks that Taco Bell buys are harder to crack than the ones that most defense contractors use, Hamilton contends.
Now his company, Lexington's Mas-Hamilton Group, is embroiled in a debate over how the Department of Defense and the nation's defense contractors should keep vital information safe from prying eyes. He's also getting help from many in Congress -- including Kentucky's senators. The outcome could affect dozens of Kentucky workers.
"Taco Bell has a higher standard than what we're using for some of our classified info," Hamilton said. "That's just absurd."
Federal officials learned a decade ago that locks for many safes and storage lockers being used at the Department of Defense could be cracked easily by high-tech thieves.
That has led to an extensive effort to replace all the older locks with high-tech locks, which are designed by Mas-Hamilton Group with patented technology. The Department of Defense already has paid $60 million to upgrade its own locks.
But the retrofit program didn't apply to defense contractors. Only contractors that replace their locks voluntarily have to follow the new guidelines.
Many security experts and congressional leaders think that the failure to apply the same standards to all contractors leaves too much vital information vulnerable.
Department of Defense officials say changing those locks would be too expensive and that other needs must be met first. Other critics argue that the retrofit is unnecessary and that the money could be better spent on other needs.
In a letter earlier this month, seven senators -- including Kentucky's Mitch McConnell and Jim Bunning -- urged Defense Secretary William Cohen to expand the retrofit program to defense contractors. The nomination of a top Defense official has been put on hold by some in Congress because of the controversy.
Hamilton and the senators said the Pentagon should emulate a retrofit program started by the Department of Energy this year that includes both government and private locks, unlike the Pentagon plan. The Energy Department enacted the new retrofit after disclosures this year about leaks of nuclear information.
"We do not understand how the DOD can be satisfied with a lower level of security for sensitive information in its contractors' possession than for the same information in its own possession," the letter said.
The Defense Department's current locks standard -- the FF-L-2740 -- was developed in 1989 after a study revealed that many locks were vulnerable because of advances in computers. According to the report, a clever thief could open many of the locks in a few minutes by using a laptop to run vast amounts of numerical combinations to crack the code.
Three years later, Mas-Hamilton developed a lock -- the X-07 -- that met the federal guidelines. It is the only company currently selling locks to the Department of Defense, the government and Hamilton said.
Hamilton's locks are silent, so intruders can't listen to the tumblers as they can with conventional combination locks. Users of Hamilton's locks are required to punch a code in a computer keypad in order to gain entry.
The newer locks still aren't impenetrable, but the federal government figures it would take at least 20 hours to crack one.
But that high technology comes with a price.
The senators' letter said that $4.8 million is included in the 1999 budget and that $10 million would be available next year to begin retrofitting private contractors' locks.
Hamilton said the entire private contractor retrofit could cost $60 million, although the Defense Department has said it could go much higher. It hasn't offered a specific figure.
The Defense Department argues that computer security should be a higher priority than new locks. In addition, the department points to infrastructure and physical security of employees as other important needs.
"I think of all the needs facing the Defense Department and the federal government, replacing locks is not very high on the list," said Steven Aftergood, a senior research analyst with the American Federation of Scientists. "I would put my security dollars elsewhere."
He said no one is disputing the quality of the locks but said the cost of the retrofit is too high.
"If the locks were free, this wouldn't be an argument right now," Aftergood said.
The department also had argued that insiders are the bigger threats and it hasn't suffered any noted incidents of theft of information.
Hamilton and others, however, said the Pentagon probably wouldn't know data were being stolen until it was too late.
"Locks are a preventive thing," said John Frields, a former senior Pentagon official who had studied the issue before retiring last year. "Do you stop locking your doors because your house hasn't been burglarized recently?"
Hamilton said the debate is hurting his business because he doesn't know how much work to expect. That uncertainty could eventually affect workers at some Kentucky plants in Breathitt and Whitley counties where the products are assembled.
He said he has only six more weeks' worth of government orders. Hamilton wouldn't say how much money his company stands to lose out on.
Appalachian Regional Manufacturing in Jackson assembles the locks for Mas-Hamilton. ARM co-owner Melissa Watts said 80 percent of the total workload for her company is tied to Mas-Hamilton.
"It's a big concern," said Watts, who has 80 employees. "It would hurt for a while, but I think we could eventually rebound in a few months."