Why Republicans Storming a SCIF Puts National Security at Risk

Credit to Author: Brian Barrett| Date: Wed, 23 Oct 2019 20:47:51 +0000

House Republicans barged into a secure facility uninvited Wednesday, creating a host of problems in the process.

It should go without saying: Don’t round up a bunch of your buddies and jostle your way into a highly secured government facility uninvited. But that's exactly what a group of Republican congressmen proudly did Wednesday morning.

“BREAKING,” representative Matt Gaetz (R–Florida) tweeted at 11:32 am, “I led over 30 of my colleagues into the SCIF where Adam Schiff is holding secret impeachment depositions.” Schiff is the head of the House Intelligence Committee, who has led the recent inquiry into President Trump’s Ukraine imbroglio. (Deputy assistant secretary of defense Laura Cooper was scheduled to give a deposition this morning.) But while Gaetz and his cohorts may have fancied themselves Parisians storming the Bastille of cloak-and-dagger bureaucracy, all they’ve really accomplished is the violation of some extremely basic tenets of national security.

Meet the gaggle of Republicans who violated security protocols Wednesday.

Let’s start with the SCIF (pronounced skiff), since it’s an unfamiliar acronym for many. It stands for Sensitive Compartmented Information Facility. These are rooms that are outfitted to be effectively spyproof by conforming to a stringent list of security standards. There’s a SCIF at Mar-a-Lago, for instance, kitted out to accommodate briefings for Trump during his frequent southerly sojourns. Barack Obama traveled with a SCIF tent during his presidency that could be set up on short notice inside, say, a hotel room.

The requirements of a SCIF will also vary depending on its specific use case; whether sensitive materials will be stored there or simply discussed, for instance, makes a difference. But some standards apply universally, as you can see in these hefty guidelines produced by the Office of the Director of National Intelligence. They need radio frequency shielding, to prevent those signals going in or out. Their walls should be stuffed with sound-attenuation material and topped off with acoustic sealant. And any electronics inside a SCIF need to conform to the NSA’s TEMPEST specification, which details how to keep them safe from surveillance. This is just a sampling! But you get it by now. It’s a lot.

The reason to lock down a SCIF is intuitive. They’re the rooms where the most sensitive conversations related to US national security take place—or, at least, they’re supposed to be. That includes the current impeachment inquiry, which relates directly to high-level interactions between the US and foreign countries, at least some of which is presumably classified, and all of which a hacking-happy country like, say, Russia would love an inside read on.

So when Gaetz and House minority whip Steve Scalise and their merry band of lawmakers literally barge into a SCIF—they finally left after a five-hour standoff—they’re not just causing a fuss. They’re making a mockery of national security and to a lesser extent putting it at risk. Especially the congressmen who, as numerous outlets have reported, brought their smartphones into the room.

“A SCIF is designed and regulated to be a secure space—and that means keeping out electronic devices that malicious actors can exploit to conduct surveillance,” says Joshua Geltzer, a former senior director for counterterrorism at the National Security Council. “Bringing those into such a space can cause real national security vulnerabilities. Doing so for a political stunt potentially sacrifices security for partisan points.”

You don’t need a vibrant imagination to see how. The SCIF guidelines from ODNI list three categories of “high-risk” devices: multifunction cellular telephones, electronic devices with RF transmitting (e.g., Bluetooth), and photographic, video, and audio recording devices. Smartphones are all three. They can have malware, and malware can take over microphones and cameras. Making matters worse, the very people storming the SCIF are the among the most at risk of compromise from a sophisticated adversary. Who wouldn’t want to hack a congressperson?

“They’re definitely appealing targets,” says Mieke Eoyang, who worked as a staffer on the House Intelligence Committee and currently heads up the national security program at Third Way, a nonprofit think tank. “Foreign adversaries have been trying to collect on some of these people from the moment they announced. These are high-value intelligence targets, and well-known.”

It’s hard to overstate the extent to which the GOP members involved in the ruckus either didn’t know or didn't care about the kinds of risks they were inviting. Several of them not only brought their phones into the SCIF, they proudly tweeted that they had done so. Representative Alex Mooney (R-West Virginia) appears to have tried to livestream the affair, but settled for an audio dispatch.

https://twitter.com/RepMattGaetz/status/1187028992295161858

https://twitter.com/RepMarkWalker/status/1187033883411398656

Several of the representatives later appended “sent by staff” or some variation to their missives, in an attempt to indicate that they themselves had not tweeted from inside the SCIF. Apparently not everyone felt the same retroactive rationality; according to a House Intelligence Committee official, some GOP members refused to give up their devices even at the request of the Sergeant at Arms and security personnel.

“They engage in this circus-like behavior because they can’t defend the president’s egregious misconduct,” the official added, noting that the House Parliamentarian found the SCIF-stormers in violation of House deposition rules. It’s unclear what kind of repercussions, if any, await.

The attempt to disrupt the impeachment inquiry—reportedly endorsed by Trump himself—seems almost farcical. But it’s also at the very least dismissive of foundational principles of national security, and at worst creates a legitimate threat. The only saving grace may be that any compromised devices wouldn’t have overheard much of substance in that room so far today. The Republican invaders delayed proceedings for hours.

Then again, who knows what kind of damage has already been caused? “The reason people talk about why it’s such a violation on the principles is because we cannot have a conversation about what the technical compromise might be,” says Eoyang, “without further compromising those issues.”

https://www.wired.com/category/security/feed/