Like the one I worked at in the House Intelligence Committee, many government facilities, including SCIFs and Special Access Program Facilities, have “No Electronic Device” policies and signs to protect the nation’s secrets.
The policy exists because electronic devices such as smartphones, smartwatches, laptops, tablets, headsets, and other devices can be used to exfiltrate voice, photos, video, and data to unsecured areas, including possible adversaries.
However, there is no technical monitoring for the presence of unauthorized electronic devices in more than 90% of the federal facilities where electronic devices are not allowed, and the policy requiring such monitoring is not funded and, therefore, ineffective. This means that only a small fraction of American government SCIFs and SAPFs currently have Wireless Intrusion Detection systems deployed. In those rare areas where monitoring for electronic devices is in place, and even when the employees know that monitoring is happening, thousands of electronic devices are interdicted every year using WIDS systems.
As the case of Jack Teixeira demonstrated, all it takes is one unauthorized device to sneak through. Teixeira was a 21-year-old Air National Guardsman who leaked top-secret documents by exploiting vulnerabilities in secure environments. This whole episode raised a critical question: how protected are our nation’s most classified facilities?
To properly enforce the no electronic device policy, the utilization of a Wireless Intrusion Detection System is essential. Absent WIDS monitoring, the government is rolling the dice every time an individual strolls through the thick, soundproof doors of a SCIF or SAPF. It also means the government is significantly underestimating the number of unauthorized devices in SCIFs and SAPFs, creating a dangerous vulnerability to the exfiltration of classified information.
The reality is that SCIFs are only as strong as the technology used to enforce their security. Right now, only 10% of government SCIFs have the technology to detect and prevent unauthorized devices —devices that can be used, knowingly or unwittingly, to leak sensitive information and jeopardize national security.
Teixeira didn’t need sophisticated hacking tools. He simply took advantage of gaps in security protocols and the camera on his phone, highlighting how easy it is for an insider threat to bypass lax protections. Unauthorized wireless devices, whether smuggled in intentionally, simply forgotten in a pocket, or brought in thinking no harm, no foul, pose an invisible but ever-present risk. From espionage to data leaks, a single compromised device can be the weak link that reveals even more of America’s secrets.
Yet, despite high-profile breaches, many government and military facilities continue to operate under the false assumption that the honor system alone can prevent these threats. Every security professional will tell you that policy is inadequate and doomed to fail yet again.
The Chinese government, under the direction of Communist Party leadership, has instituted perhaps the most aggressive, comprehensive espionage campaign against the West in history. The Huawei bribery scandal in the European Union and the aggressive collection of classified information via sophisticated Salt Typhoon cyberattacks are just two of the latest public examples from Beijing.
Meanwhile, the Russian government has likely deployed a dangerous novel weapon that has left American diplomats and intelligence professionals with sometimes debilitating Havana syndrome. This publicly demonstrates Russia’s interest in targeting Americans and America’s classified facilities.
The Iranians and North Koreans have also been known recently to deploy aggressive intelligence collection efforts against America’s interests. All four of these nations have the capability, determination, personnel, and leadership direction to target America’s most sensitive facilities, which almost certainly would include SCIFs and SAPFs.
WALTZ MEANT TO ADD TRUMP SPOKESMAN TO SIGNAL CHAT
If the United States is serious about protecting its most sensitive intelligence, we need more than just SCIFs — we need real-time detection with modern, American technology and strict enforcement of wireless device security measures. Otherwise, it’s not a question of whether another breach jeopardizing national security will happen but when.
Andy Keiser is a Senior Principal at Navigators Global and a Senior Fellow at the National Security Institute. He is a past Senior Advisor to the House Intelligence Committee.
