Graph Image
Invictus Insights

More Than a Six-Sided Box: Invictus Provides SCIF Design & Consulting Services

By: Scott King - Chief Security Officer

Secure space for contract staff to work has become ever more a premium in our industry supporting national security customers.  For some of our major contracts, it has become a prerequisite to be able to even bid the contract.  In my role leading security at Invictus, we have successfully built and expanded our own SCIF and have been assisting other companies to sponsor, build and get government accreditation for their own Secure Compartmented Information Facility (or SCIF).  Our latest customer is finishing up their secure facilities in Baton Rouge, LA, where I have been traveling frequently over the past year.  Invictus, and our customers, has been able to leverage my 30 years of experience in the security industry, which seems like yesterday when it all started.

“Once yoore special acc’esses are granted, you’ll be working in a SCIF” he said to me in his thick Bostonian Irish accent. Nope, not Mr. Jim Kelly, but my first real professional boss, also Navy, Captain Mathew Whelan. The mind reeled…I could only think of what it could possibly be like to be working as a Security Officer…. in I guess, the Chesapeake Bay or one of the Maryland Rivers in a Skiff, the flat-bottomed boats I’d see during my time attending LSU in the early 80s.

Luckily, my supervisor Dan Licht, the man that would mentor me for years in the art of SCIF Design, Construction, and walking the line of client compliance versus cost management, explained to me that I’d be going into the worlds of Sensitive Compartmented Information (SCI) and Special Access Programs (SAPs) – the information that was deemed too sensitive to be treated with the basic collateral protection standards. A SCIF or SCI Facility was a uniquely constructed room to deny our adversaries from knowing what technology or capabilities the US was developing. That was where I started, following Dan around and learning from one of the 1st Industry SCIF Masters of the era for about 8 months while the NRO (still hard to accept we can say this since back then they “didn’t” exist) processed my background and finally approved me for my accesses. What I really learned most during that time is that it took IC members and Industry partners to build these areas and constantly evolve to meet the changing threats.

Over thirty years later, I still find it hard to believe I get paid to do a job I love and allows me to contribute to the defense of our national interest. While the regulations have changed over the years from DCIDs (Director of Central Intelligence Directives, the 6/9 and then the 1/21), DIAM (Defense Intelligence Agency) 50-3, and NSAs unique guidance to the ICD 705 today, the goal stayed the same; construct a functional program space with the correct protection layers to let ‘the smart people do smart people stuff’. Once this included taking a 737 aircraft supplied by a client and SCIFing it out so it could deploy and test new systems, another challenge achieved was figuring out how to park Humvees on a parking lot outside the SCIF building to let them process data from our computer facility inside, then there was the 100K square foot warehouse to convert including over 400 secure network terminals, while another time it meant turning an entire Aircraft Hanger into a SCIF. In all these examples, it was the coordination between the Government Security staff and our Industry team that made it happen – deciding on the risks and mitigating them through the appropriate application of countermeasures that were in line with the regulations – well before the ICD 705 that includes the standards for Tactical SCIFs.

Today, one of the major changes to me personally has been the introduction of Information Technology (IT) and the limited understanding of some security professionals to appreciate the need to ensure protections are in place. It was easy early on to build the ‘six sided’ box with secure data systems provided and operated by the clients. Phones were protected by devices designed to disconnect copper wires when not in use or ‘on hook’ to eliminate transmission of anything along the wire. TEMPEST (the phenomena of unintentional compromising emanations from devices) concerns were very real as most electronics of the that time ‘radiated’ signals. However, modern digital systems and communications devices have been designed to limit this issue – why running the vacuum no longer scrambles the TV signal. However, while limited, these signals still exist and require protection. The proliferation of large-scale classified processing systems connecting all those ‘six-sided’ boxes and Voice over Internet Protocol (VOIP) telephones meant new standards had to be developed, implemented, and followed. Understanding where, how, and who controls the IT systems and Phones is critical to building a SCIF today. This includes how SCIFs are ‘wired’ even though today most all of this is over fiber and not copper. Industry Security and the government’s inspectors cannot just ‘complete and then read the answers’ on the checklist but need to ensure that the physical installation matches the documented information. I often get calls from my network of professional friends for some assistance on this issue – and I’m glad to assist knowing I was lucky enough to see and understand the changes occurring during the Dot Com period when the Defense base lost a generation of all types of professionals due to downsizing. Something everyone in this business area is experiencing as many of the senior staff who had the expert knowledge hit retirement age.

I’ll never claim to be THE SCIF expert, but I will always be grateful for having the opportunities to be in some of the right places, at the right times, to become a recognized specialist. Like supporting a SCIF build for a significant national asset just before it went online and then hearing how my father was one of the architects who designed it. Being able to get a SCIF sponsorship shifted from one client to another for a large contractor operation after a few months on the job to maintain their SCIF accreditation since they had struggled for over a year in accomplishing this task. Joining Invictus just as they were about to build out their new office location and received the requirement to have a SCIF. Actively participating in SCIF working groups or directly with decision makers on regulation changes, challenging IC partners on SCIF location and design criteria when considering costs by Industry which ultimately adds to increased payment for services, and travelling to wherever whenever as needed to make sure the construction team understood why we needed things built as designed a certain way. The contributions over the years were many and it’s fantastic to still be able to make them as a part of Invictus with new Government and Industry contacts including many of our subcontractors. So, while I’m ‘Callin Baton Rouge’ frequently right now (again the good fortune of right place, right time) about a SCIF versus the type of boat; there’s little doubt I’ll soon be contributing to the build of another one of these unique six-sided boxes somewhere, as long as there’s a sponsor, but that’s a whole different insight for another time and place.

Invictus is able to provide these services and expertise to other companies  and we are just finishing up with a successful SCIF accreditation in Baton Rouge.  We are available to support new projects, as needed.  Please contact us if you require assistance.