Cybersecurity

Use (or Misuse) of IT Systems – What Clearance Applicants and Holders Should Know

The Cold War days of spies using microfilms, dead drops, and disappearing ink are long gone. Now they use cell phones, laptop computers, and remotely injected malware to steal information. As evidenced by stories about hackers and IT security breaches in the news every day, IT technology is a major concern when it comes to security clearances and access to classified information. A Senate Intelligence Committee member was quoted as saying, “A single spy today can remove more information on a disk than spies of yesteryear could remove with a truck.” That is why when it comes to getting or maintaining eligibility for a clearance, any evidence whatsoever regarding the misuse of IT systems is taken extremely seriously.

 Adjudicative guidelines look at the seriousness of the conduct, whether or not it was maliciously intentional, whether it was due to negligence, cost/impact of the conduct, level of training or knowledge of the user, attitude and previous history of security violations, and whether or not responsibility and corrective actions were taken. Some examples of use or misuse of IT systems that could get you in trouble are:

  • Illegal or unauthorized modification, alteration or destruction of software or programs; introducing malware or creating unauthorized entry points (back doors); denial of service;
  • Using IT systems for personal gain, fraud, or theft;
  • Sending or soliciting sexually oriented messages or images; sending intimidating, harassing, or offensive communications to others;
  • Security violations through negligence or lax attitude; failure to follow procedures or protocols

I think in today’s day and age everyone who has even a basic knowledge of how to use and work with IT systems knows what is right and wrong, and just because it is easier to reach out through the “internet of things’, it doesn’t mean you have a license to access or steal information, or choose what security policies and protocols you follow when it comes to IT. It also means you would not communicate with anyone any differently than if you were talking to them face to face.