WASHINGTON — Under siege for letting their platforms be co-opted by Russian hackers during the 2016 election, Silicon Valley companies are learning what many businesses with interests in Washington have long known: It pays to have staff with government security clearances.
Major players in technology are bolstering their workforces with former government employees holding top-secret and higher clearances needed to share classified information, as congressional probes and a federal investigation led by special counsel Robert Mueller continue to unearth information about Russia’s meddling in last year’s election.
“We are starting to see platforms in the social-media arena being used by bad actors — in ways for which for they were never intended,” Ned Miller, chief technology strategist for the public sector for Intel Corp.’s McAfee, said in an interview. “So the folks that build those newer platforms are now demonstrating interest in acquiring talent that has a lot more cybersecurity resources and background.”
In doing so, companies such as Facebook are competing with defense contractors, financial firms and the U.S. government itself. Security clearances are a rare and valued commodity, whether at a bank trying to prevent hackers from stealing credit-card data and emptying accounts or at a manufacturer building parts for a stealth fighter or missile-defense radar system.
Bringing former government cyberwarriors on board at companies can facilitate interactions with U.S. agencies like the NSA or CIA, as well as help the firms understand how to build stronger systems on their own.
One shared lesson from the 2016 election attacks and high-profile breaches at companies, such as Sony and Equifax, analysts say, is that companies need to be more proactive in boosting their security.
“You have to hunt threats, otherwise threats will hunt you,” said Eric O’Neill, a national security strategist at cyber firm Carbon Black. O’Neill is also a former FBI agent and national security lawyer who worked on security clearances.
But finding skilled employees who come with clearances isn’t easy.
“Loyalty to the United States, strength of character, trustworthiness, honesty, reliability,” are among the attributes sought in the process, according to the U.S. State Department website.
Events in recent years have underscored that there’s good reason for such precaution on the government’s part — and that the process doesn’t stop all bad actors from getting through.
The National Security Agency, which targets foreign communications, has been the subject of at least three major breaches in recent years, including the classified disclosures by contractor Edward Snowden in 2013. An NSA contractor arrested last year was accused of stealing more than 50,000 gigabytes, or 500 million pages, of classified data and storing it at home and in his vehicle.
In September 2013, a gunman with a security clearance and valid identification card entered Washington’s Navy Yard facility and killed or wounded 20 people before being shot by police. Afterward, investigators found he had received a 10-year security clearance despite being arrested years earlier for a firearm violation.
According to the National Counterintelligence and Security Center, each investigation conducted by the National Background Investigations Bureau costs about $6,000. And it’s seldom a speedy process: It took an average of 311 days for someone to obtain a top-secret clearance, according to the most recently available data.
Top-secret clearance may not even be sufficient for many jobs. Specialized clearances, often required for the most highly sensitive information, can take even longer.
Yet, having greater access to government information could help companies such as Facebook and Twitter go after suspicious accounts more proactively by comparing notes with the government’s intelligence agencies and getting a better idea of what to look for, something the companies have struggled with.
“My sense is they’re working with the government to figure out what happened, and they want their own people at the table,” O’Neill, the former FBI operative, said.
Tech companies’ progress in stopping hackers will be front and center on Capitol Hill on Nov. 1, when top lawyers for Facebook, Twitter and Google will face congressional committees investigating Russia’s election interference. Separately, senators from both parties have proposed a bill calling for strict record-keeping and disclosure of who is paying for online political ads.