For several minutes in the winter of 1983, highly classified U.S. government data involving nuclear missile launch commands and wartime bomber routes reportedly traveled cross-country over unsecure, commercial telephone links in a security breach that could have left critical secrets vulnerable to enemy surveillance, according to military documents and Pentagon sources.
A California defense contractor, trying to take a shortcut on an Air Force project, allegedly sent information on a nuclear "command and control" project from a computer in San Diego to another computer in Fairfax County -- a violation of military security regulations, according to sources familiar with the case.
Five military and civilian agencies investigated the incident. Now, four years later, with the case files still open, those agencies say the information is so sensitive that they won't discuss the details or comment on their probes. The investigators still have been unable to determine whether any of the information was plucked off the unsecure links by foreign intelligence forces, according to a Defense Department report on the incident.
Pentagon officials say the allegations in this case illustrate the military's increasing vulnerability to high-technology security breaches in an era of explosive growth in military use of computers and sophisticated communications.
"It's a hot area," said Donald C. Latham, assistant secretary of defense for command, communications, control and intelligence. According to Latham, high-tech security is "recognized as being a very serious problem" that could take years to resolve.
A recent Air Force investigation found that the number of security lapses involving top-secret and other classified communications more than doubled in the eight years between 1977 and 1984 at nine installations surveyed. The number of cases grew from 220 in 1977 to 530 in 1984, the last year for which such information was available.
The Air Force Audit Agency, which conducted the study, attributed most of the problems to sloppy control over classified computer and written information, inadequate training of security personnel and failure to follow regulations.
A National Security Agency evaluation of those cases found the seriousness of the security breaches had increased at an even faster pace. Before 1983, about one-third of the breaches were considered serious enough to result in possible compromises of the information.
In 1983 and 1984, more than half of the security incidents were labeled potential compromises in which the information could have fallen into hostile hands, according to the NSA. Air Force investigators said they could find no evidence that any of the breaches had actually resulted in foreign agents obtaining sensitive information.
While the espionage activities of the Walker family spy ring and the Marine guard scandal at the U.S. Embassy in Moscow have forced a reexamination of the people who are given access to sensitive military information, the concern over communications and computer security risks has prompted the Pentagon to impose dozens of new rules and spend billions of dollars to try to improve security measures.
A comprehensive 1985 investigation of Pentagon security measures headed by retired general Richard G. Stilwell found that the Defense Department "falls short" in many of its attempts to protect sensitive information. The commission said the problem was most serious in areas involving high technology.
"There are insufficient technical means available to securely process, transmit and store classified information in electronic form," the report said.
Eighteen months after the report was issued, the Pentagon officials say they have adopted many of the recommendations, but are still grappling with many of the reported shortcomings in all areas of high technology.
One of the most serious concerns has been increased use of telephone microwave links and computers to transmit sensitive information in places where inadvertent security breaches can be as dangerous as intentional compromises. The Pentagon's Latham said the military has attempted to establish special protective zones in the airwaves above Washington, New York and San Francisco where there are "known Soviet intercept operations."
"The technical state of the art in this area permits scanning of vast quantities of information collected from microwave intercepts for key words or data elements," according to a case study by the Defense Investigative Service (DIS) in which computer data was transmitted from the West Coast to the East Coast by telephone.
Pentagon security experts say it is not only difficult to determine when such breaches occur, but it is even harder to discern whether the information has been picked up by foreign agents.
In the 1983 case, the DIS alleged that California defense contractor James R. Conrad had transmitted sensitive information involving a nuclear control program and mishandled information on unsecure computers at his San Diego office, according to Pentagon sources and documents.
A DIS report on the investigation alleged that an Air Force official downgraded a computer program containing the information from "Top Secret" to "Secret" to allow Conrad access to the material under his security clearance levels. The report found that the information was compromised by sending it three times by wire transmission to a computer service in Vienna, Va.
A DIS investigator recommended that Air Force officials should be warned that some of the information is "believed to show the locations of relay nodes and jamming levels."
The DIS investigator reported that the men apparently were not involved in any deliberate espionage activities, but rather were motivated by personal ambition and an effort to expedite efforts to clear up problems they had found in the computer program.
Based partially on the DIS report, Conrad's security clearance was revoked. Conrad denied wrongdoing in the incident and the Air Force officials have refused to discuss the case or the contents of the DIS report.
Conrad, a computer specialist who has worked on defense contracts for several California-based companies, appealed the decision. In 1985 his clearance was restored after a second hearing officer found, "It was indeed a confusing situation and sloppy operation but not a deliberate attempt to put classified information in harm's way."
Defense Department officials said they are attempting to tighten restrictions on contractors who deal with sensitive information. Among several new restrictions, the Pentagon now requires contractors to install special secure telephone and communications equipment before they can be awarded contracts involving classified information or any job with the potential to include classified data, Latham said. The costs of those new security measures would be absorbed by the taxpayer as a part of the contract.
Pentagon security experts also say the proliferation of computer equipment has brought with it an increasing number of people with potential access to sensitive information.
"We're taking technology out from behind doors," said one Air Force technology security expert. "It used to be a small group of people with access. Now we're proliferating that across the board."
Air Force auditors said many of the security risks they identified involved sensitive computer information now used by maintenance personnel on the flightline, information that used to be confined to a communications center.
Other security experts say the small, portable size of modern computer equipment is also a security hazard.
"Our biggest problem is diskettes," said Capt. P.F. McKnight, commanding officer of the naval intelligence processing system housed in a sprawling sand-colored building in Suitland, Md. "You can put them in your pocket and take them home."
The problem is compounded by improvements in computer systems making modern technology more "user-friendly," McKnight said.
"There is more potential for security problems now than 20 years ago," he said. "Generally, the more user-friendly, the less secure it is."
Another Air Force security official added, "We always think about security as a last resort, not as a first thought. It's been very cumbersome to change that."