Contractors working for the intelligence community are speeding toward completion of two data centers worth $2 billion total, while a national controversy erupts over what those data centers might be up to. Combined, the centers span 214 acres -- close to one and a half times the size of the Pentagon.
The construction nears completion just as a former Booz Allen Hamilton contractor has admitted to leaking information, obtained while assigned to the National Security Agency, on the surveillance of Americans' phone contacts, as well as private social media conversations of foreigners. The disclosures, which have draw attention to the potential hazards of outsourcing national security work, have raised questions about the oversight of NSA programs and the agency's objectives regarding the data centers.
The stated purpose of both enterprises is to comb through digital tracks for foreign intelligence and warnings about cyber threats. But the government has released few descriptions of the projects. The Maryland facility and the Utah complex, close to Salt Lake City, are extensions of former President George W. Bush's 2008 Comprehensive National Cybersecurity Initiative. It is a largely classified program aimed at aligning government efforts to defend the nation's computer systems against foreign adversaries and criminals.
Assembling Computer Fortresses
Last month, crews broke ground on a $792 million NSA computing center at the agency's headquarters at Fort Meade, Md., near Baltimore. The Army Corps of Engineers is paying a joint venture, formed by construction firms Hensel Phelps Construction and Kiewit Building Group, $565 million to erect the 14-acre computer farm. It is set for completion in 2016. Also underway: a $1.2 billion data collection center in Utah -- the largest ongoing stateside Defense construction project, which should start operating by October. Balfour Beatty Construction, DPR and Big-D teamed in 2010 to land the contract.
About 6,000 workers bridging a wide range of disciplines and labor categories will develop the Fort Meade facility, NSA officials recently announced. The work involves basic building engineering and communications infrastructure, according to publicly-available acquisition papers.
NSA officials say the Maryland center will adhere to a compliance regime that reaches into the executive branch, Justice Department, Office of the Director of National Intelligence, Congress, and the judicial branch’s Foreign Intelligence Surveillance Court.
On Wednesday, NSA spokeswoman Vanee Vines pointed to the agency's previous statement that "one of the biggest misconceptions about NSA is that we are unlawfully listening in on, or reading emails of, U.S. citizens. This is simply not the case. NSA is unwavering in its respect for U.S. laws and Americans' civil liberties."
Personnel screening measures for the Fort Meade project bar contractors that are owned by "a country that sponsors or assists terrorism or is an intelligence threat." Also, the vendors were asked whether they hold active Defense facility security clearances.
NSA, a Defense Department spy agency, is the executive agent leading the intelligence community’s supercomputing hub out West. The build out details for the Utah deal are locked behind a firewall. A public synopsis of the acquisition states the vendors will supply "basic utility infrastructure, electrical service (primary power and temporary construction power), water, sewer, and gas" along with a "vehicle inspection facility, interim visitor control center, perimeter site security measures, fuel storage, water storage, chiller plant, fire suppression systems and 100 percent electrical generator and UPS back up capacity."
Pentagon budget documents indicate that for security reasons, construction personnel are to enter the premises through a "visitor control center" and data center personnel must enter through a separate visitor control center. "Physical and technical security of the construction site will be assured," the documents state.
Some former Pentagon officials say Americans should know NSA's full intent with regard to the data centers.
"When you have this much centralization of capabilities, which in government terms can translate into real power -- that and resources, it's important that the public be able to look at these things and figure out what they are doing," said a recently-departed Defense cyber official who now works as a private contractor. The official is not involved in either project and was not authorized to speak on behalf of the department.
While the aims should be common knowledge, it’s a tougher call whether to out the abilities of the machines, the official said:
"Should the capabilities of this data center be made public? It's hard to say. "As a rule, I think there needs to be a lot more openness."
How much to tell contractors about the programs is an even harder decision. Information shared with crews should be limited to what those individuals need to know to do their jobs, the former official said. That could mean, for example, monitoring traffic on internal systems, or demanding a different standard for background checks.
Such safety practices don’t work, however, when agencies lack skilled employees and NSA needs specialists who can, for example, configure communications equipment to sync with network protocols at Google. "You do the best you can while realizing you have to let these outside people do it,” the former official said.