Interview with Prof. dr. Marius PETRESCU - Director General of ORNISS
for "Gândirea militara româneasca" magazine
. Is Romania able to protect NATO secrets or are there in Brussels persons who are afraid that the Alliance 's secrets might leak to the press, businessmen, politicians and, possibly, to other interested people?
A : The protection of NATO classified information is and will remain a topical interest for Romania , as a preliminary requisite for accession and later on, after our country has become a full-fledged member. Even so, after accession, the emergence of some security breaches might result in the cessation of the classified information flow that, in other words, would be equivalent to the impossibility of an effective participation in the relevant activities of the Alliance . So, first and foremost, we speak about a national strategic interest, beyond that of any other institutional or political entity, be it even ORNISS. Consequently, all the factors that can contribute to ensure the protection of classified information, starting with its proper management by any holder, in strict compliance with the regulations in force, to the security education, as part of the Euro-Atlantic security culture, need to be involved; this is a field where mass-media are called to play an important part; we are sure that a proactive attitude can only be developed by a proper education, with the vast, aware and responsible involvement of this country's citizens, a concept without which the success of our undertaken actions cannot be complete.
As regards the way NATO classified information is protected, NATO Office of Security can give its opinion. NOS is the body responsible for the security coordination within the Alliance . Its experts, well-known for their expertise and professionalism, carry out, besides counseling, the assessment of Romania 's progress in applying the standards for the protection of classified information. Please believe me that the idea of compromise is not familiar to NOS policy, a fact that some of the candidate countries have already been convinced of, and a circumstance that even your magazine reported about. At present, we can state for sure that, in Romania, the system for the protection of classified information is operational, which leads to the fact that, at this stage, the security of NATO information is ensured at a level considered by NOS as tallying with the Alliance's demands.
Any "leakage" of classified, national or even NATO information must be deterred and dissuaded by firmly applying the protective measures provided in the national standards; those who would get involved in such actions would undertake, besides the inevitable legal liability, a huge moral responsibility due to the severe damages brought to Romania's credibility, with an effect on our prospects of Euro-Atlantic integration. However, I have to emphasize that, beyond the international context, beyond any kind of sanctions, it is obvious that Romania has sufficient information whose uncontrolled dissemination could result in grave damage. Should an honest citizen be indifferent in such situation? I don't think so; the best solution would be to help these people know and understand the meaning of the measures for the protection of information, and their aware, satisfactory and loyal answer will be the best and the most efficient protection.
. Why did NATO and national secrets need a "gendarme" such as ORNISS?
A : Your question surprises me because it seems to limit ORNISS' sphere of activity, and that makes me bring up the necessary clarifications, once again taking the risk of an ample answer. First of all, I have to state that the solution of setting up a complex and coherent national system for the protection of classified information, centered on a viable and efficient national security authority, is completely new and has emerged as a result of Romania 's firm decision to join NATO and meet its requirements. By Law no.182/2002 on the protection of classified information, due to logical and pragmatic reasons, NATO's philosophy in the field was also applied to the protection of national classified information, and thus achieving a unitary approach of the specific problems. Moreover, as concerns our country, a national security authority, an attribute bestowed to ORNISS, based on the autonomy and authority given by the legal statute, can ensure the equidistance, objectivity and credibility required to adopt and enforce the measures for the protection of classified information, in full observance of the laws, of human and civil rights; we must not forget that all this takes place in a context where the democratic exercise has not fully removed the suspicions and fears, and we still need time to restore the concept of security to normality.
In the same connection, your question seems to hint to a rather "repressive" connotation of ORNISS' activity. ORNISS' mission is to unitary implement the measures for the protection of classified information; this implies, besides control, regulation, authorization and accountability tasks at a national level, also the necessary support given, together with other institutions empowered by the law, to holders of classified information, through briefing, counseling and accreditation procedures, in order to set up and put into operation their own protection systems. ORNISS' major interest is the setting up and correct, flawless and efficient functioning of these systems, able to ensure the proper protection of classified information and not the punitive side, a component to which it resorts only in the obvious cases of dishonesty or irresponsibility; and this is why ORNISS is and will always be at the side of all those who make the necessary efforts required by law and by our country's international commitments.
. Do you safeguard the Alliance against the members of the former security services? Are there any recommendations coming from Brussels in this regard?
A : In general, NATO is very exigent about the quality of the personnel who are granted access to its classified information and for whom there must be sufficient guarantees regarding their loyalty, trustworthiness and honesty. The case of those who worked within the former security services as a political policy is of interest for the leaders of the Alliance , even for the simple fact that their activity is questionable as to loyalty, trustworthiness and honesty. From this point of view the Alliance did not make any specific requirements for Romania , other than those set out in the standards. As a matter of fact it is the problem of our country that, after a realistic evaluation, it should adopt the most suitable attitude; and this is the real proof that Romania has undertaken the responsibilities as a loyal NATO member. The preoccupation of the Romanian authorities for these aspects is expressively illustrated in the recent public standpoint of the responsible factors at the highest level in the state. The result of this approach, which is connected with the political decision, will certainly be reflected in the Norms on the protection of classified information of the North Atlantic Treaty Organization in Romania . Now we are working on improving and harmonizing them with the latest provisions of the Alliance . Since we are talking about the eligibility criteria, I would like to avail myself of this opportunity to underline the responsibility of the heads of the institutions managing classified information, those who actually submit for approval the persons who are to be granted access to such information; the denial of a personnel security clearance, no matter what the reason should be, can be thus avoided right from this stage, on one hand, and on the other hand, it is, no matter what it would be said, a low mark for the management of the human resources in those institutions.
. To what extent does it matter one's love affair or dubious friendship in relation to the access to national or NATO secrets?
A : Access to classified information can be granted only after a special security clearance has been conducted by legally established institutions, such as SRI, SIE, MApN, MAI, MJ, SPP and STS, each for its own field of competence. The security clearance is aimed at identifying and assessing the security risks of classified information, generated when granting the access to this category of information to a certain person. Indeed, the security clearance refers to the close persons, but it is not intended to emphasize a certain type of relations and morally judge it. As I have already stated, the quantification of the risks this relation implies is more important. That is why I would like to stress that a negative security clearance does not mean that there really are, in the behavior or in the moral profile of the vetted person, blame-worthy elements, but only that his or her access to classified information may bring about supplementary security risks, unacceptable from the viewpoint of the holder of the information, such as, for example, those caused by aspects from the life or activity of close persons or due to certain health problems. Please be convinced that, before deciding on granting or non-granting the personnel security clearance, ORNISS responsibly analyses the vetting conclusions, so that the decision taken be well-grounded and not affect the security of classified information or the person concerned. That is the reason why ORNISS does not make public the results of the vetting, respectively the granting or denial of the personnel security clearances, because these are data that concern the person and must be protected according to the law, besides the fact that the national security authority does not have a direct relation with the vetted person but only with the institution that wishes to grant access to classified information to that person.
. How do you decide who is entitled to have access to secrets?
A : The conditions on which a person may be granted access to classified information are very clearly stipulated by the law, just like the content of the security clearance, and so they are accessible to any interested natural or legal body. From this point of view, the heads of the institutions requiring access to classified information for one of their employees have enough elements to proceed to a first assessment, based on the employment record, of the extent to which that employee tallies with the stated criteria. At this point I would like to bring up some explanations regarding the main stages that have to be covered in order to be granted a personnel security clearance. Thus, before appointing a person in a position requiring access to classified information, he/she must be granted a personnel security clearance corresponding to the category of national or NATO information and to its classification level. The eligible person fills in a special security form and specifically consents to be security cleared. The head of the institution requires ORNISS to start the vetting procedures and the formalities for granting the personnel security clearance for NATO classified information, or the formalities on which the decision of granting the certificate of security clearance for national classified information is taken. ORNISS requires the institutions designated by law to conduct the security vetting and based on their conclusions decides on granting one of the documents mentioned above. An institution can hold classified information only if it meets cumulatively at least two requirements; one requirement aims at setting up a security structure and appointing a security officer who, along with the heads of the institutions and according to the law, exercises important assignments in the classified information security field; another requirement refers to effectively apply the protective system. It is important to keep in mind that, for access to classified information, besides the personnel security clearance or the certificate of security clearance, the enforcement of the need-to-know principle is compulsory. This principle refers to the imperious requirement of granting access to classified information to a person, exclusively for the purpose of carrying out his/her tasks, only when this is absolutely necessary and for a required period of time. Thus, no person may, by rank, position or personnel security clearance /certificate of security clearance, have access to a certain item of classified information, if this is not absolutely necessary for carrying out his/her tasks.
. Who did you "tread on the toes" when ORNISS decided not to grant personnel security clearances?
A : If you refer to the persons for whom, after the security vetting, ORNISS has denied granting the personnel security clearance, I have no knowledge of any negative signals. But if you refer to persons for whom the issuance of a personnel security clearance was requested, there have been some reactions of impatience; I would like very much to underline that, in absolutely all situations, both ORNISS and the authorities conducting the security vetting strictly observe the legal procedures, including the terms for the answer, which, for example, in the case of national classified information vary from 9 to 21 weeks; even these terms are not definite because to be fully convinced that the requirements for access to classified information have been met, is a priority against any other judgement; that is why the law allows the authorities conducting the security clearance to exceed the terms we are talking about and to make additional security clearances when some security risks are obvious.
. At present, are there persons who, when appointed in a position, haven't been severely cleared by ORNISS? What happens when they are not "clean"? Are they dismissed?
A : At the time when the specific regulations, promoting completely new solutions, entered into force, no person had access to classified information, access obtained following a complex security clearance. This was an inevitable situation, because, until that moment, the law did not provide such a procedure. Anyway, at that time, Romania did not have access to the Alliance's very sensible information, which was to become a fact only after accession; in time, the vetting procedures were started and the appropriate personnel security clearances were issued for most of the personnel with important tasks regarding the cooperation with NATO. The protection systems have been implemented to each holder of classified information, and now we have set up the framework required for the receipt and utilization of the Alliance 's classified information. A similar process is being applied in relation to the national classified information. But in this case we have a relatively longer way to go because, as you certainly notice, there is an incomparable larger number of people who have to be cleared, and much more institutions which develop specific protective systems. After completing this - let's call it - transition period, a person can take a public position which, according to the law, requires access to classified information, only after his/her mandatory clearance before the appointment, at the request of the competent authority. Coming back to your question, all I can state for certain, is that, in compliance with the laws in force, the persons who are in the position of not being granted the personnel security clearance, cannot be given access to classified information; and all the responsible factors in the field of the protection of classified information must be wide awake that this should not happen, because it would mean a serious breaking the law; furthermore, each institution has to decide on the appropriateness of keeping the subordinates who are in such situation, in their respective positions.
. So far, have you had any doubts as to the way the authorities designated to conduct the security vetting have done their job?
A : We didn't have and we cannot have any doubts regarding the good will and professionalism of the legally designated authorities concerning the conducting of the security vetting. Anyway, the problematic of the security of classified information is far much important for Romania 's interests so that someone having assignments in the field of information safeguarding should not treat this with full responsibility.
. How was ORNISS staff selected?
A : As a fundamental option of organizational policy in the management of the human resources, and considering both the novelty of the problematic and its specific requirements, ORNISS opted for the solution of a nucleus of expert people working together with a young personnel with promising qualities and future. The recruitment of the personnel was based on the principle of bivalence, according to which ORNISS employs a competent personnel whose professionalism is attested by competition and whose loyalty is checked by specific procedures. From this viewpoint, the law requires that all ORNISS personnel, directly involved in the activity specific to a national security authority, should be security vetted and should hold appropriate personnel security clearances. Moreover, nobody belonging to ORNISS staff is or was politically engaged. This fact allowed the institution to benefit from the whole support of the responsible political factors, without any political involvement.
. From now on, will all those who want to do business with the Alliance have to obtain ORNISS' confirmation? Are the Romanian businessmen afraid of the existence of a "critical eye"?
A : Your question refers to a totally new field of activity, that of the industrial security, an approach that, unfortunately, is deprived of a previous experience in Romania , and maybe this accounts for some ambiguities which the businessmen have to face. In this context, I think some technical details would be welcomed. Thus, the industrial security refers to all the protective measures for the classified information which is circulated within the industrial field, related to the bidding, negotiation and carrying out of a classified contract. A classified contract is a legally concluded agreement that contains and circulates classified information. The industrial security sets out the security policy for the negotiation, conclusion and carrying out of classified contracts, for the security annexes to the classified contracts and related to the transmission of classified information within classified contracts. Participation in the negotiations for the conclusion of a classified contract is allowed based on an industrial security authorization , issued further to some specific investigations, which confirms the enforcement of the minimum security measures provided in the standards. The carrying out of a classified contract by a facility is done based on a facility security clearance , also issued following similar investigations.
As a matter of fact, the security vetting has in view that the employees, managers and owners, before participating in a bid, negotiation or carrying out of a classified contract or before taking part in a contract requiring access to classified information, hold a facility security clearance corresponding to the classification level of the information to which they have access. At the same time, the premises where classified information is managed (for bidding, negotiating, document analyses, production etc.) must be protected according to specific standards, and the facility will be economically stable, will not be involved in disputes which could affect its stability, will have paid its taxes to the state or to the natural/legal bodies and will not show any security risks.
Thus, the "industrial security" establishes a favorable framework for economic development, fostering the participation especially of privately-owned economic units in the negotiation and carrying out of classified contracts, that is, contracts belonging to the national security, by setting up and ensuring measures for the protection of classified information against loss, dissemination, modification or unauthorized destruction. For this reason, I am fully convinced that there are a lot of elements to build up a good cooperation with all the interested economic units, a cooperation characterized by an open attitude, without restraints, a benefic cooperation between businessmen and ORNISS representatives; therefore I do not see why there could be someone who, reading your article, "should be afraid of a critical eye".