Investigating cyber-security at U.S. Central Command

While the college admissions scandal exposed students getting undue help on their exams, FOX 13 started hearing and investigating claims of a different kind of cheating in one of the most sensitive parts of our government. 

Ted Carrier is a cyber-defense analyst who worked for a contractor at U.S. Central Command inside Tampa’s MacDill Air Force Base. They called him a mission-essential individual for computer network defense. He was responsible for protecting military secrets from hackers. 

The Department of Defense requires ethical hacker certification to make sure its cyber defenders are ethical, but can think like hackers to keep them from penetrating military computer systems. That is where Carrier claims CENTCOM, and taxpayers, have a problem.  

To get certified, Carrier claims he and others got undue help on their ethical hacker exams. He says in March of 2017 the contractor they worked for, SAIC, gave them a printout the day before they took the test that contained the same questions and answers as the test.  

"So we reviewed the questions and answers thinking it was something similar to what we’d see. But the next morning we realized that it was exactly the same questions and same answers as the actual test,” Carrier said.

Carrier is one of five sources we interviewed in our investigation -- and all five tell the same story. Four of them agreed to talk on-camera. 

Jim Restel is a retired lieutenant colonel who demonstrated outstanding performance and dedication to our nation, according to Lt. Gen. Carroll Pollett, director of America’s Defense Information Systems Agency in support of CENTCOM.  Restel retired and then returned to CENTCOM as a civilian contractor for cyber defense. The Pentagon added certified ethical hacker requirements that he and others already doing the work did not have. 

“In order to do this job you need to have this core base of knowledge, and all of the sudden you had people who don’t have the core base of knowledge accomplishing the duty,” said Restel. 

He said he was working for SAIC when its I.T. contract with CENTCOM came up for renewal in 2017, and managers rushed to certify the team. 

“They came in verbally. They said ‘Well, who do we have available to take the test?’ They said we need to have as many people as we can in there because that makes us competitive,” Restel continued. 

He said they told him to attend a study session in which he, Ted Carrier, and around 20 other cyber defense co-workers were given a printout of questions and answers. He said he was told these were sample questions to prepare for the real exam. 

Image 1 of 5

Restel said he took the real exam the next morning.   

“The first questions come on the screen, and it is exactly the same as we had in the test bank earlier,” Restel said. “The sequence of the questions were different, but the actual questions and the answers were identical. The options of A,B,C,D were exactly the same. Identical.”

That is how he says he passed by inadvertently cheating. 

“I can’t tell you if I would have passed or not, but I was sweating it. I’d say 50-50 chance.”

Our third source is Mark Sigmon. He was a senior officer and team leader at the National Security Agency, recognized by Lt. Gen. Michael Hayden for extraordinary contributions. He joined the same team as Restel and Carrier, and said he got the same undue help – before he took and passed the test. 

“This is a true strike against ethics,” said Sigmon, who now works as a senior intelligence analyst overseas. 

Our fourth source is a cyber-defense analyst who did not want to show his face. He said he worked on the same team as Restel, Carrier and Sigmon, and was given what they called a study guide. He said he got the same surprise when he took the exam and easily passed. 

"It was a printout that looked like a test," he recalled. “All of the questions were identical.”

He said he would have passed without getting answers in advance, but does not know whether his co-workers would have. 

He said he complained to his employer, but his complaint was dismissed. 

SAIC told FOX 13 it investigated and determined the allegations are not credible. The company sent us the following statements relating to its investigation and findings.   

“In Aug. 2017, SAIC was made aware of this alleged incident through an ethics complaint. Upon learning of this matter, we immediately began our own investigation to determine the scope of the issue and if there was any legitimacy to these allegations. Our internal investigation concluded, and according to our findings, there was no misconduct and the allegations were not credible. SAIC is a respected leader in our industry and this alleged misconduct does not reflect our core values and culture of integrity. We take every ethics complaint seriously and ensure that all are investigated thoroughly.”  

“Our investigation determined that employees had access to practice exam questions to prepare for the C/EH exam. These practice exams were through a test preparation vendor and are available for download online. Access to that information is not unethical.  The exam on test day was administered by a third party testing vendor and was taken in person at a government facility, and on a computer. SAIC had no communication with the test administrator regarding the exam. Integrity is one of SAICs core values and we actively encourage our employees to raise concerns. SAIC has a strict anti-retaliation policy and prohibits retaliation of any kind against employees who have submitted a complaint or concern of unethical conduct.”

Undaunted, Carrier filed his claim of test cheating with CENTCOM.  Lt. Col. Earl Brown with CENTCOM told FOX 13 that CENTCOM referred the allegations to the General Services Administration for investigation in 2017 and the GSA contracting representative “found nothing substantive.” 

“A former defense contractor employee filed an allegation of cheating to U.S. CENTCOM’s J6 Directorate in December 2017. The J6 reported the allegation to the Contracting Officer’s Representative (COR) and Contracting Officer from GSA (General Services Administration). The GSA representative conducted an inquiry into the former employee’s allegations of ethics violations and found nothing substantive. The defense contractor in question was conducting cybersecurity training for CENTCOM personnel. The former employee filed complaints with both the defense contractor and CENTCOM’s J6, citing a cybersecurity training 'study guide' allowed personnel to cheat on a certification test. The GSA contracting representative found nothing substantive,” said Lt. Col. Earl Brown, USA chief of media operations at CENTCOM's Communication Integration Directorate.

Meanwhile, SAIC won the bid in 2017, and got its contract for cyber-defense and other I.T. services renewed for seven years. The total I.T. contract is worth $621 million. 

Jim Restel took another job with the Federal Aviation Administration, and now helps manage communications for flights going in and out of Washington D.C.

Ted Carrier took a job at a different defense contractor. He says he never accepted the certification for the test he passed. 

“Because it’s unethical,” he added. “I’m not going to unethically take the certified ethical hacker certification.”

Series Fox13 InvestigatesNewsMilitary Macdill Afb