In a stark illustration of how secrecy may undermine rather than reinforce security, the Government Accountability Office found that the Department of Defense has omitted many of its most sensitive assets from critical infrastructure protection planning because they are too secret to be identified.
“DOD has not taken adequate steps to ensure that highly sensitive critical assets associated with SCI and SAPs are accounted for,” the GAO reported last week (pdf). SCI means sensitive compartmented information that is derived from intelligence sources. SAPs are special access programs.
Only critical assets that are classified at the collateral level — i.e. plain Secret or Top Secret, but not compartmented or special access — are being processed in the Defense Critical Infrastructure Program, the GAO found. But if they are classified as SCI or special access, they have been excluded.
The Defense Intelligence Agency, for example, has withheld a list of over 80 critical assets because they are SCI and the infrastructure protection program is not equipped to receive such information.
“Unless critical SCI and SAP assets are identified and prioritized, DOD will lack sufficient information to assure the availability of the department’s most critical assets,” the GAO stated.
The Pentagon concurred with the GAO’s recommendation that critical SCI and SAP assets should be incorporated in infrastructure protection.