Secrecy News

DoD Security Policy is Incoherent and Unmanageable, IG Says

“DoD security policy is fragmented, redundant, and inconsistent,” according to a new report from the Department of Defense Inspector General.  This is not a new development, the report noted, but one that has persisted despite decades of criticism.

There are at least 43 distinct DoD security policies “covering the functional areas of information security, industrial security, operations security, research and technology protection, personnel security, physical security, and special access programs,” the Inspector General report noted.

“The sheer volume of security policies that are not coordinated or integrated makes it difficult for those at the field level to ensure consistent and comprehensive policy implementation.”

The solution to this fragmentation and incoherence is the development of a comprehensive and integrated security policy, the IG report said.

Lacking an integrated framework and an “overarching security policy…, [the] resulting policy can be stove-piped, overlapping and contradictory.”

The issuance of such an overarching security policy, described as “the necessary first step,” is expected later this year.

See “Assessment of Security Within the Department of Defense — Security Policy,” DoD Inspector General report DoDIG-2012-114, July 27, 2012.

2 thoughts on “DoD Security Policy is Incoherent and Unmanageable, IG Says

  1. From my 22 years spent in the U.S. Navy Submarine force on board SSBNs, I can honestly agree with the IG on the disparate security instructions with one exception – the security for nuclear weapons. Those security instructions, at all levels, were almost identical in content, meaning, direction, and wording.

    My advice to those looking at the myriad of security policies and instructions, look at the security instructions for nuclear weapons for a starting basis. Form a basic, over-arching instruction for security and provide sub-instructions that follow the base instruction with modifications to fit the specific category (i.e., personnel, communications, etc.).

  2. Using nuclear security as the plan for everything is too expensive. This particular topic (i.e., nuclear) is relatively easy compared to other assets or actionable security requirements. Addressing security takes time and money, and other priorities (real or perceived) are more visible. The JCS Chair needs to have this as a key metric, then it will get changed. Also, Congress has to care – they don’t as it doesn’t help with their voters.

Leave a Reply