The procedures for establishing, managing and overseeing special access programs (SAPs) in the Department of Defense are spelled out in an updated DoD Instruction that was issued yesterday. See “Management, Administration, and Oversight of DoD Special Access Programs,” DoD Instruction 5205.11, February 6, 2013.
A special access program is a classified program that employs security measures above and beyond those that would normally be used to protect ordinary (or “collateral”) classified information. Such measures may include special eligibility reviews, polygraph testing, cover, and other controls on information. Within DoD, SAPs fall into three broad topical categories: intelligence, acquisition, and operations and support.
DoD SAPs have been a focus of controversy in the past, because their intensive secrecy seemed to foster mismanagement. There were massive, multi-billion dollar failures (e.g., the aborted A-12 naval aircraft program) as well as the occasional eccentricity (e.g., the Timber Wind nuclear powered rocket for anti-ballistic missile missions), both of which triggered Inspector General audits.
Because of those kinds of missteps, “The special access classification system… is now adversely affecting the national security it is intended to support,” the House Armed Services Committee concluded in 1991 (H.Rept. 102-60, p. 101).
But such concerns are expressed less frequently today. This is partly because of changes in Congress, but also because the administration of special access programs at the Pentagon has become less improvisational and freewheeling, and more standardized. (Whether they are also more successful is impossible to say.)
The newly updated DoD Instruction defines the SAP “governance structure,” which consists of a multi-level SAP Oversight Committee (SAPOC), the Senior Review Group (SRG), and the SAP Senior Working Group (SSWG).
The Instruction also sheds light on the hierarchical structure of some SAPs, which are in effect SAPs within SAPs: “DoD SAPs may include subordinate activities identified as, in descending order, compartments, sub-compartments, and projects.”
There is also another SAP hierarchy along an axis of sensitivity. “Acknowledged SAPs,” whose existence may be admitted and made known to others, are the least sensitive. “Unacknowledged SAPs” (such as Timber Wind once was) are more sensitive and cannot be referenced. Their very existence is a classified fact. But both of those categories must be reported to Congress. “Waived SAPs” are the most sensitive of special access programs, and they are exempted by statute (10 USC 119e) from normal congressional notification requirements. In such cases, only eight senior members of the congressional defense committees may be advised of the program.
DoD’s SAPs are not to be confused with the intelligence community’s Controlled Access Programs (CAPs), which serve a similar function. An official within the Office of the Under Secretary of Defense (Intelligence) is responsible for “deconflict[ing] the names and abbreviations for DoD’s SAPs and DNI’s CAPs.”
It is noteworthy that the new DoD Instruction on SAP management is a public document. It rescinds and replaces a 1997 Instruction that was considered too sensitive for public release.