SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2012, Issue No. 15
February 21, 2012

Secrecy News Blog: http://www.fas.org/blog/secrecy/

PENTAGON DEFENDS RECORD ON SECRECY REFORM

The Department of Defense has done a better job of complying with changes in national security classification policy than it has gotten credit for, Pentagon officials told a Senate Committee. The number of classification guides that are up to date has increased from 30% to over 70%, the officials said, and a new four-volume information security guide that has been under development since 2009 is in final coordination.

In response to a question for the record in a newly published hearing volume, the Pentagon officials -- Mr. Thomas Ferguson and Ms. Teresa Takai -- criticized an article in Secrecy News that was published a year ago.

Secrecy News had reported that (a) there was a presidentially-mandated deadline for agencies to update their regulations to implement the President's executive order on classification; (b) the Department of Defense missed the deadline; and (c) DoD components such as U.S. Transportation Command were therefore not implementing the requirements of the executive order. Each of these points was documented with citations to official sources. ("Secrecy Reform Stymied by the Pentagon," Secrecy News, February 24, 2011.)

But Mr. Ferguson and Ms. Takai said the Secrecy News article "is inaccurate on a number of counts, and Mr. Aftergood did not consult with the DoD office responsible for updating this issuance."

The Pentagon officials did not dispute that there was a deadline, or that DoD had missed the deadline.

"We notified the Information Security Oversight Office (ISOO) that DoD would not be able to reissue the policy [i.e. the new implementing regulations] in the timeframe allowed; however, ISOO and the National Security Staff denied the DoD request to extend the deadline established in the Executive Order (E.O.) 13526 and its implementing directive," they wrote.

However, they said, "In October 2010, we sent formal notification to all DoD components reminding them of their obligation to comply with the E.O. as well as with the President's [accompanying] memo. We also initiated a DoD wide update of classification guidance."

This leaves unexplained how it was that in February 2011, the U.S. Transportation Command (among others) said it had no record of a requirement to conduct a Fundamental Classification Guidance Review, as specified in the executive order, and no evidence of any compliance with it.

Regarding the Fundamental Classification Guidance Review, the DoD officials said that "ISOO and Mr. Aftergood may not understand the enormity of such an undertaking for DoD. DoD has more classification guidance than any other agency or Department by several orders of magnitude. The limited resources available for conducting such a review are already over-tasked by several new initiatives and activities resulting from the EO as well as other circumstances such as the WikiLeaks disclosure."

Mr. Ferguson and Ms. Takai might have added that the President of the United States also "may not understand" the enormity of the task facing DoD, since it was he who personally set the deadline that DoD failed to meet. Alternatively, perhaps DoD may not recognize the urgency of restoring integrity and public confidence to classification policy.

"Regardless," they wrote, "the Department has made solid strides forward in implementing the national policy contrary to Mr. Aftergood's assertions."

On balance, what appears to be true is both that DoD got a late start in complying with the executive order, and also that it made progress once it got underway.

It was not until May 2011 that Under Secretary of Defense (Intelligence) Michael G. Vickers wrote to DoD agency heads and department officials instructing them to "begin this effort [the Fundamental Classification Guidance Review] immediately.... We cannot afford to expend resources on protecting information that no longer meets the criteria for classification."

By the time of its first interim report on the Fundamental Review in July 2011, DoD said it had cancelled 82 classification guides. ("Fundamental Review Yields Reduction in Scope of Secrecy," Secrecy News, October 3, 2011.)

Portions of the 2009 Obama executive order 13526 were reflected in a June 13, 2011 update of DoD Instruction 5200.01 on information security. However, the full DoD information security regulation implementing the executive order has still not been published.

The remarks of Mr. Ferguson and Ms. Takai were included among other interesting responses to questions for the record in a newly published hearing volume from a March 10, 2011 hearing of the Senate Homeland Security and Governmental Affairs Committee on "Information Sharing in the Era of WikiLeaks: Balancing Security and Cooperation."


POST-WIKILEAKS NETWORK MONITORING TAKES SHAPE

The heightened surveillance of classified government information networks that was a predictable response to the unauthorized disclosures published by WikiLeaks is becoming more clearly discernible.

"USSTRATCOM/USCYBERCOM is monitoring use of the SIPRNet and now has a mechanism for reporting certain anomalous behaviors for appropriate remediation," said Thomas A. Ferguson, Deputy Under Secretary of Defense (Intelligence) and Teresa Takai, DoD Chief Information Officer.

"We have established the first formal security oversight and assessment program to determine levels of compliance" with rules of access to classified networks," they said in response to questions for the record from a March 10, 2011 hearing of the Senate Homeland Security and Governmental Affairs Committee on "Information Sharing in the Era of WikiLeaks."

"Simply understanding that we have this monitoring capability creates deterrence of willful mischief," they added.

"We will improve our ability to individually track users through enforcement of strong user authentication on classified networks, ensure responsible controls on removable media, and provide strong website authentication for classified fabrics -- all to provide greater control over access to classified information," wrote Corin R. Stone of the Office of the Director of National Intelligence in her own answers to questions for the record from the same hearing.

"The FBI and CIA have robust insider threat programs in place for tracking the specific information accessed by users of their systems and detecting, to varying degrees, suspicious user behavior (e.g., excessive file accesses or data downloads) and alerting security personnel to take action. Several agencies (e.g., NGA, NSA, NRO) are maturing their audit and insider threat capabilities, while others still lag behind," Ms. Stone wrote.

"The WikiLeaks disclosures highlighted the need to 'raise the bar' in terms of these capabilities," she wrote.

In testimony before the Senate Armed Services Committee last week, Defense Intelligence Agency director Lt. Gen. Ronald L. Burgess said that "The potential for trusted US Government and contractor insiders using their authorized access to personnel, facilities, information, equipment, networks or information systems in order to cause great harm is becoming an increasingly serious threat to national security."


CIA AND SPECIAL OPS ARE "DECONFLICTED AT ALL LEVELS"

"I will tell you the relationship between CIA and Special Operations Forces is as good as I have ever seen it," said Adm. William H. McRaven, Commander of Special Operations Command, in congressional testimony last year. "Both under [CIA] Director Panetta, and now, of course, under Director Petraeus, I think we are going to see that relationship continue to strengthen and blossom."

The conduct of DoD special operations, including coordination between DoD clandestine operations and CIA covert operations, was the subject of an informative hearing held by the House Armed Services Committee in September. The record of that hearing has just been published.

"USSOCOM [U.S. Special Operations Command] and the CIA currently coordinate, share, exchange liaison officers and operate side by side in the conduct of DOD overt and clandestine operations and CIA's covert operations, said Michael D. Lumpkin, acting assistant secretary of defense.

"Our activities are mutually supportive based on each organization's strengths and weaknesses and overall capabilities. Whichever organization has primary authority to conduct the operation leads; whichever organization has the superior planning and expertise plans it; both organizations share information about intelligence, plans, and ongoing operations fully and completely. Whether one or both organizations participate in the execution depends on the scope of the plan and the effect that needs to be achieved. Currently all USSOCOM and CIA operations are coordinated and deconflicted at all levels."

"USSOCOM reports all of its clandestine activities quarterly through DOD to Congress for appropriate oversight," Mr. Lumpkin said.

See "The Future of U.S. Special Operations Forces: Ten Years After 9/11 and Twenty-Five Years After Goldwater-Nichols," hearing before a subcommittee of the House Armed Services Committee, September 22, 2011:

And see, relatedly, "Budget Requests from the U.S. Central Command and U.S. Special Operations Command," hearing before the House Armed Services Committee, March 3, 2011:


NONSTRATEGIC NUCLEAR WEAPONS, AND MORE FROM CRS

New and updated reports from the Congressional Research Service that Congress has declined to make readily available to the public include the following.

"Extraterritorial Application of American Criminal Law," February 15, 2012:

"Civilian Extraterritorial Jurisdiction Act: Federal Contractor Criminal Liability Overseas," February 15, 2012:

"Nonstrategic Nuclear Weapons," February 14, 2012:

"The U.S. Export Control System and the President's Reform Initiative," February 16, 2012:

"NATO Common Funds Burdensharing: Background and Current Issues," February 15, 2012:

"The Federal Budget: Issues for FY2013 and Beyond," February 17, 2012:

"Reducing the Budget Deficit: Policy Issues," February 15, 2012:

"Burma's Political Prisoners and U.S. Sanctions," February 13, 2012:

"Previewing the Next Farm Bill," February 15, 2012:

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html