Protecting “Critical Program Information” Within DoD
The Department of Defense last week issued new guidelines (pdf) for protecting “critical program information” (CPI), a term that refers to the most sensitive technology information in DoD research, development and acquisition programs.
CPI consists of those program elements “that, if compromised, could cause significant degradation in mission effectiveness; shorten the expected combat-effective life of the system; reduce technological advantage; significantly alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability.”
CPI “includes technology that would reduce the US technological advantage if it came under foreign control.”
“It is DoD policy… to provide uncompromised and secure military systems to the warfighter by performing comprehensive protection of CPI.”
The new CPI instruction, issued by James. R. Clapper, Jr., the Under Secretary of Defense for Intelligence, updates and expands upon a prior directive (pdf) from 1997.
Among the interesting changes adopted in the new instruction is an increased role for security oversight by the DoD Inspector General, who is called upon to “develop a uniform system of periodic inspections” to ensure compliance with CPI protection requirements, and to “publish an annual report of significant findings, recommendations, and best practices.”
Though it is not specifically addressed in the new instruction, the use of agency inspectors general to conduct oversight of classification and declassification activity is the single most promising near-term option for augmenting oversight of the government secrecy system. Increased IG oversight of CPI may serve as a useful precedent for validating the IG’s capacity to perform that function and advancing its classification oversight role.
See “Critical Program Information (CPI) Protection Within the Department of Defense,” DoD Instruction 5200.39, July 16, 2008.
To secure the U.S. bio-infrastructure, maintain global leadership in biotechnology, and safeguard American citizens from emerging threats to their privacy, the federal government must modernize its approach to human genetic and biological data.
To ensure an energy transition that brings broad based economic development, participation, and direct benefits to communities, we need federal policy that helps shape markets. Unfortunately, there is a large gap in understanding of how to leverage federal policy making to support access to capital and credit.
From use to testing to deployment, the scaffolding for responsible integration of AI into high-risk use cases is just not there.
OPM’s new HR 2.0 initiative is entering hostile terrain. Those who have followed federal HR modernization for years desperately want this effort to succeed.