Cyber Security Initiative is Too Secret, SASC Says

The new National Cyber Security Initiative that is intended to reduce the vulnerability of government information networks and to devise an information warfare doctrine is so highly classified that it is undermining the deterrent value of the project, the Senate Armed Services Committee (SASC) said in a new report.

“It is difficult to conceive how the United States could promulgate a meaningful [information warfare] deterrence doctrine if every aspect of our capabilities and operational concepts is classified,” the Senate report said.

During the cold war, “deterrence was not possible without letting friends and adversaries alike know what capabilities we possessed and the price that adversaries would pay in a real conflict. Some analogous level of disclosure is necessary in the cyber domain.”

(Or, as Dr. Strangelove put it 40 years ago, “The whole point of a Doomsday Machine is lost if you keep it a secret!”)

As things stand, the Senate report said, “virtually everything about the [cyber security] initiative is highly classified, and most of the information that is not classified is categorized as ‘For Official Use Only’.”

“These restrictions preclude public education, awareness, and debate about the policy and legal issues, real or imagined, that the initiative poses in the areas of privacy and civil liberties.”

“The committee strongly urges the administration to reconsider the necessity and wisdom of the blanket, indiscriminate classification levels established for the initiative.”

The committee’s remarks on the National Cyber Security Initiative were published in its report on the 2009 defense authorization act, excerpted here.