When government officials consider whether to classify national security information, they should not aim for perfect security, according to new guidance from the Office of the Director of National Intelligence. Instead, classifiers should seek to limit unnecessary vulnerabilities, while keeping broader mission objectives in view.
“A Risk Avoidance strategy — eliminating risk entirely — is not an acceptable basis for agency [classification] guides because it encourages over-classification, restricts information sharing, [and] hinders the optimal use of intelligence information in support of national security and foreign policy goals,” the ODNI document said.
Rather, “All agencies should reflect in their classification decisions a Risk Management strategy — mitigating the likelihood and severity of risk — in protecting classified information over which they have [classification authority], including clear descriptions in their classification policies of how the strategy is used when making classification determinations.” See Principles of Classification Management for the Intelligence Community, ODNI, March 2017.
This risk management / risk avoidance dichotomy in classification policy has been batted around for a while. It was previously discussed at length in in the thoughtful but not very consequential 1994 report of the Joint Security Commission on Redefining Security in the post-cold war era.
“Some inherent vulnerabilities can never be eliminated fully, nor would the cost and benefit warrant this risk avoidance approach,” the Commission wrote. “We can and must provide a rational, cost-effective, and enduring framework using risk management as the underlying basis for security decision making.”
In short, it is only realistic to admit that some degree of risk is unavoidable and must be tolerated, and classification policy should reflect that reality.
But the risk management construct is not as helpful as one would wish. That is because its proponents, including the Joint Security Commission and the authors of the new ODNI document, typically stop short of providing concrete examples of information that risk avoiders would classify but that risk managers would permit to be disclosed. Without such illustrative guidance, risk management is in the eye of the beholder, and we are back where we started.
Meanwhile, there is persistent dissatisfaction with current secrecy policy within the national security bureaucracy itself.
Classifying too much information is “an impediment to our ability to conduct our operations,” said Air Force Gen. John Hyten of U.S. Strategic Command at a symposium last week (as reported by Phillip Swarts in Space News on April 6).
“We have so many capabilities now,” Gen. Hyten said. “There are all these special classifications that I can’t talk about, and if you look at those capabilities you wonder why are they classified so high. So we’re going to push those down.”
With summer 2025 in the rearview mirror, we’re taking a look back to see how federal actions impacted heat preparedness and response on the ground, what’s still changing, and what the road ahead looks like for heat resilience.
Satellite imagery of RAF Lakenheath reveals new construction of a security perimeter around ten protective aircraft shelters in the designated nuclear area, the latest measure in a series of upgrades as the base prepares for the ability to store U.S. nuclear weapons.
It will take consistent leadership and action to navigate the complex dangers in the region and to avoid what many analysts considered to be an increasingly possible outcome, a nuclear conflict in East Asia.
Getting into a shutdown is the easy part, getting out is much harder. Both sides will be looking to pin responsibility on each other, and the court of public opinion will have a major role to play as to who has the most leverage for getting us out.