[Intelforum] Secrecy News -- 02/21/12

Tue Feb 21 10:17:09 EST 2012

Format Note:  If you cannot easily read the text below, or you prefer to
receive Secrecy News in another format, please reply to this email to let
us know.

SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2012, Issue No. 15
February 21, 2012

Secrecy News Blog:  http://www.fas.org/blog/secrecy/

**     PENTAGON DEFENDS RECORD ON SECRECY REFORM
**     POST-WIKILEAKS NETWORK MONITORING TAKES SHAPE
**     CIA AND SPECIAL OPS ARE "DECONFLICTED AT ALL LEVELS"
**     NONSTRATEGIC NUCLEAR WEAPONS, AND MORE FROM CRS

PENTAGON DEFENDS RECORD ON SECRECY REFORM

The Department of Defense has done a better job of complying with changes
in national security classification policy than it has gotten credit for,
Pentagon officials told a Senate Committee.  The number of classification
guides that are up to date has increased from 30% to over 70%, the
officials said, and a new four-volume information security guide that has
been under development since 2009 is in final coordination.

In response to a question for the record in a newly published hearing
volume, the Pentagon officials -- Mr. Thomas Ferguson and Ms. Teresa Takai
-- criticized an article in Secrecy News that was published a year ago.

	http://www.fas.org/sgp/news/2012/02/dod-update.pdf

Secrecy News had reported that (a) there was a presidentially-mandated
deadline for agencies to update their regulations to implement the
President's executive order on classification;  (b) the Department of
Defense missed the deadline;  and (c) DoD components such as U.S.
Transportation Command were therefore not implementing the requirements of
the executive order.  Each of these points was documented with citations to
official sources.  See "Secrecy Reform Stymied by the Pentagon," Secrecy
News, February 24, 2011.

	http://www.fas.org/blog/secrecy/2011/02/reform_stymied.html

But Mr. Ferguson and Ms. Takai said the Secrecy News article "is
inaccurate on a number of counts, and Mr. Aftergood did not consult with
the DoD office responsible for updating this issuance."

The Pentagon officials did not dispute that there was a deadline, or that
DoD had missed the deadline.

"We notified the Information Security Oversight Office (ISOO) that DoD
would not be able to reissue the policy [i.e. the new implementing
regulations] in the timeframe allowed;  however, ISOO and the National
Security Staff denied the DoD request to extend the deadline established in
the Executive Order (E.O.) 13526 and its implementing directive," they
wrote.

However, they said, "In October 2010, we sent formal notification to all
DoD components reminding them of their obligation to comply with the E.O.
as well as with the President's [accompanying] memo.  We also initiated a
DoD wide update of classification guidance."

This leaves unexplained how it was that in February 2011, the U.S.
Transportation Command (among others) said it had no record of a
requirement to conduct a Fundamental Classification Guidance Review, as
specified in the executive order, and no evidence of any compliance with
it.

Regarding the Fundamental Classification Guidance Review, the DoD
officials said that "ISOO and Mr. Aftergood may not understand the enormity
of such an undertaking for DoD.  DoD has more classification guidance than
any other agency or Department by several orders of magnitude.  The limited
resources available for conducting such a review are already over-tasked by
several new initiatives and activities resulting from the EO as well as
other circumstances such as the WikiLeaks disclosure."

Mr. Ferguson and Ms. Takai might have added that the President of the
United States also "may not understand" the enormity of the task facing
DoD, since it was he who personally set the deadline that DoD failed to
meet.  Alternatively, perhaps DoD may not recognize the urgency of
restoring integrity and public confidence to classification policy.

"Regardless," they wrote, "the Department has made solid strides forward
in implementing the national policy contrary to Mr. Aftergood's
assertions."

On balance, what appears to be true is both that DoD got a late start in
complying with the executive order, and also that it made progress once it
got underway.

It was not until May 19, 2011 that Under Secretary of Defense
(Intelligence) Michael G. Vickers wrote to DoD agency heads and department
officials instructing them to "begin this effort [the Fundamental
Classification Guidance Review] immediately.... We cannot afford to expend
resources on protecting information that no longer meets the criteria for
classification."

By the time of its first interim report on the Fundamental Review in July
2011, DoD said it had cancelled 82 classification guides.  (See
"Fundamental Review Yields Reduction in Scope of Secrecy," Secrecy News,
October 3, 2011.)

Portions of the 2009 Obama executive order 13526 were reflected in a June
13, 2011 update of DoD Instruction 5200.01 on information security. 
However, the full DoD information security regulation implementing the
executive order has still not been published.

The remarks of Mr. Ferguson and Ms. Takai were included among other
interesting responses to questions for the record in a newly published
hearing volume from a March 10, 2011 hearing of the Senate Homeland
Security and Governmental Affairs Committee on "Information Sharing in the
Era of WikiLeaks: Balancing Security and Cooperation."

	http://www.fas.org/irp/congress/2011_hr/infoshare.pdf

POST-WIKILEAKS NETWORK MONITORING TAKES SHAPE

The heightened surveillance of classified government information networks
that was a predictable response to the unauthorized disclosures published
by WikiLeaks is becoming more clearly discernible.

"USSTRATCOM/USCYBERCOM is monitoring use of the SIPRNet and now has a
mechanism for reporting certain anomalous behaviors for appropriate
remediation," said Thomas A. Ferguson, Deputy Under Secretary of Defense
(Intelligence) and Teresa Takai, DoD Chief Information Officer.

"We have established the first formal security oversight and assessment
program to determine levels of compliance" with rules of access to
classified networks," they said in response to questions for the record
from a March 10, 2011 hearing of the Senate Homeland Security and
Governmental Affairs Committee on "Information Sharing in the Era of
WikiLeaks."

	http://www.fas.org/irp/congress/2011_hr/infoshare-qfr.pdf

"Simply understanding that we have this monitoring capability creates
deterrence of willful mischief," they added.

"We will improve our ability to individually track users through
enforcement of strong user authentication on classified networks, ensure
responsible controls on removable media, and provide strong website
authentication for classified fabrics -- all to provide greater control
over access to classified information," wrote Corin R. Stone of the Office
of the Director of National Intelligence in her own answers to questions
for the record from the same hearing.

"The FBI and CIA have robust insider threat programs in place for tracking
the specific information accessed by users of their systems and detecting,
to varying degrees, suspicious user behavior (e.g., excessive file accesses
or data downloads) and alerting security personnel to take action.  Several
agencies (e.g., NGA, NSA, NRO) are maturing their audit and insider threat
capabilities, while others still lag behind," Ms. Stone wrote.

"The WikiLeaks disclosures highlighted the need to 'raise the bar' in
terms of these capabilities," she wrote.

In testimony before the Senate Armed Services Committee last week, Defense
Intelligence Agency director Lt. Gen. Ronald L. Burgess said that "The
potential for trusted US Government and contractor insiders using their
authorized access to personnel, facilities, information, equipment,
networks or information systems in order to cause great harm is becoming an
increasingly serious threat to national security."

	http://www.fas.org/irp/congress/2012_hr/021612burgess.pdf

CIA AND SPECIAL OPS ARE "DECONFLICTED AT ALL LEVELS"

"I will tell you the relationship between CIA and Special Operations
Forces is as good as I have ever seen it," said Adm. William H. McRaven,
Commander of Special Operations Command, in congressional testimony last
year. "Both under [CIA] Director Panetta, and now, of course, under
Director Petraeus, I think we are going to see that relationship continue
to strengthen and blossom."

The conduct of DoD special operations, including coordination between DoD
clandestine operations and CIA covert operations, was the subject of an
informative hearing held by the House Armed Services Committee in
September.  The record of that hearing has just been published.

"USSOCOM [U.S. Special Operations Command] and the CIA currently
coordinate, share, exchange liaison officers and operate side by side in
the conduct of DOD overt and clandestine operations and CIA’s covert
operations, said Michael D. Lumpkin, acting assistant secretary of defense.

"Our activities are mutually supportive based on each organization’s
strengths and weaknesses and overall capabilities. Whichever organization
has primary authority to conduct the operation leads; whichever
organization has the superior planning and expertise plans it; both
organizations share information about intelligence, plans, and ongoing
operations fully and completely. Whether one or both organizations
participate in the execution depends on the scope of the plan and the
effect that needs to be achieved. Currently all USSOCOM and CIA operations
are coordinated and deconflicted at all levels."

"USSOCOM reports all of its clandestine activities quarterly through DOD
to Congress for appropriate oversight," Mr. Lumpkin said.

See "The Future of U.S. Special Operations Forces: Ten Years After 9/11
and Twenty-Five Years After Goldwater-Nichols," hearing before a
subcommittee of the House Armed Services Committee, September 22, 2011:

	http://www.fas.org/irp/congress/2011_hr/sof-future.pdf

And see, relatedly, "Budget Requests from the U.S. Central Command and
U.S. Special Operations Command," hearing before the House Armed Services
Committee, March 3, 2011:

	http://www.fas.org/irp/congress/2011_hr/socom-fy12.pdf

NONSTRATEGIC NUCLEAR WEAPONS, AND MORE FROM CRS

New and updated reports from the Congressional Research Service that
Congress has declined to make readily available to the public include the
following.

"Extraterritorial Application of American Criminal Law," February 15,
2012:

	http://www.fas.org/sgp/crs/misc/94-166.pdf

"Civilian Extraterritorial Jurisdiction Act: Federal Contractor Criminal
Liability Overseas," February 15, 2012:

	http://www.fas.org/sgp/crs/misc/R42358.pdf

"Nonstrategic Nuclear Weapons," February 14, 2012:

	http://www.fas.org/sgp/crs/nuke/RL32572.pdf

"The U.S. Export Control System and the President's Reform Initiative,"
February 16, 2012:

	http://www.fas.org/sgp/crs/natsec/R41916.pdf

"NATO Common Funds Burdensharing: Background and Current Issues," February
15, 2012:

	http://www.fas.org/sgp/crs/row/RL30150.pdf

"The Federal Budget: Issues for FY2013 and Beyond," February 17, 2012:

	http://www.fas.org/sgp/crs/misc/R42362.pdf

"Reducing the Budget Deficit: Policy Issues," February 15, 2012:

	http://www.fas.org/sgp/crs/misc/R41778.pdf

"Burma's Political Prisoners and U.S. Sanctions," February 13, 2012:

	http://www.fas.org/sgp/crs/row/R42363.pdf

"Previewing the Next Farm Bill," February 15, 2012:

	http://www.fas.org/sgp/crs/misc/R42357.pdf

_______________________________________________
Secrecy News is written by Steven Aftergood and published by the
Federation of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood at fas.org

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html

_______________________
Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood at fas.org
voice:  (202) 454-4691
twitter: @saftergood