The Department of Defense has done a better job of complying with changes in national security classification policy than it has gotten credit for, Pentagon officials told a Senate Committee. The number of classification guides that are up to date has increased from 30% to over 70%, the officials said, and a new four-volume information security guide that has been under development since 2009 is in final coordination.
In response to a question for the record in a newly published hearing volume, the Pentagon officials — Mr. Thomas Ferguson and Ms. Teresa Takai — criticized an article in Secrecy News that was published a year ago.
Secrecy News had reported that (a) there was a presidentially-mandated deadline for agencies to update their regulations to implement the President’s executive order on classification; (b) the Department of Defense missed the deadline; and (c) DoD components such as U.S. Transportation Command were therefore not implementing the requirements of the executive order. Each of these points was documented with citations to official sources. (“Secrecy Reform Stymied by the Pentagon,” Secrecy News, February 24, 2011.)
The Pentagon officials did not dispute that there was a deadline, or that DoD had missed the deadline.
“We notified the Information Security Oversight Office (ISOO) that DoD would not be able to reissue the policy [i.e. the new implementing regulations] in the timeframe allowed; however, ISOO and the National Security Staff denied the DoD request to extend the deadline established in the Executive Order (E.O.) 13526 and its implementing directive,” they wrote.
However, they said, “In October 2010, we sent formal notification to all DoD components reminding them of their obligation to comply with the E.O. as well as with the President’s [accompanying] memo. We also initiated a DoD wide update of classification guidance.”
This leaves unexplained how it was that in February 2011, the U.S. Transportation Command (among others) said it had no record of a requirement to conduct a Fundamental Classification Guidance Review, as specified in the executive order, and no evidence of any compliance with it.
Regarding the Fundamental Classification Guidance Review, the DoD officials said that “ISOO and Mr. Aftergood may not understand the enormity of such an undertaking for DoD. DoD has more classification guidance than any other agency or Department by several orders of magnitude. The limited resources available for conducting such a review are already over-tasked by several new initiatives and activities resulting from the EO as well as other circumstances such as the WikiLeaks disclosure.”
Mr. Ferguson and Ms. Takai might have added that the President of the United States also “may not understand” the enormity of the task facing DoD, since it was he who personally set the deadline that DoD failed to meet. Alternatively, perhaps DoD may not recognize the urgency of restoring integrity and public confidence to classification policy.
“Regardless,” they wrote, “the Department has made solid strides forward in implementing the national policy contrary to Mr. Aftergood’s assertions.”
On balance, what appears to be true is both that DoD got a late start in complying with the executive order, and also that it made progress once it got underway.
It was not until May 2011 that Under Secretary of Defense (Intelligence) Michael G. Vickers wrote to DoD agency heads and department officials instructing them to “begin this effort [the Fundamental Classification Guidance Review] immediately…. We cannot afford to expend resources on protecting information that no longer meets the criteria for classification.”
By the time of its first interim report on the Fundamental Review in July 2011, DoD said it had cancelled 82 classification guides. (“Fundamental Review Yields Reduction in Scope of Secrecy,” Secrecy News, October 3, 2011.)
Portions of the 2009 Obama executive order 13526 were reflected in a June 13, 2011 update of DoD Instruction 5200.01 on information security. However, the full DoD information security regulation implementing the executive order has still not been published.
The remarks of Mr. Ferguson and Ms. Takai were included among other interesting responses to questions for the record in a newly published hearing volume from a March 10, 2011 hearing of the Senate Homeland Security and Governmental Affairs Committee on “Information Sharing in the Era of WikiLeaks: Balancing Security and Cooperation.”