Beyond the Markings - PowerPoint PPT Presentation

1 / 41

About This Presentation

Title:

Beyond the Markings

Description:

Security Classification System, left on its own, will corrode. Times of War ... Promulgate internal regulations. Establish and maintain: ... – PowerPoint PPT presentation

Number of Views:192

Avg rating:3.0/5.0

Slides: 42

Provided by: jwleo

Category:

more less

Transcript and Presenter's Notes

Title: Beyond the Markings

1
Beyond the Markings
The Importance of Basics

Presentation by
J. William Leonard
Information Security Oversight Office
at
DoD Security Managers Conference
March 24, 2004

Presentation by J. William Leonard Information
Security Oversight Office at the National
Classification Management Societys Annual
Training Seminar Reno, NV June 15, 2004
2
The fine line between social order and anarchy
3
(S)
CONFIDENTIAL
Classified by David Smith, ChiefDivision 5
Department ofGood Works Office of
Administration Reason1.4(a) and (d) Declassify
on December 31, 2019
TOP SECRET
(C)
(TS)
SECRET
Multiple Sources
4

People
Knowledge
Understanding
Confidence

5
Security Classification System, left on its own,
will corrode
6

Times of War
Consequences more than theoretical
Competition for resources severe

7
Basics

Agency leadership must demonstrate personal
commitment

Executive Order 12958, as amended
Agencies must
Appoint senior officials to oversee the agencys
program
Promulgate internal regulations
Establish and maintain
security education and training programs
ongoing self-inspection program
Commit the resources necessary to ensure
effective implementation of the program

9
Many agencies are excelling at fulfilling these
requirements others are not
10
Basics

Agency leadership must demonstrate personal
commitment
Administrative aspects are essential

11
Army Discloses Criminal Inquiry on Prison Abuse
Presidential Aides Testify in Leak Probe
Guantanamo Inquiry Widens as Civilian Translator
Held
12
Based Upon Agency Reviews/Data Submissions

Many senior officials will acknowledge government
classifies too much
Some agencies are unaware

How Much?
Why?
Increasing or decreasing?
Elements responsible?
Changes Appropriate?
Too much?
Too little?
13
Basics

Agency leadership must demonstrate personal
commitment
Administrative aspects are essential
Classification is more than a simple assertion

Executive Order 12958, as amended
Information may be originally classified only if
ALL of the following conditions are met
OCA is classifying
Information is owned by, produced by or for, or
is under the control of the U.S. Government
Information falls within more or more of the
specified categories
OCA is able to identify or describe damage to
national security

15
Basics

Agency leadership must demonstrate personal
commitment
Administrative aspects are essential
Classification is more than a simple assertion
Classification authority has limits

Executive Order 12958, as amended
Sec. 1.7. Classification Prohibitions and
Limitations.
In no case shall information be classified in
order to
conceal violations of law, inefficiency, or
administrative error
prevent embarrassment to a person, organization,
or agency

17
WORLD NEWS Abu Ghraib Intelligence Soldier
Describes Iraq Abuse In Detail June 4, 2004 By
Greg Miller / Times Staff Writer WASHINGTON
U.S. Army Spc. Israel Rivera had just returned to
duty at the Abu Ghraib prison in Iraq last
October after minor surgery to remove shrapnel
from his face. He was checking his e-mail, he
recalls, when another military intelligence...
18
Basics

Agency leadership must demonstrate personal
commitment
Administrative aspects are essential
Classification is more than a simple assertion
Classification authority has limits
Purging of information that no longer requires
protection is essential

19
Times of National Security Challenges

When available resources are distracted
Err on the side of caution
When in doubt
Ask questions later
Can we allow error to be a part of any
implementation strategy?
Too little or too much classification no option
Too much impedes effective information sharing
Too little subjects our citizens, our democratic
institutions, our homeland security, and our
interactions with foreign nations to potential
harm

20
Basics

Agency leadership must demonstrate personal
commitment
Administrative aspects are essential
Classification is more than a simple assertion
Classification authority has limits
Purging of information that no longer requires
protection is essential
Proactive oversight is crucial

21
Agency Response

Examine role of senior leadership
Examine how personnel are provided knowledge and
understanding
Examine positive steps taken to ensure the
continued integrity of the system

22
Agency Response

Examine how agency ensures that information that
requires protection is properly identified and
safeguarded
Examine how agency ensures that information not
eligible for classification remains unclassified
or is promptly declassified

23
Interagency Response

Achieve complete implementation of automatic
declassification by

12-31-2006
and beyond!
24
Basics

Agency leadership must demonstrate personal
commitment
Administrative aspects are essential
Classification is more than a simple assertion
Classification authority has limits
Purging of information that no longer requires
protection is essential
Proactive oversight is crucial

25
Our Nation is at War
But, Are Our Clearance Procedures w/in NISP on a
War Footing?
26
Risk Friend or Foe?
Doctrine Tactics Training Trust
27
Risk Friend or Foe?
Transfer retired Colonel, USA
Transfer former Assistant Director of Central
Intelligence
Transfer program engineer from Boeing to Lockheed
Martin
Transfer recently discharged E-5
New SF-86
Review dossier
New investigation
lack of trust based on fear.
Reciprocity A Progress Report, PERSEREC,
Technical Report 04-2, April 2004
28
Sec. 2.4. Reciprocal Acceptance of Access
Eligibility Determinations. (a) Except when an
agency has substantial information indicating
that an employee may not satisfy the standards in
section 3.1 of this order, background investigatio
ns and eligibility determinations conducted under
this order shall be mutually and reciprocally
accepted by all agencies.
29
Has not Gets

Doesnt authorize requesting a new SF86 or other
Personal History Statement to see if substantial
information exists
Doesn't authorize retrieving and reviewing prior
or existing dossiers to see if substantial
information exists
Doesnt authorize initiating a new investigation
to see if substantial information exists

Such Actions are Readjudications and/or
Reinvestigations
30
Equally Applicable to SAPs
Sec. 2.4.(b) an employee with existing access
to a special access program shall not be denied
eligibility for access to another special access
program at the same sensitivity level as
determined personally by the agency head or
deputy agency head, or have an existing access
eligibility readjudicated, so long as the
employee has a need for access to the information
involved.
In fact, collateral world in DoD in generally
good shape
31
Same Sensitivity Level

Tied to criteria for determining eligibility for
access (Sec. 4.3. E.O. 12958 as amended)
If programs use same criteria for determining
eligibility for access, they are at the same
sensitivity level.
i.e., One program requires CI-scope polygraph and
another doesnt, not same sensitivity level
i.e., One program allows familiar relations
w/foreign nationals from country X and another
doesnt, not same sensitivity level
i.e., One program uses base line investigative
standards and adjudicative guidelines, and the
other does as well, same sensitivity level

32
Lack of Reciprocity Can Increase Risk

National-level personnel security process at risk
due to lack of sufficient capacity
Unacceptable delays in initial cases
De-facto moratorium in conduct of periodic
reinvestigations
Can undermine contractor support to war effort
Can degrade transformation efforts

33
Reciprocity

Good idea anytime Good Government
Great idea when personnel security processes
under stress Now more than ever
Frees up resources and capacity
Which greater risk
Individuals who move on to new job and go through
hiring vetting process?
Individuals stuck in same job for prolonged
period?

34
NISPPAC

Established by E.O. 12829
Membership
Director ISOO Chair
Representatives of Government agencies
Nongovernmental representatives (contractors)
Functions Advise the Chairman on all matters
concerning the policies of the National
Industrial Security Program .. and serve as a
forum to discuss policy issues in dispute

35
Goal

Have NISPPAC issue and publicize a clear
articulation of what reciprocity is (and is not)
with enough specificity and substance that
industry can hold government agencies accountable
for their actions ASAP

36
Examples of Draft Principles

Reciprocity means
No new security questionnaire
No reviewing existing BIs or security
questionnaires
No new investigative checks (e.g. credit)
Simply verify w/ existing/ loosing CSA
If not current grant immediately provided all
appropriate paperwork completed submitted
unless questionnaire reveals new info that
individual may not meet standards

37
Examples of Draft PrinciplesHighly Sensitive
Programs

SCI, SAP, Q, etc.
Same principles except
Different sensitivity level
Existing access based upon waiver or deviation or
is otherwise conditional or temporary
If programs use same criteria to determine access
same sensitivity level
If additional investigation/adjudication
necessary only additional criteria may be
pursued

38
Examples of Draft Principles