by Robert Caruso
Director Clapper and Secretary Panetta have had enough:
To ensure greater accountability and tracking of unauthorized disclosures, Secretary Panetta is directing a new “top down” approach as well. The Undersecretary of Defense for Intelligence, in consultation with the Assistant Secretary for Public Affairs, will monitor all major, national level media reporting for unauthorized disclosures of defense department classified information.
Reuters is perturbed:
Defense Secretary Leon Panetta ordered senior Pentagon officials on Thursday to begin monitoring major U.S. news media for disclosures of classified information in an effort to stop the release of government secrets after a series of high-profile leaks.
The announcement came hours after Panetta and other senior defense officials appeared before a closed-door hearing of the House of Representatives Armed Services Committee to discuss recent disclosures of classified security information.
Marcy Wheeler ponders the futility of these initiatives — indeed, the utility:
But there does seem to be one problem with the plan to have Mike Vickers watch for any security breaches. Doesn’t he have a day job? Isn’t he supposed to be watching the Taliban and China and cyberattacks? Have we gotten so paranoid that one of our top intelligence people is going to spend his time watching journalists than watching our military enemies?
Short answer? No.
The impetus behind this latest wave of ‘reforms’ is not new. The Agency ran an Unauthorized Disclosure Analysis Center, shuttered in Fall 1991, that analyzed Non-Disclosure Materials (NDMs) and Unauthorized Disclosure Material (UADM) and mitigated the damage they caused. Reporting or assertions to the contrary are inaccurate. The Defense Security Oversight and Assessment Program isn’t revolutionary, so much as it institutionalizes throughout the Department of Defense the role Air Force Office of Special Investigations special agents already play to great effect at innumerable national-level entities.
The driving force behind these initiatives are various personalities within the Defense Intelligence Enterprise & Defense Security Enterprise, at the direction of the interagency Unauthorized Disclosure Working Group. It’s not responsible to enumerate who those personalities are, and frankly it doesn’t matter. After a series of methodical reviews, the DIE and DSE have determined existing operational security, information security, information assurance and military deception paradigms are insufficient.
In an official release, the Department of Defense furthers clarifies that one of their new initiatives will be…a retooled fusion cell:
It is the first body to bring the functions of security, counterintelligence, and information assurance together for decision-making and proponency of the security mission and for its workforce.
This is not a freedom-of-the-press-debilitating mechanism, either. It is a result of two things: one, the result of reviews conducted by interagency red cells, most notably elements of ELDER PRINCE; and two, the institutionalization of the aforementioned entities’ best practices.
Being as this is the second decade of the 21st century, a departure from the stale and unimaginative Cold War-era ‘strategies’ is long overdue. Often, it is difficult even for professionals to differentiate de facto responsibility from de jour responsibility for programs, policies, and emergent security issues. The painfully archaic information and operational security practices of the past must give way to the more applicable approaches of present-day. This is best epitomized by the responsible security paradigm, which holds that most information traditionally considered classified can be declassified at the discretion of the cognizant authority in favor of focusing on the protection of operational-level planning, structures, communications and — most importantly — personnel.
It is not enough to articulate a desire to curb the flow of information to the press or unauthorized individuals; indeed, aside from the obvious futility of such endeavors, such statements stand in stark contrast to the democratic principles of this nation. The answer, then, becomes not one of preemption — a nonsensical proposition if there ever was one — but of mitigation.
Every solitary United States Government employee entrusted with classified information signs a -312 (pronounced thirty-one two). When bestowed with controlled access to special access required or alternative compensatory control measures compartments and silos, additional signatures are required. Every United States Government employee is more than cognizant of their responsibilities.
It is the responsibility of the security managers, special security representatives and special security officers to mitigate the release of classified information. To mitigate unauthorized disclosures, one must be proactive. To be proactive, one must constantly assess the environment. To properly assess the environment, one must constantly aggregate new and more devious practices to do so without running afoul of legal restrictions or policy directives. Therefore, to innovate, one must embody an adversarial mindset, because that is precisely the mentality of the adversary — or insider threat — you seek to foil.
This is a consummate example of what happens when an individual selfishly abdicates their responsibility to do all of those steps in concert.
It takes a wolf to catch a wolf. A failure to adapt to the operational reality ultimately results in mission failure — not achievement. At present, the vast majority of the counterintelligence, military deception, information and operational security communities are populated by sheep — or worse, self-styled sheepdogs.
The press is not the enemy. Those entrusted with the safeguarding of classified information — and the mitigation of its inadvertent or unauthorized release — must understand the media cycle, its political dynamics, and the individuals who drive it. To be ignorant of the same is to abdicate the responsibilities and trust placed in them by the taxpayer and their cognizant authority. Clamping down and terrorizing the media is not the answer. Mitigation is the answer. The question, of course, is how the Department of Defense and the broader interagency intelligence community should go about it.
The status quo is unacceptable.
Assess, aggregate, adapt, achieve. It’s a simple concept — but is it too difficult to understand? That remains to be seen.