[net-gold] Secrecy News -- 08/12/11

• From: "David P. Dillard" <jwne@xxxxxxxxxx>
• To: Net-Gold -- Educator Gold <Educator-Gold@xxxxxxxxxxxxxxx>, Educator Gold <Educator-Gold@xxxxxxxxxxxxxxxx>, net-gold@xxxxxxxxxxxxx, Net-Gold <Net-Gold@xxxxxxxxxxxxxxx>, NetGold <netgold@xxxxxxxxxxxxxxx>, Net-Gold <net-gold@xxxxxxxxxxxxxxxx>, K-12ADMINLIFE <K12ADMIN@xxxxxxxxxxxxxxxxxxx>, K12AdminLIFE <K12AdminLIFE@xxxxxxxxxxxxxxx>, MediaMentor <mediamentor@xxxxxxxxxxxxxxx>, Digital Divide Diversity MLS <mls-digitaldivide@xxxxxxxxxxxxxxx>, NetGold <netgold@xxxxxxxxxxxxxxxx>, Net-Platinum <net-platinum@xxxxxxxxxxxxxxx>, Sean Grigsby <myarchives1@xxxxxxxxxxxxxxx>, Net-Gold <NetGold_general@xxxxxxxxxxxxxxxxx>, Temple Gold Discussion Group <TEMPLE-GOLD@xxxxxxxxxxxxxxxxxxx>, Temple University Net-Gold Archive <net-gold@xxxxxxxxxxxxxxxxxxx>
• Date: Fri, 12 Aug 2011 10:45:28 -0400 (EDT)

.

.

Date: Fri, 12 Aug 2011 10:17:49 -0400
From: Steven Aftergood <saftergood@xxxxxxx>
To: Steven Aftergood <saftergood@xxxxxxx>
Subject: Secrecy News -- 08/12/11

.

.

SECRECY NEWS

.

.

from the FAS Project on Government Secrecy
Volume 2011, Issue No. 78
August 12, 2011

.

.

Secrecy News Blog:

http://www.fas.org/blog/secrecy/

.

.

.


**     NAVY:  EXCESSIVE SECURITY CAN DEGRADE EFFECTIVENESS

**     INFORMATION SHARING STILL A WORK IN PROGRESS

**     EXECUTIVE ORDER RESPONDING TO WIKILEAKS DUE SHORTLY

**     TIME OUT

.

.

NAVY:  EXCESSIVE SECURITY CAN DEGRADE EFFECTIVENESS

.

.

There can be such a thing as too much security, the Navy said in a new
Instruction on "Operations Security" or OPSEC.

OPSEC refers to the control of unclassified indicators that an adversary
could use to derive "critical information" (CI) concerning military or
intelligence programs.

"Properly applied, OPSEC contributes directly to operational effectiveness
by withholding CI from an adversary, thereby forcing an adversary's
decisions to be based on information friendly forces choose to release," the
new Navy Instruction said. "Inadequate OPSEC planning or poor execution
degrades operational effectiveness by hindering the achievement of
surprise."

But even if adequately planned and executed, not all OPSEC is necessary or
useful;  sometimes it is actually counterproductive.

"Excessive OPSEC countermeasures... can degrade operational effectiveness by
interfering with the required activities such as coordination, training and
logistical support," the Instruction said.  See "Operations Security," OPNAV
Instruction 3432.1A, 4 August 2011:

        http://www.fas.org/irp/doddir/navy/opnavinst/3432_1a.pdf

Unfortunately, the Instruction does not and perhaps cannot provide criteria
for distinguishing between proper OPSEC and excessive OPSEC.  Instead, it
directs commanders and program managers to "evaluate" each operation and
draw the appropriate conclusions.  What if the program manager is
shortsighted or simply makes a mistake?  What if OPSEC is justified from a
security perspective, but also undermines government accountability or
public confidence in government integrity?  The Instruction has nothing to
say about that.

Because of the subjective element in such decisions, the use of OPSEC (like
the application of national security classification controls) is often
arbitrary and disputed.

After 30 U.S. servicemen, including 17 Navy SEALs, were killed in
Afghanistan on August 6 when their helicopter was shot down, U.S. Special
Operations Command asked that the names of the SEALs not be disclosed for
security reasons.  Secretary of Defense Leon Panetta rejected that view and
the names were released by the Pentagon yesterday.

        http://www.defense.gov/releases/release.aspx?releaseid=14728

But in a questionable nod to OPSEC, the name of the unit to which the SEALs
were attached -- the Naval Special Warfare Development Group (DEVGRU) -- was
not cited by the Pentagon, Bloomberg News reported.  Instead, the DoD press
release referred only to "an East Coast-based Naval Special Warfare unit."
Yet the Navy itself has previously acknowledged and referred by name to the
same SEAL unit.  See "Pentagon Releases Identities of SEALs Killed, Not Unit
Name" by Tony Capaccio, Bloomberg News, August 11.


INFORMATION SHARING STILL A WORK IN PROGRESS

While information sharing among government agencies has increased
dramatically over the past decade, it still falls short in some areas.

Due to "impediments to intelligence information sharing between U.S. forces
and coalition partners," information sharing with U.S. allies in Afghanistan
has faltered to the detriment of the military mission, the Inspector General
of the Department of Defense said in a mostly classified report last month.

Continuing impediments have "resulted in information not being tactically
useful by the time it is authorized for release," the Inspector General
said.  See "Results in Brief: Improvements Needed in Sharing Tactical
Intelligence with the International Security Assistance Force Afghanistan,"
excerpted from DoD Inspector General Report 11-INTEL-13, July 18, 2011:

        http://www.fas.org/irp/agency/dod/ig-tacint.pdf

The 2011 Annual Report on the DNI Information Sharing Environment said that
"steady progress has been made" in information sharing, especially with
respect to homeland security and law enforcement.

Among other things, the Report noted that the intelligence community
intranet called Intelink "recently crossed the 100 million document
threshold for records exposed to Intelink search services.... In one month
alone this year, Intelink recorded over two million searches."  Such
datapoints "highlight the ability of IC personnel to acess more information
quicker and more effectively, enabling them to better share information and
thus perform their missions," the Report said.

        http://www.fas.org/irp/agency/ise/2011report.pdf

Another recent report from the Government Accountability Office said the
Information Sharing Environment still had not identified its desired "end
state."  Six years after it was created, "there is not a clear definition of
what the ISE is intended to achieve and include."  See "Information Sharing
Environment: Better Road Map Needed to Guide Implementation and
Investments," Government Accountability Office report GAO-11-455, July 2011.

        http://www.fas.org/irp/gao/ise.pdf

It should be understood that "information sharing" is quite different from
"information disclosure," and the two practices are usually at odds.  In
fact, the prerequisite for most so-called information sharing is an official
assurance that the information to be shared will not be disclosed to
unauthorized persons such as members of the general public.


EXECUTIVE ORDER RESPONDING TO WIKILEAKS DUE SHORTLY

The Obama Administration is putting the finishing touches on a new executive
order that is intended to improve the security of classified information in
government computer networks as part of the government's response to
WikiLeaks.

The order is supposed to reduce the feasibility and the likelihood of the
sort of unauthorized releases of classified U.S. government information that
have been published by WikiLeaks in the past year.

According to an official who has reviewed recent drafts, the order addresses
gaps in policy for information systems security, including characterization
and detection of the insider threat to information security.  It does not
define new security standards, nor does it impose the security practices of
intelligence agencies on other agencies.  ("It doesn't say, 'go polygraph
everybody'," the official said.)

Rather, the order establishes new mechanisms for "governance" and continuing
development of security policies for information systems.  Among other
things, it builds upon the framework established -- but not fully
implemented -- by the 1990 National Security Directive 42, the official
said.

The order, developed on a relatively fast track over the past nine months,
has already gone through two rounds of interagency coordination and is
expected to be issued within a matter of weeks.


TIME OUT

Secrecy News will resume publication the week of August 22.

.

.

.

_______________________________________________

.

.

.

Secrecy News is written by Steven Aftergood and published by the Federation
of American Scientists.

The Secrecy News Blog is at:
     http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to
     http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@xxxxxxx

Secrecy News is archived at:
     http://www.fas.org/sgp/news/secrecy/index.html

Support the FAS Project on Government Secrecy with a donation:
     http://www.fas.org/member/donate_today.html


.

.

.

_______________________

.

.

.

Steven Aftergood
Project on Government Secrecy
Federation of American Scientists
web:    www.fas.org/sgp/index.html
email:  saftergood@xxxxxxx
voice:  (202) 454-4691
twitter: @saftergood

.

.

Other related posts:

• » [net-gold] Secrecy News -- 08/12/11 - David P. Dillard

1. Home
2. net-gold
3. Archive
4. 08-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---