FAS Intro: The following critique of classification, personnel security and related policies was prepared by Lockheed Martin Skunk Works for submission to the congressionally-mandated Commission on Protecting and Reducing Government Secrecy, chaired by Senator Daniel P. Moynihan.

Lockheed Martin Skunk Works
1011 Lockheed Way
Palmdale, CA 93599

Ms. Joan Vail
Counsel for Security Policy
[Commission on Protecting and Reducing Government Secrecy]
2201 C Street, NW
Room 225, SA-44
Washington, DC 20522-4402

Dear Ms. Vail:

Thank you for the opportunity of presenting my thoughts to your Commission on Protecting and Reducing Government Secrecy. Attached are my comments on each of the four requested areas: classification, declassification, personnel security, and information security.

For more than fifty years, the Skunk Works has worked on highly classified efforts. We are unique in the fact that ninety percent of our work is classified. This presents us with particular problems. For example, the inability to clear and/or access an individual to a contract or program means that the individual will more than likely lose his/her job.

A problem that continues to plague the Skunk Works is the vast difference in security requirements between our customers. These differences subject the Skunk Works continually to inspections by multiple customers utilizing different criteria. The new National Industrial Security Program Operating Manual is attempting to solve these problems. However, a lot must change before true savings can be achieved by the present attempts at standardization.

I believe the government needs to evaluate each contractor on its performance. I stand behind the Skunk Works record of secrecy. Our success is evident in the security attached to such programs as the F-117, U-2 and SR-71. Their very existence was unknown for years. I feel that security should be included as a criteria for fee awards on contracts. This would not only provide an incentive for efficient, cost effective security, but allow security to become a revenue producer as opposed to an expense.

We are headed in the right direction. Commissions such as yours are fostering government and industry cooperation which will result in better security at lower costs.


J.S. Gordon, President
Lockheed Martin Skunk Works

Lockheed Martin



13 September 1995

Division of Lockheed Martin Corporation
1011 Lockheed Way
Palmdale, CA 93599


As requested, we are responding to the Commission's request for information on our thoughts and comments on the impact of preserving the secrecy of sensitive projects. We concur with the Commission's efforts to make comprehensive proposals for reform designed to reduce the volume of information classified and thereby strengthen the protection of legitimately classified information. The economic environment is such that every effort must be made to assure the adequacy of protection within the constraints of a security system that is simplified, more uniform and more cost-effective.

In the ever-changing environment in which we work, a lot has evolved since the Commission was formed. The current system for classifying, safeguarding, and declassifying national security information is contained with Executive Order 12958, dated April 1995. This order prescribes all pertinent details concerning classification standards, levels, categories, and authority. This order further defines the duration of classification and declassification/ downgrading. The National Industrial Security Program Operating Manual (NISPOM) further promulgates these regulations, and flows derivative classification authority and guidance to the contractor community. In short, the Government Contracting Authority is the classification authority and issues classification guidance to the contractor in the form of classification specification and security guides. The contractor role is to classify, based on this guidance (derivative classification), and challenge what it believes to be improperly classified information. Implementation of these measures on a consistent basis will go a long ways to drive down the cost of security.


2.1 Extent of Classification/ Consequences of Overclassification

In original classification, the government has often relied on outdated perceptions concerning the value of the information, the whims of an overzealous classification official or, if all else fails, the status quo. Special access program managers have always had the power to independently set security policy within their program. This culture of secrecy often contributes to initially classifying more information than required, over- classification of information, and not downgrading or declassifying information in a timely manner. Often times this promotes empires and limits oversight. The consequence of this action directly relates to added cost affecting the bottom line of industry and inflating procurement costs to the government.

Most information is perishable. A rational government-wide standard of classification should serve as a guide for all classification decisions. It is the duty of the classification official and the program to do a uniform and realistic risk assessment that defines not only what information is classified, but how long it can be reasonably assumed to require that protection. If a declassification date cannot be established, a reasonable review date should be set up and adhered to. It is evident that any unnecessary restriction to information flow will create added cost and inefficiencies in an organization. One method of avoiding this is to address proper classification up front.

To eliminate the added cost of secrecy requires cooperation of government and industry. We need to work together to establish the realistic classification guideline and properly identify exactly what information requires protection, while at the same time keeping program goals in mind. Also, proper oversight and management of a recognized and timely declassification review process is required to eliminate unnecessary security protection and allow effective flow of information.

2.2 Personnel Security

Personnel security, the cornerstone of the security system, is only as good as the trustworthiness of the people in possession of (or responsible for) classified information.

The personnel security system has recently become easier for contractors.

The future offers a more timely and less expensive personnel security system.

2.3 Information Systems Security

More attention must, by necessity, be focused on information systems security.

More and more, special access program customers are becoming involved in how the Skunk Works protects its unclassified systems as well as its classified systems.


The past few years have seen great changes in the security programs in the United States. Foremost among these changes have been the approval of the National Industrial Security Program (NISP) and Executive Order 12958. These are significant improvements in standardizing requirements for the contractor community. As we have pointed out, they can still be improved upon. The work of the Joint Security Commission and now the forming of your Commission are another positive step forward. Even with the current strides, we are still spending too much protecting us from ourselves. We need to be more conscious of utilizing risk management instead of risk avoidance methods in determining security requirements in this era of diminishing assets.

I do believe we need to concentrate a large part of our efforts on Information and Personnel Security programs. This is money well spent. In all other areas the risk management versus risk avoidance approach must be stringently and intelligently applied. Only continuous meaningful Government/ Industry participation in defining the rules, combined with the appropriate oversight will allow us to drive down the exorbitant costs of security. We look forward to providing you with any additional information that can be of assistance.