U.S. Security Policy Board
Action Plan
Regarding the Recommendations of
The Secrecy Commission
Contained herein are the individual recommendations included in the Report of the Commission on Protecting and Reducing Government Secrecy (Secrecy Commission). Also entered below each recommendation is the proposed action by various elements within the Security Policy Board (SPB) structure. To facilitate the government response to the individual recommendations, it is suggested that small groups be assembled within each action element to develop the initial working draft. Each recommendation and the contemplated action should receive priority attention.
Recommendation # 1:
The Commission recommends enactment of a statute establishing the principles on which Federal classification and declassification programs are to be based. (p. 13)
Action element(s): Information Security Oversight Office (ISOO) and the Classification Management Committee (CMC)
Rationale: Federal classification and declassification policy and programs are the primary responsibility of the ISOO, but also fall under the purview of the ten deputy secretaries that comprise the SPB per PDD-29. Accordingly, the most equitable and efficient manner to assess the recommendation to develop and enact a statute is to employ the CMC which falls under the SPB, benefits from the expertise of those agencies and departments that would be required to enact such a statute, and the chairman of the CMC is the Director, ISOO.
Recommendation #2:
The Commission recommends that the Security Policy Board (SPB) implement, within one year, the Joint Security Commission recommendation on establishing a single set of security standards for special access programs (SAPs). The SPB, in conjunction with the Department of Defense, should examine whether the National Industrial Security Program Operating Manual Supplement should continue to allow individual SAP program managers to select the security measures for their program rather than conform to a single standard. Industrial contractors should be included in this review and in the development of a single set of standards.
Action Element: Policy Integration Committee
Rationale: A small working group currently being developed under the PIC which will be made up of the critical SAP participants would seem prudent in this arena. Representatives from DOD, Energy, CMS, State and SPBS are suggested with industry participating as a permanent observer. The timing for this recommendation is particularly good as all the baseline requirements essential to the debate have been developed underthe SPB.
Recommendation #3:
The Commission recommends that agencies take several steps to enhance the proficiency of classifiers and improve theiraccountability by requiring additional information on the rationale for classification, by improving classification guidance, and by strengthening training and evaluation programs.
Elements of this approach should include:
- original classifiers shall provide a detailed
justification for each original classification
decision;
- Derivative classifiers shall be required to
identify themselves on the documents they
classify;
- Classification guides shall be better developed,
more definitive, and updated regularly, and
industry shall participate in the preparation of
guides affecting industrial programs;
- Training shall be expanded to include derivative
classifiers and shall conform to minimum Executive
Branch standards, and
- Proper classification of information shall be
included as a critical element in the performance
evaluations of all employees authorized to
classify. (p. 34)
Action element : ISOO, CMC, Office of Personnel Management (OPM) and the Training and Professional Development Committee (TPDC)
Rationale: ISOO and the CMC have primary responsibility for matters pertaining to classification decisions. The responsibility for communication and training relative to the implementation of systematic classification change falls within the purview of the TPDC. Proper classification of information as an element of performance should be addressed by OPM.
Recommendation #4:
The Commission recommends that classification decisions, including the establishment of special access programs, no longer be based solely on damage to the national security. Additional factors, such as the cost of protection, vulnerability, threat, risk, value of the information, and public benefit from release, could also be considered when making,classification decisions. (p. 38)
Action Element: ISOO and CMC for establishment of baselines. Policy Integration Committee(PIC) for SAPs.
Rationale: This recommendation represents a lofty and worthwhile goal. It further requires a thorough grasp and application of risk management.
Recommendation #5:
The Commission recommends that responsibility for
classification and declassification policy development
and
oversight be assigned to a single Executive Branch body,
designated by the President and independent of the agencies
that classify. This entity should have sufficient resources
and be empowered to carry out oversight of agency practices
and to develop policy. Based on its oversight findings,
this body would then make recommendations for policy and
implementation of classification and declassification issues
directly to the National Security Council. The Security
Policy Board would have an opportunity to comment on these
policy recommendations through the NSC process. (p. 44)
Action Element: PIC in coordination with the CMC will take the lead in formulating the SPB position.
Rationale: Item D of the charter of the PIC specifically tasks them with deliberations relative to openness of policy, The CMC is specifically chartered to "coordinate, formulate and evaluate classification and declassification management policy."
Recommendation #6:
The Commission recommends the creation by statute of a central office - a National Declassification Center - at an existing Federal agency such as the National Archives and Records Administration to coordinate national declassification policy and activities. This Center would have the responsibility, authority, and funds sufficient to coordinate, oversee, and implement government declassification activities.The Center would monitor agency declassification programs and provide annual reports on their status to the Congress and the President. (p. 68)
Action Element: PIC in coordination with the CMC is to formulate the draft SPB position.
Rationale: See recommendation #5.
Recommendation #7:
The Commission recommends that the use of sources and methods as a basis for the continuing classification of intelligence information be clarified through issuance of an Intelligence Community directive by the Director of Central Intelligence, explaining the appropriate scope of that protection. (p. 70)
Action Element: Community Management Staff in coordination with PIC .
Rationale: The Community Management Staff is specifically tasked with the responsibility of formulating DCIDs.
Recommendation #8:
The Commission recommends that agencies better structure their records management and systematic declassificaton programs to maximize access to records that are likely to be the subject of significant public interest .
Elements of this proposal should include :
- Complying with the dates or events for
declassification, including, through the use of new<
technologies;
- Consolidating, and regularly updating
declassification guidance that in easily accessible
to those authorized to declassify within the
agency;
- Prioritizing declassification according to entire
record groups selected through active consultation
with the public and outside scholars.
- regularly informing the public of systematic
review results;
- Requiring all offices with any declassification-related activities co demonstrate that they are
operating in partnership with others in the agency
involved in related activities; and
- Establishing ombudsman offices in each agency that has original classification authority or engages in declassifying records: these offices would intervene in and resolve classification and >
declassification issues upon request, act as a
conduit for public concerns about access to records, and, where appropriate, refer issues to the agency's Inspector General. (p. 71 )
Action Element: The National Archives and Records
Administration
Rationale: NARA has primary responsibility for records maintenance and storage and consequently would appear to be the best repository for this endeavor. We are currently mandated by executive order to reduce classified by 15% per year and prioritization within that effort is a substantial issue. The Forum Cochairs will formally offer the assistance ofthe SPB in this endeavor.
Recommendation #9:
The Commission recommends five guiding principles as the essential elements of an effective personnel security system. Most already are part of the current system (under Executive Order 12968), but too often they are not actually practiced throughout the Federal Government. The Commission recommends that these standards be incorporated into a new statute orregulation that would supersede Executive Order 10450.
The five guiding principles are:
- Openness and clarity of standards;
- Balanced, "whole-person" standards,
- Reciprocity for classified access;
- Nondiscrimination principles; and
- Assurances of due process. (P. 80)
Action Element: The Personnel Security Committee (PSC)
Rationale: PSC has been applying these principles throughout its efforts for the last several years. As the unifying factor in the development and oversight of personnel security policy, that committee is best suited to this task.
Recommendation #10:
The Commission recommends that individuals in both Government and industry holding valid clearances be able to move from one agency or special program to another without further investigation or adjudication. The single exception to this true reciprocity of security clearances shall be that agencies may continue to require the polygraph before granting access. (p.82)
Action Element: The
PSC
Rationale: The PSC has been a prime mover in the striving for clearance reciprocity and is the logical body for continuing this move forward.
Recommendation #11:
The Commission recommends that current requirements for neighborhood interviews and for interviewing educational references in every investigation be eliminated. (p. 86)
Action Element: The
PSC
Rationale: The PSC, via its Research Working Group, has recently reviewed all the current studies pertaining to this issue. It has convened the entire community to deliberate on the matter and is uniquely placed to render an intelligent response in this matter.
Recommendation #12:
The Commission recommends that greater balance be achieved between the initial clearance process and programs for continuing evaluation of cleared employees. (p. 87)
Action Element: The Personnel Security
Committee
Rationale: The effectiveness of initial clearance processing vis a vis the reinvestigation effort is an issue requiring constant evaluation and reevaluation. The PSC has a wealth of expertise in this area and is the logical focal point for such examination.
Recommendation #13:
The Commission recommends that both the Congress and the Executive Branch reevaluate the requirement to utilize a new financial disclosure form and consider staying its implementation until there is further evaluation concerning how it would be used and whether its benefits exceed its costs. The Congress and the Executive Branch should review alternative approaches to improving data collection including utilization of the expanded access to certain financial and travel records provided for under Executive Order 12968. (p. 89)
Action Element: The
PSC
Rationale: The PSC is currently working this issue.
Recommendation #14:
The Commission recommends that: (1) the director of scientific research at the Department of Defense Polygraph Institute establish a committee that includes cleared, outside scientific experts to develop a coherent research agenda on the polygraph, initiate and participate in a small grant program to stimulate independent research outside the Government, and review and comment on scientific progress and the quality of government-sponsored research in this field; and (2) independent, objective, and peer-reviewed scientific research be encouraged as the best means to assess the credibility of the polygraph as a personnel security tool and identify potential technological advances that could make the polygraph more effective in the future. (p. 91)
Action Element: The PSC
Rationale:The PSC has maintained an active Polygraph Sub-Group which is composed largely of program directors and is now in the process of constructing a polygraph policy document. That document deals, in part, with the research effort and the sub-group has direct ties with the Department of Defense Polygraph Institute. DODPI has been designated the responsible entity for all polygraph research throughout the federal government.
Recommendation #15:
The Commission recommends revising the Computer Security Act of 1987 to reflect the realities of information systems security in the Information Age.
Some of
the changes to the Act might include:
- Moving the Computer Systems Laboratory from the National Institute of Standards and Technology to a higher visibility position within the Commerce Department, thereby increasing the likelihood of funding and personnel to support the civilian side of Government;
- Directing agencies to set aside specific funds, perhaps as a budget line item, for information systems security training; and
- Requiring the Office of Personnel Management to create a career path for information systems security professionals that includes network administration and computer crime investigation.
(p 104)
Action Element: The President's Commission on Critical Infrastructure
Rationale: The Security Policy Board has attempted to address this issue on several occasions but to no avail. It is the observation of the SPB that the current stakeholders in this issue can not and will not work together to address these issues. As a direct result of this gridlock, the President's Commission on Critical Infrastructure was organized to address core values and assets common to both the private and governmental sectors. The Commission is positioned to address macro problems and offer macro solutions to this recommendationand many other factors associated with Information Assurance.
Recommendation #16:
The Commission recommends developing an information systems security career path across the Government. (p. 111)
Action Element: Office Of Personnel
Management
Rationale: The development of any government-wide career path necessitates a consistency of standards and application which can best be accomplished by the agency specifically tasked with such personnel matters.