Instead of his usual instructional posts on weaponry, today ADAM FIRESTONE lifts up the curtain on the shadowy world of secrets and classified information. (This post was originally published in March 2014.)
If you’ve read this column with any regularity, you’re probably aware that I’m a little “funny” when it comes to technical and procedural accuracy in fiction. There are few mechanisms by which an author can lose a reader’s respect and interest more rapidly than the use of blatantly erroneous information about, well, the way things WORK. If we were to survey all the subjects where this hard left into negative perception happens, few would show up more frequently than in discussions of classified information and security clearances. In this month’s piece, we’ll take a look at how things are classified, what classification means and how the concept of “clearance” flows from information classification. To bound the problem, we’ll look at the classification and clearance issue through the lens of those mechanisms used by the United States Department of Defense (DoD). However, it is important to recognize that other US government agencies (e.g., the Intelligence Community, the Department of Justice, the Department of Energy, etc.) maintain their own classification and clearance mechanisms.
Principle 1: The Only Thing That Can be Classified is INFORMATION
Information is the only commodity that can be classified. This can be almost any kind of information from descriptive data (e.g., “My laptop sleeve is black.”) to information about intentions and plans (e.g., “I’m going to go out for Ethiopian food at 7:00.”) to information about the “fact of” an occurrence or state (e.g., “Jack and Katie are secretly dating.”).
With respect to national security issues, however, information is classified based on the level of damage that can be caused by its unauthorized disclosure. The safeguarding requirements implicit to a particular level of classification are often augmented by organizational security policies and procedures.
There are three levels of classification for national security information, each of which is described below:
CONFIDENTIAL – the lowest level of classification applied to information, the unauthorized disclosure of which reasonably could be expected to cause identifiable damage to national security.
SECRET – intermediate level of classification applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to national security.
TOP SECRET – highest level of classification applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to national security. Information systems are classified at the same level as the highest classification of data managed regardless of the overall composition of the data in question. Thus, a system storing, processing or transmitting Top Secret data will receive a Top Secret classification regardless of whether most of the data managed is classified at the Secret or Confidential levels. A single datum is enough to determine a system’s overall classification.
Principle 2: Accesses and Compartments are NOT Classification Levels
Within the overall rubric of classified information is Sensitive Compartmented Information (SCI). SCI is not a classification level per se, but rather an access control mechanism for a particular subset of information that is classified at a given level. Despite this, SCI is usually treated as a subset of classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence (DNI).
Let’s reiterate a key point: SCI is NOT a classification. Instead, it refers to an information set of any given classification level, access to which requires special eligibility, need-to-know and explicit permission. The confusion arises because, while a particular SCI not a classification, the technical safeguards between SCI compartments and sub-compartments are similar to those between different classification levels.
While not contemplated within the scope of Executive Order 13526 (the document which outlines the handling and classification of national security information in the United States), organizational policies exert influence comparable to formal classifications and compartments with respect to the safeguarding and sharing of information. It is within the scope of an agency’s purview to set policies and procedures for sharing information in general and classified information in particular. For example, the Navy may choose to share certain information assets with the Army only within given time frames. Alternately, a member of the intelligence community may choose to share information only with systems that have certain IP addresses. Compliance with such organizational information sharing rules is a necessary component of any classified information management mechanism.
Principle 3: Classified Information CAN be Shared, but Only in a Very Careful Manner
“Unauthorized disclosure” is a technical term of art that refers to any improper transfer of classified information to a human or mechanical recipient. This includes the transfer of information from a more highly classified system to either an unclassified system or one classified at a lower level or from one compartment/sub-compartment to another. Moreover, the term applies regardless of the actual classification of the information transferred.
For example, unless specific authorization is received from either the owners of, the Defense Security Service (DSS) Office of the Designated Approval Authority (ODAA) or the system accrediting authority for a specific piece of information, the transfer of a file classified at the Secret level residing on a system classified at the Top Secret level to a system classified at the Secret level results in an unauthorized disclosure, even though there is no practical impact.
To guard against both malicious (i.e., deliberate) and inadvertent unauthorized disclosure, organizations that handle classified information maintain separate, redundant computer networks. As a result, an organization that routinely manages Top Secret/Sensitive Compartmented Information (SCI) may find itself running three (or more) parallel and unconnected networks: One at the Top Secret/SCI level, one at the collateral Top Secret or Secret level and one at the unclassified level. Also, organizations may stand up additional parallel networks to manage organizational information sharing concerns.
Information transfer between networks (of varying classification levels), when permitted, is typically handled via a process known as “Trusted Downloading.” There are a number of mechanisms by which Trusted Downloading can be implemented, including:
- A High Assurance Guard (HAG) can be used to provide a controlled, automated interface between different security domains (e.g., unclassified to Secret).
- A manual process (usually featuring two person integrity, or TPI) by which a man-in-the-loop can write selected information stored on the more highly classified system to media, physically transport the media to the less highly classified system, and move the selected information from the media to the less highly classified system.
- Booting the systems in question to an equivalent protection level and transferring the information between the two directly (with approval and supervision).
Trusted downloading is essential in many operational circumstances, especially when highly classified exploited intelligence information is provided to tactical users whose information environment is generally classified at a lower level. For example, the original version of overhead imagery provided to an infantry platoon may contain metadata about the sources and methods used to obtain the raw intelligence. This metadata, classified at the Top Secret/SCI level results in the overall image being classified at the same level. In order to provide the imagery to the infantry platoon, a version of the image that is stripped of all information classified at levels higher than Secret must be produced. (A single document, image or record may contain information classified at different levels; the overall classification of the document is that of the most highly classified constituent information.) This version is then moved to a machine classified at the Secret level using trusted downloading procedures and forwarded to the infantry platoon.
Similar practices impact intelligence organizations nominally operating at the same classification level. For example, one organization may specialize in deriving intelligence from space-based imagery platforms, another from intercepted communications signals and a third from information gained from human sources. While all of this information is ostensibly classified at the Top Secret level, it is separated into different compartments, most often to protect sources and methods. In order to provide the information derived from the intelligence from one compartment to analysts working within another compartment, a version sanitized with respect to the compartmentalizing data or metadata must be generated. This results in an information set that is either effectively decompartmented or compartmented such that it can be used by the receiving analysts.
Principle 4: What’s in a Security Clearance?
So far, the only thing we’ve discussed is how information is classified. The other part of the puzzle is how the access individuals have to classified information is controlled. The mechanism used, the “security clearance” has three components: Eligibility, access and need-to-know.
People who occupationally require access to classified information undergo a voluntary background investigation. (In fact, most of the information used in the investigation is provided by the subject.) This investigation is designed to determine if there is anything in the person’s history that would adversely impact an ability to safeguard information that might have an impact on national security. Upon conclusion of the investigation and a positive adjudication of the material disclosed and/or discovered, the individual is categorized as eligible for access to information classified at given level. It’s important to note that eligibility does not mean the same this as access.
Access to classified information is granted only after an eligible individual enters into employment where she is required to handle classified information. Put another way: Just because your protagonist has been found eligible to have access to information at the Top Secret level doesn’t mean she can walk into a government or contractor office and enter restricted spaces where classified information is handled.
The final component to the clearance puzzle is “need-to-know.” Under need-to-know restrictions, even if a person has all the necessary official approvals to access certain information, she would not be given access to such information unless access to the information is necessary for the conduct of her official duties.
This is best illustrated with an example. Let’s say that Jack and Katie have both had positively adjudicated background investigations for access to information classified up to the Top Secret level. They work in the same office on the same program, and therefore have access to Top Secret information. However, Katie handles information stemming from signals intelligence sources while Jack handles information derived from overhead imagery. In this case, Jack, while requiring information pertinent to the imagery would not be permitted access to information about the signals intelligence that Katie handles.
Conclusion You’re now well equipped to control information and clear the characters in your stories. However, there’s a lot more to classification and access management than would fit into the scope of this column. Let’s just leave it at this: The next time you write about Confidential Top Secret information or have a character with eligibility but no need to know waltzing into an office and flipping through a classified file, bad things – doubleplus ungood things – are going to happen. What sorts of things? Well, I’d tell you, but then I’d have to . . . Happy writing!
*** Does this answer your questions about security clearances and confidential information? Ask Adam in the comments below if you need more information.
On Monday, Andrew Jericho joins us!
Bio: Adam Firestone brings more than 25 years of experience with weapon systems including small arms, artillery, armor, area denial systems and precision guided munitions to Romance University. Additionally, Adam is an accomplished small arms instructor, editor, literary consultant and co-author of a recently published work on the production of rifles in the United States for Allied forces during the First World War. Adam has been providing general and technical editing services to authors and publishing houses specializing in firearms books since the early 2000s. Additionally, Adam provides literary consulting services to fiction authors including action scene choreography, technical vetting and technical editing. In this line of experience, Adam has had the fortune to work with well known authors including Shannon McKenna and Elizabeth Jennings. Check out Adam’s blog here: http://adamfirestoneconsultant.blogspot.com/
- Adam Firestone: I’m Sorry Ma’am, That’s Classified: Security Clearances and Classified Information Basics for Writers
- Adam Firestone: Information System Security and Identity Management Concepts for Writers
- Weekly Lecture Schedule March 24th to March 28th
- The Things That Keep Me Up at Night, or How to Kill a Million People with a Keystroke by Adam Firestone
- STUXNET: ANATOMY OF A CYBER WEAPON by Adam Firestone