Best listening experience is on Chrome, Firefox or Safari. Subscribe to Ask the CIO’s audio interviews on Apple Podcasts or PodcastOne.
The Information Security Oversight Office’s latest annual report to the president is like none that have become before. ISOO, which resides in the National Archives and Records Administration, is telling the White House how to fix the classification and declassification processes across government instead of just explaining the problem.
Mark Bradley, the director of the Information Security Oversight Office, said the security classification system needs a healthy dose of IT modernization.
“We are at a pivot point in this system. By that I mean, we are still very much in a paper-based world and we are moving more toward a digital world, and I worry about the systems being able to keep up with that kind of pivot,” Bradley said in an interview with Federal News Radio. “I believe for too long the classification and declassification systems have been on auto-pilot. It doesn’t mean we don’t have many good people working in this area and many people whose hearts are in the right place, but it’s beginning to fall behind. That’s a worry not only from an intelligence and counter-intelligence perspective, but also from a democracy standpoint.”
Bradley, a former Justice Department lawyer, CIA officer and legislative director for former Sen. Daniel Patrick Moynihan (D-N.Y.), said the need to modernize the classification and declassification processes also is part of creating more trust in government.
“Too much classification impedes the proper sharing of information necessary to respond to security threats, while too little declassification undermines the trust of the American people in their government,” the report states. “Reforms will require adopting strategies that increase the precision and decrease the permissiveness of security classification decisions, improve the efficiency and effectiveness of declassification programs, and use modern technology in security classification programs across the government.”
Personnel, security remain highest expenses
ISOO estimated the cost to maintain the current systems continue to rise to more than $18.3 billion on security classification, while private companies spent another $1.5 billion to work with agencies under the National Industrial Security Program, according to the Defense Security Service.
“Personnel security; physical security; protection and maintenance for classified systems; and security management, oversight, and planning remained the categories of greatest expense for government, totaling in the billions of dollars in each of the four functions,” the report states.
But Bradley said the amount agencies spend is not well understood, especially by those who rely more on paper and manual processes.
“One of the issues an agency will tell you, there is no separate line item for something like declassification. It comes out of the main budget,” he said. “It’s this change in culture that we need to do. Agencies have to buy in to the fact that this actually is part of their mission too. By that, I mean, it’s not good to have the American people lose confidence in what you are doing or not to trust you.”
He said ISOO is trying to get deeper into the costs by figuring out where agencies are in their modernization efforts.
ISOO found that declassification remained a resource-intensive, paper-based review process, leaving agencies unable to meet the demands imposed by the large volume of paper records in need of review. Meanwhile, agencies also struggled to meet the demands of electronic records review.
Bradley said ISOO plans to start meeting with agency CFOs to analyze spending data.
“It’s interesting [the data] has stayed fairly consistent over the years yet the information is growing, how can that be?” he said. “There are simple questions we can ask, but we need to drill down deeper. If we are asking for more money for this, we need to have a more accurate cost to be able to point to.”
To address the cost and technology modernization needs, ISOO said the Office of Management and Budget must demand more transparency from agencies through budget request documents and lead an effort to create a technology strategy.
“We have a huge legacy problem in the federal government. Our systems are circa 1990s or maybe, if you really want to stretch it, early 2000s, but it’s not keeping pace with what’s going on,” Bradley said. “After 9/11 one of the things that happened, we’ve had a deluge of information, especially classified information. We have the Homeland Security Department, the Office of the Director of National Intelligence and other new entities that have been created and we don’t have the systems to be able to accommodate it.”
Bradley said the report provides evidence around the “woeful” rates of declassification because it’s still mostly a manual process. He said the technology modernization effort must take advantage of the emerging technology like robotics process automation, cloud computing and machine learning.
“The way it works now is if you have a document and agencies have equities in it, each agency has to see it. If we could somehow load up the declassification guides from each agency and let machines do it, it would be a lot quicker, a lot more efficient and a lot cheaper,” Bradley said.
He said the ultimate goal of the report is highlight that fact the government is at this pivot or inflection point to the level of the White House and National Security Council to garner the attention it deserves after more than a decade of struggles.
“What we wanted to do with this report is raise this issue. No one else, as far as we could tell, is looking at it. So we see this as a governmentwide problem,” Bradley said. “I, especially, worry about what I call the ‘haves and have nots.’ There are some agencies that are wealth as compared to others and they are light years ahead of others and are moving on. For instance, if agency X is moving to the cloud and agency Y is still using paper, we have a problem because we need to be able to share information to be able to protect this country. The question is how can we do that in the most efficient way?”
Bradley said ISOO is waiting for the White House, the NSC and other agencies respond to the report with next steps.
“I want us to begin to seriously reexamine our own practices. By that I mean we too, like the rest of the intelligence community and the federal government, have to make sure we are doing the right things by collecting information that is useful, makes sense and that is not a huge burden on the agencies,” he said. “We will be doing a lot of reassessing in here. I expect the report next year to be a bit slimmer because we plan to target some precise things to collect on.”