Connect with us

Hi, what are you looking for?


Management & Strategy

How U.S Intelligence Agencies Manage and Classify Information

Arial View of NSA Building

What do the Intelligence Community and Classified Information Mean to Us?

Arial View of NSA Building

What do the Intelligence Community and Classified Information Mean to Us?

The U.S. Intelligence Community has been in the news for years. Everything from Prism, to Snowden, to backdoors in RSA encryption, and more. The standard story is that the agency is violating our civil rights and personal privacy. On top of that, people are hiding behind classified information – at least that’s the picture we keep getting. But do people really understand what the U.S. Intelligence Community (IC) does and what classified information is?

The US Intelligence Community

The U.S. Intelligence Community is headed by the Director of National Intelligence (DNI), and is comprised of the Office of the Director of National Intelligence (ODNI) along with 16 intelligence groups within the United States. I worked in the IC for about 10 years, and at one time or another dealt with over half of these departments and agencies.

Air Force Intelligence

Army Intelligence

Central Intelligence Agency

Advertisement. Scroll to continue reading.

Coast Guard Intelligence

Defense Intelligence Agency

Department of Energy

Department of Homeland Security

Department of State

Department of the Treasury

Drug Enforcement Administration

Federal Bureau of Investigation

Marine Corps Intelligence

National Geospatial-Intelligence Agency

National Reconnaissance Office

National Security Agency

Navy Intelligence

Each of these agencies and departments has their own mission, and operates mostly independently from the others. According to the DNI’s website.

“The IC is a federation of executive branch agencies and organizations that work separately and together to conduct intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.”

Some of these organizations fall within the Department of Defense, and some report to cabinet-level authorities, but they all answer to Congress and to the president. It is the job of the president to work with his advisors and Congress to set United States policy. It is not the role of any of these agencies to set policy, and it is certainly not the role of any individual within any of these agencies to set policy, or decide that the president, Congressional oversight committees, and presidential advisors are all wrong and redefine U.S. policy to meet their own goals or ideology.

It is the role of the members of the IC to support that federally defined and recognized policy while performing their duties. Yes, IC members do consume some intelligence information, but the main purpose of the intelligence information that they gather is to use that information to provide the best available intelligence to the Executive Branch. To use a simplified definition, their role in the IC is to coordinate and communicate information relating to the collection, production and dissemination of intelligence for the Executive Branch of the U.S. government. ODNI states its mission, in part, as “Lead Intelligence Integration.”  The IC’s stated goals revolve around coordinating and conducting operations to protect the national security of the United States.

The IC focuses on information about a variety of threats: proliferation of nuclear weapons, chemical and biological warfare, and narcotics trafficking, including money laundering. It includes threats to the information infrastructure – specifically calling out hacktivism. The members of the IC also conduct counterintelligence activities – those activities designed to foil attempts by foreign powers or individuals to steal information from the United States or its allies – the whole “spy vs. spy” thing. And, the IC focuses on attempts by trusted sources within the U.S. to divulge classified information.

It also includes actions to identify physical threats against the U.S. and its interests, such as terrorism. Historically, we never hear about some of these activities. Or we only hear about them when they fail like on 9/11 or the Benghazi embassy attack. But, by most accounts, U.S. intelligence sources have thwarted about 60 terrorist attacks that the IC is willing to talk about. And we can be sure that if they are talking about 60, there are many more than that which they are not talking about.

Why don’t they talk about them?

 1. Sometimes, probably, because the incident would scare the bejeezus out of people. Would the public really want to know if “the good guys” acted just in time to stop a terrorist group from blowing up a dirty bomb in the Hudson River? Do you think it might cause some panic to know that we were close? Do you think it might tell the terrorists something if they knew exactly how close they came, so that next time they changed their plans?

 2. Sometimes the authorities don’t really know what they stopped. A perpetrator might be arrested for selling drugs, and it goes down as a “drug bust.” And since he was in jail, he was unable to buy the anthrax spores he would have spread in LAX, so the attack never happened. Who would know?

 3. And sometimes because admitting they knew about an attack could reveal information about how they obtained that knowledge. In the IC world it’s called “sources and methods.” It is important to protect the secretive means by which you obtain information so that you don’t lose that source in the future – don’t burn the source. And sometimes those sources mean “people,” and revealing the “people” can get them disappeared, or worse.

That is “Classified”

Top Secret informationWhich brings up a related point of confusion for many people I talk with. This “secretive” information with which the IC deals so closely; material that is meant to be kept protected, and not divulged to the general public, is considered “classified.” But, there is no such classification as “Classified” (or “Ultra” or “above Top Secret” for that matter either). Valid classifications are:

1. Top Secret: “…unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security.” Among other things, exposure of this information includes results like armed hostilities against the U.S. or compromise of national defense plans or sensitive intelligence operations (which could lead to loss of life), or compromise of cryptography or communications (which could mean that we could not communicate securely).

2. Secret: “…unauthorized disclosure could reasonably be expected to cause serious damage to the national security.” Among other things, exposure of this information includes results like disruption of foreign relations that impairs national security, details of significant military plans or intelligence operations, or of scientific or technical developments.

3. Confidential: “…unauthorized disclosure could reasonably be expected to cause damage to the national security.” Confidential information is often described as similar to Secret, but with less severe outcomes in the event of exposure.

Formal guidance is to always classify something at the lowest appropriate clearance level. At least in the agency I worked that was followed very closely. Every time I classified something I also had to document why something was classified at the level I was claiming. You don’t just get to make arbitrary decisions.

As well as the formal classifications, information can be “code word” or Special Compartmented Information (SCI) or Special Access Programs (SAP). But Secret SCI or Secret SAP information is still “Secret” because of its relative value and potential damage. The SCI or SAP just means a subset of people with secret clearance can see it. The code words are simply related to “need to know.”

So in a nutshell, information is classified because it has value to the United States, and because release of that information can cause damage to the United States. Anyone who has access to that information has been briefed on what that damage means.

Actually everyone who is provided a security clearance signs a form acknowledging their understanding of what they are being provided. This includes clauses in which the signer acknowledges:

1. That they understand what the classification means.

2. That they promise to protect any and all classified information, and not divulge it to anyone who does not have proper clearance and the need to know.

3. That this acknowledgement continues even after they leave this position or lose access to the information, even if they move on to another job at another company or organization.

4. That improperly divulging this information is a crime under title 18, United States Code and others.

You might notice that nowhere in that list does it include the personal right to reclassify and declassify any information that you decide you want to for whatever reason you decide is justified. There is a formal process to declassify information, and that process does not involve sending documents to the press.

Bottom Line

The United States Intelligence Community has the huge task of sifting through the literal and figurative tons of available information, figuring out which scrap or two of that information is important (or going to be important at some time in the future), putting that information in a consumable form (so that readers can understand it, and the impact it can have in context), and delivering that intelligence to the right people in a timely and meaningful manner.

When I put it that way it sounds simple, right?

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.