Security Experts:

How U.S Intelligence Agencies Manage and Classify Information

Arial View of NSA Building

What do the Intelligence Community and Classified Information Mean to Us?

The U.S. Intelligence Community has been in the news for years. Everything from Prism, to Snowden, to backdoors in RSA encryption, and more. The standard story is that the agency is violating our civil rights and personal privacy. On top of that, people are hiding behind classified information – at least that’s the picture we keep getting. But do people really understand what the U.S. Intelligence Community (IC) does and what classified information is?

The US Intelligence Community

The U.S. Intelligence Community is headed by the Director of National Intelligence (DNI), and is comprised of the Office of the Director of National Intelligence (ODNI) along with 16 intelligence groups within the United States. I worked in the IC for about 10 years, and at one time or another dealt with over half of these departments and agencies.

Each of these agencies and departments has their own mission, and operates mostly independently from the others. According to the DNI’s website.

“The IC is a federation of executive branch agencies and organizations that work separately and together to conduct intelligence activities necessary for the conduct of foreign relations and the protection of the national security of the United States.”

Some of these organizations fall within the Department of Defense, and some report to cabinet-level authorities, but they all answer to Congress and to the president. It is the job of the president to work with his advisors and Congress to set United States policy. It is not the role of any of these agencies to set policy, and it is certainly not the role of any individual within any of these agencies to set policy, or decide that the president, Congressional oversight committees, and presidential advisors are all wrong and redefine U.S. policy to meet their own goals or ideology.

It is the role of the members of the IC to support that federally defined and recognized policy while performing their duties. Yes, IC members do consume some intelligence information, but the main purpose of the intelligence information that they gather is to use that information to provide the best available intelligence to the Executive Branch. To use a simplified definition, their role in the IC is to coordinate and communicate information relating to the collection, production and dissemination of intelligence for the Executive Branch of the U.S. government. ODNI states its mission, in part, as “Lead Intelligence Integration.”  The IC’s stated goals revolve around coordinating and conducting operations to protect the national security of the United States.

The IC focuses on information about a variety of threats: proliferation of nuclear weapons, chemical and biological warfare, and narcotics trafficking, including money laundering. It includes threats to the information infrastructure – specifically calling out hacktivism. The members of the IC also conduct counterintelligence activities – those activities designed to foil attempts by foreign powers or individuals to steal information from the United States or its allies – the whole “spy vs. spy” thing. And, the IC focuses on attempts by trusted sources within the U.S. to divulge classified information.

It also includes actions to identify physical threats against the U.S. and its interests, such as terrorism. Historically, we never hear about some of these activities. Or we only hear about them when they fail like on 9/11 or the Benghazi embassy attack. But, by most accounts, U.S. intelligence sources have thwarted about 60 terrorist attacks that the IC is willing to talk about. And we can be sure that if they are talking about 60, there are many more than that which they are not talking about.

Why don’t they talk about them?

 1. Sometimes, probably, because the incident would scare the bejeezus out of people. Would the public really want to know if “the good guys” acted just in time to stop a terrorist group from blowing up a dirty bomb in the Hudson River? Do you think it might cause some panic to know that we were close? Do you think it might tell the terrorists something if they knew exactly how close they came, so that next time they changed their plans?

 2. Sometimes the authorities don’t really know what they stopped. A perpetrator might be arrested for selling drugs, and it goes down as a “drug bust.” And since he was in jail, he was unable to buy the anthrax spores he would have spread in LAX, so the attack never happened. Who would know?

 3. And sometimes because admitting they knew about an attack could reveal information about how they obtained that knowledge. In the IC world it’s called “sources and methods.” It is important to protect the secretive means by which you obtain information so that you don’t lose that source in the future – don’t burn the source. And sometimes those sources mean “people,” and revealing the “people” can get them disappeared, or worse.

That is “Classified”

Top Secret informationWhich brings up a related point of confusion for many people I talk with. This “secretive” information with which the IC deals so closely; material that is meant to be kept protected, and not divulged to the general public, is considered “classified.” But, there is no such classification as “Classified” (or “Ultra” or “above Top Secret” for that matter either). Valid classifications are:

1. Top Secret: “…unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security.” Among other things, exposure of this information includes results like armed hostilities against the U.S. or compromise of national defense plans or sensitive intelligence operations (which could lead to loss of life), or compromise of cryptography or communications (which could mean that we could not communicate securely).

2. Secret: “…unauthorized disclosure could reasonably be expected to cause serious damage to the national security.” Among other things, exposure of this information includes results like disruption of foreign relations that impairs national security, details of significant military plans or intelligence operations, or of scientific or technical developments.

3. Confidential: “…unauthorized disclosure could reasonably be expected to cause damage to the national security.” Confidential information is often described as similar to Secret, but with less severe outcomes in the event of exposure.

Formal guidance is to always classify something at the lowest appropriate clearance level. At least in the agency I worked that was followed very closely. Every time I classified something I also had to document why something was classified at the level I was claiming. You don’t just get to make arbitrary decisions.

As well as the formal classifications, information can be “code word” or Special Compartmented Information (SCI) or Special Access Programs (SAP). But Secret SCI or Secret SAP information is still “Secret” because of its relative value and potential damage. The SCI or SAP just means a subset of people with secret clearance can see it. The code words are simply related to “need to know.”

So in a nutshell, information is classified because it has value to the United States, and because release of that information can cause damage to the United States. Anyone who has access to that information has been briefed on what that damage means.

Actually everyone who is provided a security clearance signs a form acknowledging their understanding of what they are being provided. This includes clauses in which the signer acknowledges:

1. That they understand what the classification means.

2. That they promise to protect any and all classified information, and not divulge it to anyone who does not have proper clearance and the need to know.

3. That this acknowledgement continues even after they leave this position or lose access to the information, even if they move on to another job at another company or organization.

4. That improperly divulging this information is a crime under title 18, United States Code and others.

You might notice that nowhere in that list does it include the personal right to reclassify and declassify any information that you decide you want to for whatever reason you decide is justified. There is a formal process to declassify information, and that process does not involve sending documents to the press.

Bottom Line

The United States Intelligence Community has the huge task of sifting through the literal and figurative tons of available information, figuring out which scrap or two of that information is important (or going to be important at some time in the future), putting that information in a consumable form (so that readers can understand it, and the impact it can have in context), and delivering that intelligence to the right people in a timely and meaningful manner.

When I put it that way it sounds simple, right?

view counter
Jon-Louis Heimerl is Director of Strategic Security for Omaha-based Solutionary, Inc., a provider of managed security solutions, compliance and security measurement, and security consulting services. Mr. Heimerl has over 25 years of experience in security and security programs, and his background includes everything from writing device drivers in assembler to running a world-wide network operation center for the US Government. Mr. Heimerl has also performed commercial consulting for a variety of industries, including many Fortune 500 clients. Mr. Heimerl's consulting experience includes security assessments, security awareness training, policy development, physical intrusion tests and social engineering exercises.