An Aside on Classified Information Handling

I've been doing some reading this week, and it seems that there are several posts running through my head all at once.  So although the blog has been relatively quiet the past few months, the next week or so should be pretty active.  Most of the pending posts will be related to cyber warfare and the current news about Flame and Stuxnet.  However, I wanted to start with an aside on classified information handling after reading this New York Times article on Stuxnet.

Reviewing that article, it is difficult to believe that a portion of that information does not remain classified to this day.  In fact, the author states that some of the sources remain anonymous specifically because the information is classified.  Did any of the classified information appear in the article?  I don't know, but I am willing to bet that even knowing the program exists is classified.  To read an article like that, knowing that individuals within the government have willingly disclosed classified information to a reporter, it does get under your skin a little bit.

Anyone with any familiarity of security clearances and the lengths to which the government goes to clear individuals and protect classified data know that the entire endeavor is approached with a zealous extremism, which in most cases at least is warranted.  Disclosures of classified information are a threat to national security.  Handling of spills is costly.  Implementation of the measures to protect the information is costlier still.  However, the disclosure of Valerie Plame's name and this story provide an indication that those with a high rank in the government will likely escape serious punishment for their crimes while low-ranking officials like PFC Bradley Manning or even individuals who have no place within the intel community whatsoever like Julian Asange will be portrayed as evil incarnate and prosecuted to the full extent of the law.

This imbalance of justice makes a mockery of the entire notion of classified information and how it should be handled.  The strength of the rules pertaining to classified information handling is the clarity with which they are written and indoctrinated into those provided with access.  There are situations where the usual cost-benefit analysis for a security measure does not apply- either you do it and you can access the information, or you don't and you can't.  To allow for an inequitable application of the consequences to be applied when individuals participate in breaches blurs those black and white lines, and seriously undercuts those efforts and places information that has been designated as critical to our national security at risk.

More from Our Cybersecurity Experts