President Issues Executive Order for Responsible Information Sharing

Friday, October 7, 2011

The WikiLeaks breach highlighted vulnerabilities in the protection of sensitive and classified information. While much has been done to better protect our classified information, the Administration recognizes a need to do more. President Obama signed Executive Order (EO) 13587 on October 7, 2011, which addresses structural reforms to the oversight of classified information. The EO supports, codifies, and accelerates ongoing work – work that includes bolstering detection capabilities, restricting removable media, and strengthening government-wide governance, coordination, and oversight.

The EO formally establishes the Classified Information Sharing and Safeguarding Office (CISSO), integrated within the Office of the Program Manager for the Information Sharing Environment. We are a part of the larger government response to WikiLeaks and will continue to focus on advancing whole-of-government efforts to both share and safeguard classified national security information, including policy, process, technology, and governance. This aligns with our mission to accelerate responsible information sharing across the totality of terrorism, WMD, and homeland security information.

Sharing and safeguarding remain critically important for our partners to be able to achieve their missions. For example, sharing classified and unclassified information between federal, state, and local public safety communities often occurs at state and major urban area fusion centers. These fusion centers, and those who support them, have put a renewed focus on both increasing sharing to keep Americans safe and improving safeguarding to ensure that information is properly protected. For more stories of successful and responsible information sharing, see the 2011 ISE Annual Report.

Safeguarding Activities
As this EO makes clear, responsible information sharing occurs throughout the government:

  • Agencies bear the primary responsibility for sharing and safeguarding classified information, consistent with appropriate protections for privacy and civil liberties. Federal agencies that use classified networks will:
    • designate a senior official to oversee classified information sharing and safeguarding for the agency,
    • implement an insider threat detection and prevention program,
    • and perform self assessments of compliance with policy and standards.
  • A Senior Information Sharing and Safeguarding Steering Committee will have overall responsibility for fully coordinating interagency efforts and ensuring that departments and agencies are held accountable for implementation of information sharing and safeguarding policy and standards.
  • The Classified Information Sharing and Safeguarding Office, mentioned above, provides sustained, full-time focus on sharing and safeguarding of classified national security information. We also consult partners to ensure consistency of policies and standards and seek to identify the next potential problem.
  • Senior representatives of the Department of Defense and the National Security Agency will jointly act as the Executive Agent for Safeguarding Classified Information on Computer Networks to develop technical safeguarding policies and standards and conduct assessments of compliance.
  • An Insider Threat Task Force will develop a government-wide program for insider threat detection and prevention to improve protection and reduce potential vulnerabilities of classified information from exploitation, compromise or other unauthorized disclosure.

Protection and sharing are two sides of a single indivisible coin - without protection, sharing is not possible; and without sharing, protection loses its relevance. WikiLeaks has illustrated the need to protect information, even as we develop better capabilities to share it. As the White House has pointed out, one of the guiding principles of this effort is to:

“Reinforce the importance of responsible information sharing and not undo all of the significant and important progress we’ve made in interagency information sharing since 9/11.”[1]

We now have an opportunity to realize even more progress in the safeguarding and proper sharing of information. It is essential that we seize the momentum of existing efforts.  By doing so, we enhance our national security and better protect the American people through responsible information sharing and safeguarding.