DHS information sharing program finally gets a governance document
A Homeland Security Department directive (.pdf) issued March 1 outlines the specific functions of the Classified National Security Information Program for state, local, tribal, and private sector entities, (collectively known as SLTPS). The DHS guidance comes more than a year after the STLPS policies were supposed to be in place. An August 2010 White House executive order 13549, established the program and mandated an implementation document by Feb. 14, 2011.
The primary goal of the program, wrote DHS Secretary Janet Napolitano, is to better share actionable, timely and relevant classified information across SLTPS partners. Information sharing has been a persistent problem within DHS and among the entities DHS coordinates.
The program will address the "need for a unified, consistent program for the application of standardized security processes and procedures for security clearance management and the safeguarding of classified information," said Napolitano.
According to the document, all policy guidance for the program will come from the National Security Advisor, a post currently held by Thomas Donilon, while Napolitano will act as the "executive agent" who oversees the actual program administration.
The program will not just focus on classified information sharing. The governance plan also requires Napolitano to designate a "classified information advisory officer" for dealing with unclassified information. This office will develop and administer training programs to help SLTPS entities set policies for communicating sensitive unclassified information. This will be important for individuals who lack security clearances, says the document. It will also provide avenues for SLTPS personnel to apply for clearances.
That same office will address requests to correct improperly or unnecessarily classified information.
The directive includes an entire chapter on classification management, which notes that undefined and inconsistent classification management wastes resources, diminishes public trust and can weaken national security. In late February, the Defense Department also issued new instruction focused squarely on classification standards, levels, authorities and challenges. The document emphasized WikiLeaks-like data breaches, and policies that encourage internal whistle blowing in cases of misclassification.
The implementation plan not only outlines roles and responsibilities at DHS, it also includes requirements for non-federal entities in the SLTPS program. Each entity is required to designate a senior official to direct and administer the agency's implementation and compliance with the program, as well as stand up regulations and policies consistent with the program and report when the directive is violated in any way. Each entity mush also report applicable security clearance and security records for SLTPS personnel and facilities to DHS.