On April 23rd, 2020, NPEC hosted a National Security Classification Policy Reform Virtual Meeting. The following videos are highlights of Richard Immerman and Pete Worden respectively. Transcripts of Richard Immerman’s and Harvey Rishikof’s presentaion have also been included.
The meeting itself was in response to a number of recent Defense classification developments. The first of these relates to overly restrictive classification of historical national security documents and government-commissioned historical analyses needed to develop sound national security strategies. The second has to do with overly restrictive classification and security policies that are complicating our country’s ability to achieve its security objectives related to space, 5G and cybersecurity, and biotechnology and the health sciences.
Apr 23, 2020
Nuclear Military History: What You Don’t Know Could Kill You
Richard Immerman
Strategic planning is very difficult. There are so many variables to consider, ranging from weapons systems, to intelligence estimates, to the risks and opportunities of negotiations, to financial capacity, to available instruments of both hard and soft power, to, of course, short- and long-term goals. The list is almost endless, and it grows longer in every era. Strategic planners warrant our deepest respect.
They also warrant our help, and by this I mean the help of scholars. You might well ask what contribution a scholar, especially a historian, can make to strategic planning. The obvious answer is for us to do what we do best—produce studies of the past that are relevant to today’s challenges. For this purpose of creating a usable past, however, those studies, must, to borrow the words from the State Department’s Foreign Relations of the United States series’ mandate, be “thorough, accurate, and reliable.” They cannot achieve that end if the vital documents remain classified.
Of course, many if not all high-level government officials possess the necessary security clearances to access these documents. But they may not; it’s an arduous process. And even should they, the documents will be of limited utility. A document taken out of context, or divorced from the others that surround it, is easily misunderstood and/or misinterpreted. The historian, however, is trained to interrogate that document and incorporate it into an intelligible narrative.
Consequently, both the historian and the declassified document can, and should, contribute vitally to the strategic planning process. Granted, many policymakers and political leaders have neither the time nor the inclination to do much reading. Still, those who do tend to read history. When I was at the Office of the Director of National Intelligence (ODNI), my boss regularly started our daily meetings by announcing the title of the book he had just finished, invariably a work of history, and asking whom in the room wanted to read it. Multiple hands always shot up.
Rarely did the book have a direct bearing on a problem we were wrestling with. But even off-point reading can benefit the strategic planner or intelligence analyst. That’s because the reader gains further exposure to what we call historical sensibility. For the historian, history is not just one damned fact after another. Rather, history is the relationship between those facts, defined broadly. It is the product of the synergies among developments—crises, elections, famines, and more—that often occur across diverse geographic areas, and connections between an assortment of government and non-governmental actors and a spectrum of political, economic, cultural, and other dynamics. Further, the premise of the historical narrative is contingency—a sensitivity to the variables that produce one outcome as opposed to the other. For the strategic planner, these variables can represent leverage points and windows of opportunity as well as threats and conflicts.
My aim here is not to provide a lesson in the craft of history. Rather, it’s to underscore history’s value to formulating policy and strategy. But to reiterate, that value depends on the quality of the history, which depends on the skill of the historian and the historian’s access to the best evidence. My experience confirms that the best evidence is frequently synonymous with declassified documents.
Let me provide a few examples of what policy planners have learned because of the declassification of evidence. Imagine, to give a familiar illustration, a contemporary official planning to address Iran’s nuclear program without a deep knowledge of America’s part in restoring the Shah in 1953. It took decades to declassify those documents, and even after many became available, the CIA’s role was left unmentioned when the relevant FRUS volume was published in 1989. The uproar generated by that omission led to the 1991 legislation mandating that FRUS must be “though, accurate, reliable” and the decision to redo the volume on Iran. Yet owing to continued battles to declassify the documents, that volume was not published until 2017. And crucial documents remain secret.
I could mention countless other examples, but I’ll focus on nuclear history, including that of nuclear non-proliferation. First, Frank Gavin, who argues (and I’m simplifying) that the orthodoxy on the geopolitical role of nuclear weapons, particularly during the Cold War, exaggerates their influence and portrays that influence as more salutary than is justified; second, Gavin argues that we need not link nuclear proliferation to a march toward Armageddon. I’m not claiming that these arguments are “right.” But they do suggest the complexity of the problem and the need for strategic planners to avoid facile frameworks. What is more, they are based on a firm foundation in the declassified record.
As a second example, no one has contributed more to our understanding of US nuclear strategy than David Rosenberg. By bringing to light America’s massive stockpiling of nuclear weapons early in the Cold war, by underscoring the attention paid to preemption and potentially launching a preventive war, and by uncovering the doctrine of “overkill,” Rosenberg changed our understanding of nuclear planning. He achieved this by declassifying hundreds-and-hundreds of previously inaccessible documents. But what is no less significant for our purposes is that Rosenberg intended to produce a broader study of nuclear and naval strategy through an examination of the career of Arleigh Burke. He didn’t because he couldn’t declassify enough documents. Both scholars and strategic planners are poorer for that.
Adding insult to injury, over the years David also wrote multiple government studies that will almost surely remain classified for decades to come.
On a final note, only by declassifying documents can today’s strategic planners gain essential insight into the varieties of architectures that past planners have used both to receive advice and information and to implement their decisions. Toward this end, explorations of Eisenhower’s project Solarium have gained increasing currency over the past decade. Declassifying those documents was more painful than pulling teeth, and almost 75 years later our success is only partial.
Years ago I attended a conference at which one of the panelists lamented that we historians act as if the purpose of archives is to fulfill our scholarly needs. In fact, much more is at stake—our very national security.
Overclassifying in the 1980s almost Unhinged Space Negotiations with Russia
Pete Worden
Self Defeating: Overclassifying the Ground-Based Laser Threat to U.S. Satellites
Pete Worden
How Overclassification Undermines America’s Cybersecurity
Harvey Rishikof
I would say this overclassification issue in cyberspace, or the classification in general, is an issue we have been fighting concerning the number of attacks and the sharing of information between the public sector and the private sector. We have clearly not resolved the issue of the public private sharing of information in the context of the cyberthreats. I would say that when I was on the government side in counterintelligence there were certain types of information we had that I think the private sector would have liked to have had but we had a number of restrictions either with legal frameworks involving violations of antitrust or a decision on the government side for sources and methods. We did not want to give up the information because of the fear of burning the asset. And we did not have a systematic, I would say, policy approach for how we racked and stacked the assets and which assets might have been worth us sharing the information so that it would have improved the ecosystem of the cyber world.
We have a similar problem with the issue of how we dealt with the concept of zero days. Those are, as you know, flaws in a code that have never been seen but that are discovered by individuals reviewing the code which allows us access to exploit those zero day codes in order to make a penetration or to cause a cyber effect. The attack on the nuclear facility in Iran as an open source proposition had at least three zero days that were involved in that operation that were exploited [by] whoever was the aggressor to get into that facility. So that issue of what is the appropriate balance of sharing information on the government side when it has these types of zero days and what it should be doing to improve the ecosystem, again, has not produced a consistent and structural policy.
We recently had a moment in which the intelligence community came forward with a fix for a Microsoft problem. The decision was made that the problem was so structural in the Microsoft app, the platform, that it should be made public in order for it to be fixed. On the other side, when I wear my private sector hat, there is a deep resistance in major corporations and companies to be able to come clean with attacks that have taken place on their networks and their willingness to share with the government for fear of either being prosecuted because it would demonstrate that they had been negligent or potentially grossly negligent in some aspect of their network maintenance. There is fear that if they share the information that information will be shared with the inappropriate regulatory group and that regulatory group would then penalize them for their inaction on the network. So that level of the need of transparency in the public private world, in the sharing of information given our vulnerabilities in cyber, is something that literally I’ve been working on or involved with, it’s embarrassing to say, for almost over 25 years, 25 or 30 years. And it’s a very similar conversation that happens all the time; and we in a report that I was involved with at MITRE called “Deliver Uncompromise,” we recommended that there be an entity created, probably under the counter-intelligence directorate that’s under Bill Evanina. They should be able to have jurisdiction that would include both the intelligence community, the Department of Defense, DOJ, the FBI and also the DHS. All of the authorities under one hat so that they could gather the information and keep it classified where it had to be but also they’d be able to pass the information back through to the companies when it was appropriate. We have not solved that riddle.
Now going forward, there are some people on the call, trying to get that piece of legislation and that put in the bills for either the NDAA or else with the IC Authorization Act in order for the U.S. to create this entity. It’s similar to the entity that we created for the National Counterterrorism Center (NCTC). The NCTC has had some degree of success in sharing information and gathering information. And I think we clearly need something in the cyber arena that is similar.
Alex has just pointed out I was referring to the National Counterintelligence and Security Center. The NCSC is where we thought it should be housed. We got a little bit forward in the last IC and NDA but not all the way there. But this is a huge problem that I think requires some legislative response in order for us to be able to grant immunity to certain companies so that they can feel comfortable sharing that information. We need to “illuminate the supply chain” in order to move forward to be more securing of the post 9/11 world where our adversaries are using asymmetric cyber vulnerabilities.