Fixing Leaks

Assessing the Department of Defense's Approach to Preventing and Deterring Unauthorized Disclosures

by James B. Bruce, W. George Jameson

Download

Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 0.8 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Summary Only

FormatFile SizeNotes
PDF file 0.1 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Purchase

Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback76 pages $19.95 $15.96 20% Web Discount

Research Questions

  1. What are the strengths and weaknesses of the Unauthorized Disclosures (UD) Program Implementation Team's Strategic Plan?
  2. How well is the UD Strategic Plan being implemented?
  3. Will the program stem unauthorized disclosures in the Department of Defense?
  4. What recommendations will improve the effectiveness of the plan and its implementation?

In 2012, the Office of the Under Secretary of Defense for Intelligence established the Unauthorized Disclosures Program Implementation Team to prevent and deter the unauthorized disclosures of classified information by all Department of Defense personnel through the implementation of the UD Strategic Plan. RAND was asked to help monitor and assess the potential for effectiveness of this new initiative. Researchers determined that the UD PIT's implementation of the UD Strategic Plan has made important and discernible progress toward its main objectives, but the advances are partial, fragile, and may be impermanent, facing strategic and tactical obstacles. RAND offered 22 recommendations, including ways to sustain and expand the effort, a continued emphasis on top-down support, establishing metrics, improving accountability, and prioritizing responses.

Key Findings

The Department of Defense Faces Strategic Obstacles in Stemming Disclosures

  • Media leaks have many causes but few feasible and effective solutions.
  • There is a longstanding organizational culture in DoD that treats leaking classified information to the media as nearly risk-free, which suggests to some that the behavior is acceptable.
  • To be fully effective, remedies must address the full range of security, classification, and particularly UD-related behavior, and establish an end-to-end accountability process from initial UD identification through the imposition of effective penalties for violations.

Tactical Obstacles Also Exist

  • Successfully addressing the unauthorized disclosures problem requires carefully calibrating the focus of current efforts and prioritizing the most serious UDs for action.
  • The current plan focuses mostly on identification and reporting, but these activities must be complemented by other, equally significant tasks, such as assigning responsibility and ownership for acting on the reported disclosure and seeing the action through all the needed steps to bring it to closure.
  • The language and guidance addressing UDs in DoD directives and manuals is often unclear, inconsistent, or ambiguous, and requires clarification,
  • It is important to identify steps where security can act before leaks occur, as well as determining where new measures could improve the security clearance vetting process.
  • The lack of metrics to track results, the sensitivity of counterintelligence investigations, insufficient authority of UD PIT members within their own components, and insufficient outreach to non-DoD elements all require correctives to improve implementation effectiveness.

Recommendations

  • Grow the initiative through a recalibrated and even more ambitious agenda, as well as through greater senior-level oversight and direction.
  • With the recent transition in Defense Secretaries, ensure that the top-level priority and support assigned to the initiative by the previous Secretary is reinforced and sustained by the new leadership.
  • Empower the Program Implementation Team members within their components and establish a Senior Executive Service-level steering group.
  • Prioritize the most-serious classified disclosures to the media for concerted action.
  • Establish metrics to track results.
  • Establish full accountability by identifying leakers and apply sanctions to promote the realization that leaking classified information will not be tolerated.
  • Ensure that full ownership of every serious UD is assumed or assigned, that accountability is established as offenders are identified and adjudicated, and that appropriate sanctions are implemented before any serious case is brought to closure.
  • Clarify policies, directives, and guidance to help managers understand their authorities and responsibilities to ensure that accountability is established and offenders are punished for violations.
  • To facilitate compliance, sanctions must be timely, visible, meaningful, and fair.
  • Prioritize and deliver quality training and education regarding unauthorized disclosures.
  • Ensure language clarity and consistency in all relevant documents, directives, manuals, and official issuances — and along the full range of departmental authorities.
  • Review security vetting for classified access and reform security measures to include a reliable and predictive evaluation of security trustworthiness.
  • Conduct studies to assess the causes, consequences, and correctives to significant UDs, and to improve measures to identify and punish leakers for violations.

Table of Contents

  • Chapter One

    Introduction

  • Chapter Two

    Observations on UD PIT Effectiveness

  • Chapter Three

    Recommendations

  • Appendix A

    Thresholds for Taking Legal Action Against Leakers

  • Appendix B

    Leaks Questions and Responses

The research described in this report was prepared for the Office of the Secretary of Defense (OSD). The research was conducted within the RAND National Defense Research Institute, a federally funded research and development center sponsored by OSD, the Joint Staff, the Unified Combatant Commands, the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community.

This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.