"Loose lips sink ships" was a very famous phrase during World War II. The Americans knew the Axis powers were listening in on American radio transmissions. This phrase encouraged them to keep information, especially about troop movements, close to the vest, so it would not leak out to the Nazis or Japanese.
While that phrase has been retired from the American lexicon, the importance of keeping information classified has not. According to First Army Division East Information Assurance Officer Maj. David Krugh, information security is even more prevalent now in the computer age than it was during World War II.
"Classified spillage is a major concern of information assurance in today's Army," he said. "The ability of our adversaries to aggregate operational information from multiple sources has been refined to an art."
Krugh further stated user awareness and proper control of classified information and personal identifiable information were defenses to prevent information spillage. However, the most important action users can take, according to Krugh, is to ensure all equipment and storage devices are properly marked with the appropriate security label, be it confidential, secret or top-secret. This prevents the information from being mislabeled unclassified and kept in an unsecure location.
Not only does classified material have to be labeled separately, according to Army regulation, there are special considerations that must be accounted for when storing any classified information. Any medium, be it paper or compact disc, containing classified data must be classified to the highest level of data on that file.
"If you are storing classified data to a CD and only one file is 'secret', that CD must be labeled 'secret' and protected with appropriate levels of care," he said.
Krugh also stated that you cannot mix and match when dealing with classified material.
"Once an item is classified, that item may not be used in a system with a lower classification level," said Krugh. "Secret-level CDs cannot be used on an unclassified computer." He also explained that using secret-level CDs in an unclassified computer may result in a Uniform Code of Military Justice violation for that service member, and have a very serious consequence on their career.
Krugh also explained that if service members suspect there is a case of classified information spillage, they should contact their Security Officer or the Information Assurance Manager. If they don't know who these people are, they should start by reporting it to their supervisor. He concluded by saying, information security is a concern for all service members, no matter where they fit along the chain-of-command.
It may be gone from the popular lexicon, but loose lips still do sink ships.
5 Most Common Information Spillages
1) Failure to label classified material as classified. All materials of confidential classification and higher must be labeled as such.
2) Mislabeling of classified material. Classified material can be labeled Confidential, Secret or Top Secret depending upon the level of security required. Secret level files may contain confidential materials but confidential files cannot contain any files above the classification of confidential.
3) Introducing Classified Material to a Non-classified Source. An unclassified computer can only be used to work on unclassified material. Inserting a Secret CD into a unclassified computer is information spillage.
4) Failure to secure classified material. There are certain security controls that must be met when dealing with classified material. It may not be left unattended in an unclassified space.
5) Introducing classified material to an unclassified electronic source. Classified material cannot be transferred across the internet. The Department of Defense uses a Secret Internet Protocol Router Network (SIPRNet) to pass classified material electronically.
Social Sharing