One year ago, the Federal Government shut down due to the COVID-19 Pandemic. Federal agencies and offices enacted their emergency plans to continue serving and protecting the American people. The staff at the Information Security Oversight Office (ISOO) also adapted its work, replacing in-person stakeholder and interagency meetings with virtual ones and sought new avenues to respond to questions and inform Federal agencies, contractors, and the public about information security policies, processes and procedures. Seeking new approaches to maintain contact, ISOO created The ISOO Overview blog and posted its first entry a week after the President declared a National Emergency.
ISOO’s mission is to support the President by ensuring that the Government protects and provides proper access to information to advance the national and public interest. Our office leads efforts to standardize and assess the management of classified and controlled unclassified information through oversight, policy development, guidance, education, and reporting.
Our staff continues this important work virtually.
Our office hosted important National Industrial Security Program (NISP) Policy Advisory Committee meetings and State, Local, Tribal and Private Sector Policy Advisory Committee meetings virtually, gaining important feedback and insight on challenges facing these stakeholders and aiding in the identification of possible solutions. We helped the Department of Defense codify the National Industrial Security Program Operating Manual as 32 C.F.R Part 117. The CUI directorate hosted quarterly stakeholder meetings to discuss challenges, share best-practices, and address concerns and questions in a virtual group setting.
ISOO’s multi-year project to streamline and modernize our information security data collection process and methods continued. Working with agencies, the Congress, and civil society organizations, our staff developed a new data questionnaire for agencies to report to ISOO, including for use in ISOO’s Annual Report to the President. We provided it to agencies earlier this year to help facilitate the transition to the reformed collection, and we intend to formally task agencies to complete it later this FY. ISOO is continuing its reform efforts, using agency responses to improve its data collection efforts.
In June, ISOO published its FY 2019 Annual Report to the President. In it, ISOO highlighted the challenges agencies face using antiquated information security and information management processes. It included key actions and judgments; and addressed ISOO’s analysis of the Government’s information security programs. Our staff is now compiling the FY 2020 Report to the President, including evaluating agency data collection responses.
ISOO’s Controlled Unclassified Information (CUI) directorate continued its work helping agencies prepare to implement their CUI programs. The CUI staff issued guidance updating agency implementation deadlines for the program on handling CUI while teleworking and worked with the National Institute of Standards on establishing NISP standards for protecting CUI. The CUI directorate continued to share information on its blog, The CUI Blog. Throughout the past 12 months, the CUI staff conducted multiple virtual training sessions on how to properly mark CUI. This important work has helped agencies protect their CUI and helped them prepare to fully implement their CUI programs
Our Operations directorate continued its oversight activities in analyzing agency classification guides. This oversight was highlighted in ISOO’s FY 2019 Annual Report to the President and is an important aspect to help agencies classify information effectively and consistently. Their work is conducted entirely online and virtually. They meet weekly to discuss and analyze the guides, and document findings, and chart progress.
Our staff also supported the Public Interest Declassification Board (PIDB) extensively as they published their Report to the President, A Vision for the Digital Age: Modernization of the U.S. National Security Classification and Declassification System in June. They facilitated three virtual public meetings, including one with Senator Ron Wyden. In September, they assisted PIDB member John Tierney prepare his testimony before a virtual public hearing of the Senate Select Committee on Intelligence. In December the staff prepared PIDB Member Ken Wainstein to lead a discussion before Congressional staff, contractors, and government officials on the problems associated with the over-classification of information.
The facility closure greatly impacted the work of the Interagency Security Classification Appeals Panel (ISCAP) staff. Unable work in the Sensitive Compartmented Information Facility (SCIF) and without access to secure networks and communications systems, ISCAP classified operations ceased. Still, the staff continued its unclassified work remotely. This work included posting over 500 newly declassified pages and over 70 minutes of declassified video on its website shortly and continuing to accept, respond, and enter new appeals in the tracking database that is also updated on the ISCAP’s webpage. In late summer, one member of the ISCAP staff started to work onsite in the SCIF part-time. He was able to work with the ISCAP Liaisons to complete work on two appeals and approve one agency declassification guide. This type of classified work continues in FY 2021, but at a much-reduced pace.
ISOO congratulated and said farewell to Dawn Fairchild who retired and welcomed Heather Harris Pagán as the Senior Program Analyst for Operations and Industrial Security, Beth Fidler as a Senior Program Analyst in the Classification Management directorate, and Arabia Phenious as Staff Assistant. Still, the pandemic proved challenging as seven staff members accepted new positions at other agencies. The loss of these staff weighs heavy on ISOO as we continue to accomplish our core mission.
While the ISOO staff looks forward to being back onsite, working with one another and with all ISOO stakeholders, we remain committed to accomplishing ISOO’s mission virtually until such time as it is safe to return.