Skip to content

Page065

Classifying Data

Data classification has existed for millennia. In 678 AD, the defenders of Constantinople first used Greek fire to defend the city vs. invading ships. The liquid was launched from the city walls and could burn on water. “The composition and use of Greek fire was a state secret that died with the Byzantium empire, in fact disappeared long before Byzantium had run its course. To this day, historians have been unable to agree on the composition and use of Greek fire, despite repeated attempts by chemists and historians to discern its nature from a fragmented historical record”[^1]. Note that data classification is testable, but this historical example is not testable.

The day-to-day management of access control requires management of labels, clearances, formal access approval, and need-to-know. These formal mechanisms are typically used to protect highly sensitive data, such as government or military data.

Labels

Objects have labels, and as we will see in the next section, subjects have clearances. A critical security step is the process of locating sensitive information, and labeling or marking it as sensitive. How the data is labeled should correspond to the organizational data classification scheme.

The object labels used by many world governments are confidential, secret, and top secret. According to Executive Order 12356—National Security Information:

  • “Top Secret” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security.
  • “Secret” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security.
  • “Confidential” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security[^2].

This describes the classification criteria. A security administrator who applies a label to an object must follow these criteria. Additional labels exist, such as unclassified (data that is not sensitive), SBU (Sensitive but Unclassified), and For Official Use Only (FOUO). SBU describes sensitive data that is not a matter of national security, such as the healthcare records of enlisted personnel. This data must be protected, even though its release would not normally cause national security issues.

Private sector companies use labels such as “Internal Use Only” and “Company Proprietary.”

Security Compartments

Compartments allow additional control over highly sensitive information. This is called Sensitive Compartmented Information (SCI). Compartments used by the United States include HCS, COMINT (SI), GAMMA (G), TALENT KEYHOLE (TK), and others (these are listed as examples to illustrate the concept of compartments; the specific names are not testable). These compartments require a documented and approved need-to-know in addition to a normal clearance such as top secret.

Clearance

A clearance is a formal determination of whether a user can be trusted with a specific level of information. Clearances must determine the subject’s current and potential future trustworthiness; the latter is harder (and more expensive) to assess. For example: are there any issues, such as debt or drug or alcohol abuse, which could lead an otherwise ethical person to violate their ethics? Is there a personal secret that could be used to blackmail this person? A clearance attempts to make these determinations.

In many world governments, these clearances mirror the respective object labels of confidential, secret, and top secret. Each clearance requires a myriad of investigations and collection of personal data. Once all data has been gathered (including a person’s credit score, arrest record, interviews with neighbors and friends, and more), an administrative judge makes a determination on whether this person can be trusted with US national security information.