Classification Errors in Critical Information Systems: A Governance and Risk Perspective

1. Introduction

INFOSEC goes beyond data protection, covering the security of systems, devices and storage infrastructures against unauthorized access, alteration or destruction. This justification of security principles plays a role in maintaining their proper functioning and minimizing the impact of threats to the integrity of the data itself; in other words, practitioners must employ established security practices, including encryption, control reviews and redundancy reduction, access control, and ensuring the constant availability of this information.

The management of classified information is subject to strict controls designed to prevent access to information of (strategic) value, which, in turn, protects the interests of governments and international agencies.

This research will examine not only the classification process as a formal decision based on sensitivity criteria, but also the role of the need-to-know principle and the impact of an erroneous decision on this classification. To this end, a real historical case will be reviewed, involving the erroneous declassification of documents

Furthermore, a hypothetical case of under-classification will be introduced, that is, the assignment of a security classification lower than that required for a document.

2. Materials and Methods

The aim of this study is to analyze classification errors in critical documents within the context of classified information security and management. The research is based on an analytical and comparative approach, combining a regulatory framework and conceptual analysis with case studies.

In doing so, both a real-life scenario from a historical case and a hypothetical case will be considered, enabling the identification of existing flaws associated with the processes of declassification and classification of information.

This research will address:

• The importance of proper classification;
• The regulatory and conceptual framework;
• Case Study I – Historical declassification error (1971–1976);
• Case Study II – Hypothetical under-classification error;
• Comparative analysis of the two cases studied;
• Risk implications of classification errors;
• Measures to strengthen the governance of information classification;
• Lessons learnt and their applicability in organizational contexts.

3. Results

Between 1971 and 1976, the U.S. Department of Energy conducted a large-scale declassification review process at Los Alamos Scientific Laboratory. Subsequent investigations revealed that several documents containing sensitive nuclear weapons information had been erroneously declassified.

Both cases demonstrated that classification systems become vulnerable when procedural efficiency overrides analytical rigor.

The findings suggest that classification systems require continuous oversight and adaptive review structures rather than static procedural compliance alone.

3.1. Subsection

Bulleted lists:

• The Context of Information Security and Classified Information
• International Standards and Regulations
• Classified Information
• Classification Governance Lifecycle
• Areas class 1, 2 and 3
• The Importance of Proper Classification
• Accreditations
• Over-classification vs. Under-classification
• Classification error analysis framework
• Real-Life Case Study 1971–1976
• Hypothetical case
• Comparison of Cases
• Measures to Strengthen Information Classification
• Lessons Learnt and Conclusion
• Bibliography

4. Discussion

The Context of Information Security and Classified Information

There are several key definitions of information security provided by the International Organization for Standardization (ISO), the Committee on National Security Systems (CNSS) and the Information Systems Audit and Control Association (ISACA).

According to SEGNAC 1 – Instructions for National Security, Safeguarding and Defense of Classified Material – “all classified material must be adequately protected against unauthorized disclosure, leaks, breaches or negligence. A single security measure is generally not sufficient to provide protection. Therefore, the measures to be adopted must be combined in such a way as to provide adequate redundancy. When planning security measures, it is necessary to consider the threat assessment, focused protection, the need-to-know principle, the centralization of classified material to be protected, and to consider the importance of the human factor. It is also necessary to adapt the security classification to the nature of the materials to be protected. Information security is, therefore, the protection of data, devices and systems (hardware) that store, transmit and use information.

The objective of information security is to adequately protect information assets in order to ensure business continuity (or operational continuity, if a term less associated with business life is preferred), minimizing potential losses that may occur (from the loss or destruction of value of these assets) and maximizing the return on investment (since the efforts associated with information protection must be covered by its value or by the value that can be extracted from it).

Achieving information protection objectives involves ensuring the effectiveness of the three main pillars. Preventing information from being altered incorrectly: data must not be altered in such a way that it is no longer accurate and complete. This involves protecting data from both intentional and unintended changes using methods such as digital signatures, audit trails and change controls. Ensuring that data and systems are always operational: all data and systems must be accessible when needed. The time spent without access to important data must be minimized, and business continuity must be ensured through redundant servers, regular backups, and anti-DDoS measures. Ensure that only authorized persons can access the information: data must not be accessible to unauthorized individuals. This is to protect data using technologies such as shared encryption, authentication mechanisms and access control systems

International Standards and Regulations

The management of classified information is governed by a set of standards and regulations that establish standards, best practices and legal requirements for protecting sensitive data in a global context. In this regard, we are currently examining SEGNAC 1 - National Security Instructions (Portugal), ISO 27001 - Information Security Management System, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). These guidelines are essential to ensure the three principles mentioned above, particularly in organizations operating across multiple jurisdictions and subject to different legal regimes.

SEGNAC 1 – Instructions for national security, safeguarding and defense of classified material: This document considers that, in terms of internal security, its objective is to contribute to ensuring the normal functioning of democratic institutions and respect for democratic legality, given the importance that modern.

Democratic states are vulnerable to actions seeking to obtain advance knowledge of information regarding their capabilities in the political, economic, scientific, technological and administrative fields, with the aim of undermining, influencing or impeding the normal functioning of democratic institutions;

These are, therefore, guidelines that define basic principles and standards designed to ensure the protective security of classified government material against acts of sabotage and espionage, and also to prevent human errors that could lead to security breaches and compromises.

Although frameworks such as ISO 27001 and the NIST Cybersecurity Framework establish structured security governance models, their implementation within classified environments remains operationally challenging. Excessive bureaucratic complexity, inconsistent interpretation of classification criteria and institutional pressure frequently weaken the effectiveness of formal controls.

Furthermore, security governance frameworks often prioritize procedural compliance over analytical assessment, creating environments in which classification decisions become routine administrative practices rather than rigorous risk evaluations.

Classified Information

The regime governing state secrets and classified information is one of the fundamental pillars of the democratic rule of law; its definition would greatly benefit from a comprehensive review aimed at harmonizing the various levels of information protection to be implemented across the different branches of government.

Consequently, whilst undertaking a comprehensive review of the legal framework governing state secrets, it is equally pertinent to provide a comprehensive and stable legal framework for matters that are broader in scope than other classified matters, which have hitherto been inadequately regulated by the regulatory framework for national security classifications (SEGNACs), approved on the basis of an enabling provision of the Internal Security Act, but which is insufficient in terms of the constitutional safeguards associated with rules restricting fundamental rights.

Access to and oversight of the system governing classified information by the Assembly of the Republic are ensured, particularly with regard to state secrets. The aim is, on the one hand, to ensure- with the necessary precautions- that Parliament has access to the information required to carry out its constitutional powers, but also to establish a system for monitoring compliance with regulations concerning state secrets and classified information.

In this context, the Committee for the Oversight of State Secrets and Classified information will play a key role; this body remains within the sphere of the Assembly of the Republic, operates from its premises and is supported by the relevant technical and administrative staff, and is chaired by the President of the , or by the Vice-President of the Assembly of the Republic to whom he delegates this function, should reinforce its central role and the specific safeguards required for dealing with a matter that lies at the very heart of the sovereign powers of the State.

Classified information refers to information or material in the form of documents, data, objects, equipment or systems that has been assigned a security classification, the unauthorized disclosure and/or access to which could harm the interests of the State or of a Member State of an International Organization (IO) of which Portugal is a member.

Classified information (CI) may bear the national classification mark or that of an IO, notably the European Union (EU) and the North Atlantic Treaty Organization (NATO).

There are four levels of classification, excluding the unclassified level, under the following existing classifications: NATIONAL, NATO and EU, (excluding EURATOM and ESA from this classification of levels); these being top secret, secret, confidential and restricted for the national classification, cosmic top secret, NATO secret, NATO confidential and NATO restricted for the NATO classification, and three levels: EU top secret, EU secret, EU confidential and EU restricted for the EU classification (seen in Figure 2).

Figure 2. CI grades and marks. Adapted from: Gabinete Nacional de Segurança. Norma técnica – E 01 – Marcas, graus de segurança e designadores. 2017. Available online: https://www.gns.gov.pt/docs/nt-e-01.pdf .

Figure 2. CI grades and marks. Adapted from: Gabinete Nacional de Segurança. Norma técnica – E 01 – Marcas, graus de segurança e designadores. 2017. Available online: https://www.gns.gov.pt/docs/nt-e-01.pdf .

Anyone requiring accreditation must have a need to access classified information at a level of ‘Confidential’ or higher; this authorization is granted by the National Security Authority (NSA) to a natural or legal person for the handling of classified information.

These sensitive matters, as defined above, aim to protect strategic national or organizational interests, which include national security to prevent internal and external threats such as terrorism, espionage or sabotage; the protection of diplomatic relations to avoid diplomatic crises caused by leaks of information that compromise international agreements or negotiations; operational integrity, which ensures the success of military or intelligence missions; access to and classification of sensitive documents, protecting important information on strategies or ongoing operations; economic stability, to protect industrial or economic secrets that could affect markets or critical infrastructure; and, finally, the prevention of espionage, with the aim of preventing hostile agents (state or non-state) from gaining an advantage by accessing protected information.

Classification Governance Lifecycle

Information Creation

↓

Sensitivity Assessment

↓

Classification Decision

↓

Authorization & Access Control

↓

Periodic Review

↓

Reclassification / Declassification

↓

Audit & Oversight

The management of classified information should not be understood as a static administrative procedure, but rather as a continuous governance lifecycle involving risk assessment, institutional oversight, operational controls and periodic review mechanisms. Classification decisions directly influence access control structures, operational security, information-sharing capabilities and organizational resilience.

Within classified environments, governance failures rarely emerge from a single technical mistake. Instead, they generally result from cumulative weaknesses distributed throughout the information lifecycle, including inadequate risk assessment, insufficient oversight, operational pressure, weak accountability mechanisms and human error.

The classification governance lifecycle demonstrates that classification failure should not be interpreted merely as an isolated administrative mistake. Instead, it represents a systemic governance problem capable of affecting organizational resilience, operational security and strategic decision-making.

Both over-classification and under-classification generate operational distortions:

• Over-classification reduces transparency and efficiency;
• Under-classification increases exposure and insider risk.

The challenge for organizations therefore lies in maintaining proportionality between protection requirements and operational functionality.

Ultimately, effective classification governance depends less on rigid secrecy itself and more on the existence of:

• Competent personnel;
• Rigorous review structures;
• Institutional accountability;
• Adaptive risk assessment mechanisms;
• Organizational security culture.

Class 1, 2 and 3 areas

As a rule, this sensitive information is stored in secure locations, which are divided into Class 1, 2 and 3 areas, where the classification of zones or work environments is subject to different security regulations depending on the classified material stored on site

CLASS 1 – Area where CONFIDENTIAL, SECRET and TOP SECRET classified information may be handled and stored, with mandatory registration and access control. (e.g. Control Post, Sub-registry, Data Centre, Situation Rooms);

Within this area, strict access controls are in place, allowing entry only to authorized security personnel of the highest level, continuous monitoring via cameras, sensors and trained security staff, advanced physical barriers such as armored doors, biometrics and alarm systems, and finally regular audits and inspections by the competent authorities. Highly classified information is stored here.

CLASS 2 – Area where CONFIDENTIAL, SECRET and TOP SECRET classified information may be handled and where only CONFIDENTIAL classified information is stored, with access control being mandatory (e.g. Management Offices and Workrooms);

In this Class 2 area, the same characteristics apply as in Class 1 with regard to access control and monitoring, although these are less stringent, with integrated entry and exit logging systems for traceability and physical security requirements such as safes, electronic locks and moderate barriers.

CLASS 3 or Administrative Area - Only CLASSIFIED information at the RESERVED level may be handled and stored here, and no access control is required (e.g. circulation areas or areas with unrestricted access).

It is characterized by its less stringent security measures, access controlled by passwords, cards or simple keys with basic physical protection, partial monitoring and security procedures geared towards compliance with best practice.

The Importance of Proper Classification

Classified information begins with the first stage of the process; that is, the information is identified as a formal asset of the organization and treated as a strategic resource that is essential to the continuity and success of the organization’s operations. This initial effort is undertaken to ensure that no relevant information is overlooked. It also aims to ensure that each asset has an ‘owner’ - someone with formal responsibility for ensuring its security and integrity.

Following identification, the information undergoes a careful analysis to assess its level of sensitivity and the impact that unauthorized disclosure could cause. At this stage, the information is classified into different categories, such as “restricted”, “confidential”, “secret” or “top secret”. This classification considers factors such as the strategic value of the information, the potential damage in the event of a leak, and the relevant legal requirements. In addition, periodic reviews are necessary to update classifications as contexts and protection needs evolve. This process is even more rigorous in the military sector, where security classifications are not revoked even after years of storage, and may simply become obsolete.

Accreditations

The accreditation procedure is subject to the principles of legality, equality, proportionality, impartiality and good faith, as well as to the other principles governing administrative activity, and is directly linked to the framework for safeguarding the rights, freedoms and guarantees of applicant citizens and third parties.

Entities with the authority to assign the security classification ‘Top Secret’ or the classification ‘State Secret’ are automatically considered accredited at the ‘Top Secret’ level under the ‘Nationally Classified Information’ designation.

Accreditation serves to authorize a natural or legal person (companies/organizations) to handle classified information; it is granted by the National Security Authority (ANS). All persons who have a need to know and to access classified information at a level equal to or higher than ‘Confidential’ must be accredited; consequently, they must be accredited for any classification mark or level.

In accordance with Article 30 – Security Clearance -of Chapter VI – Security Clearance - of Draft Law No. 554/XII on the Regime Governing Classified Information:

• Individual clearance refers to the process by which it is determined that a natural person is authorized to access classified information.
• Collective clearance refers to the act by which it is determined that, from a security perspective, a legal person has the physical and organizational capacity to handle and store classified information.
• The upgrading of security clearance is the act that grants a natural or legal person authorization to access classified information at a higher level than that originally granted.
• The downgrading of security clearance is the act by which a natural or legal person is authorized to access only information classified at a lower level than that originally granted.
• The revocation of security clearance is the act by which a natural or legal person is deprived of their authorization to access any classified information.

Over-classification vs. Under-classification

Over-classification occurs when information is classified at an excessive level, that is, at a higher security level than necessary without meeting the criteria that would justify such classification.

The most important and urgent aspect of over-classification concerns classified information which, although it meets the classification standards established by executive order, should not be classified for one reason or another.

This can lead to phenomena such as excessive caution on the part of decision-makers, a lack of review of classifications, and fear of liability in the event of disclosure.

It can have consequences such as difficulty in sharing information between agencies, where one party needs the information as quickly as possible, operational inefficiency, and a reduction in institutional transparency.

Under-classification, the opposite of over-classification, occurs when information that should be classified or protected at a higher level is assigned a lower classification level or is not classified at all.

This error may result from shortcomings in risk assessment, a lack of understanding of classification rules, leading to human error, and a lack of training in the management of classified information.

This can have more serious consequences than over-classification, such as the exposure of sensitive information, compromises to national security, and reputational and strategic damage. This is illustrated in Case II, the real historical case from 1971–76 that will be examined in this research.

Classification error analysis framework

The figure (Figure 3) shows that information classification errors:

Figure 3. Classification error analysis framework. Author’s own elaboration.

Figure 3. Classification error analysis framework. Author’s own elaboration.

• can be operational or strategic
• range from medium to critical risk
• are always linked to human error and organizational failings

Can be mitigated through:

Audits; automation; clear policies; a culture of security.

Real-Life Case Study 1971–1976

According to the Department of Energy’s report on the erroneous declassification of nuclear weapons designs, in July 1971 these very same declassified documents were obtained from the Los Alamos Library in New Mexico. It was found that the erroneous declassification of documents on a large scale at the Los Alamos library amounted to around 1.5 million documents released between 1971 and 1976. (J. Dexter Peach, 1979)

As a result of this declassification error, this program contained highly sensitive information.

Since 1978, the Department of Energy has been reviewing all declassified materials to ensure that no further errors of this kind occur.

However, in 1971, the Department launched a comprehensive review program of all classified documents in its inactive files. By 1976, when this large-scale program concluded, approximately 2.8 million documents had been reviewed and around 1.5 million, as mentioned above, had been declassified.

As a result, the department deviated from the standard declassification procedures, which normally require two reviewers before a document is declassified; however, during this comprehensive review, there was no second reviewer. In some cases, the final decision to declassify a document was routinely made by a single team member who was neither a specialist nor a qualified technical expert.

This department had a particular interest in declassifying a large number of documents within a short period of time. For example, a review was conducted over 33 days from 15 January 1973 to 16 February 1973, covering some 388,092 documents, of which 234,215 were declassified.

In May 1978, an individual entered a public section of the Los Alamos Library Department and found documents containing weapons-related information that had been erroneously declassified; the individual subsequently brought this to the attention of Los Alamos officials, whereupon the department decided it would be best to re-check the declassified documents.

Following the re-check, around 2,000 reports were found, of which 5% had been wrongly declassified (104 documents).

On 7 May, the same individual returned to the library and found further reports that had been erroneously declassified; this time, they were of a higher sensitivity and contained information on weapons design, which was accessible to the public in a section of the library.

Following the 1973 review of the Los Alamos scientific laboratory, around 30 boxes of declassified documents were prepared for transfer to the National Archives. An official said that one or two documents contained a great deal of classified material, making it difficult to understand how these items had been declassified. (J. Dexter Peach, 1979) It is reasonable to assume that an interested party could obtain these lists relatively easily. There were no records of how many people had read or copied these documents.

The department issued a directive in May 1979 to all holders of declassified documents, instructing them not to disclose such documents, including the 1.5 million documents declassified between 1971 and 1976, unless they had first been reviewed and approved by a classification specialist. Furthermore, the department is re-evaluating some of these documents to determine whether they should be reclassified.

From that point onwards, any disclosure or dissemination of the content would constitute a criminal offence under the Atomic Energy Act of 1954.

In conclusion, the review of document classifications carried out within the programmed between 1971 and 1976 created a situation in which such errors should have been anticipated. The damage caused was extensive, and the dissemination of documents on nuclear weapons technology remains unclear.

According to the inspection report by the Office of the Inspector General, US Department of Energy (2022), documents and materials must be classified, declassified, downgraded or upgraded only by individuals with the appropriate authorizations. A Derived Classifier (DC) is an individual authorized to confirm that an unmarked document or material is unclassified or to determine whether it is classified as permitted by the classification authority’s description. A DC must be designated, trained and appointed in writing by the Classification Officer. A Reviewing Officer (RO) is an individual authorized to determine whether a document or material contains UCNI (unclassified controlled nuclear information) only within the specific subject areas and jurisdiction covered by the authority description. A RO must be nominated, trained and appointed in writing.

According to this report, Los Alamos National Laboratory was aware of the allegation and conducted a security investigation, a Human Resources - Employee Relations investigation, and a review of the terms and conditions.

Within this report, it was identified that weaknesses had been found in the safety course at the Los Alamos laboratory, where students did not ‘have time’ to learn about the DC/RO application process, and were therefore sent straight to an exam anyway.

The recommendations made to the manager of the Los Alamos office were as follows:

1. Ensure that all staff know where to find the official list of DC/ROs, which must be accurate and continuously updated.

2. Ensure that unofficial DC/RO lists are discontinued.

3. Update all relevant training on the classification of derivatives and the UCNI review process, adding test questions on how to obtain an authorized DC/RO and removing the option to skip to the end of the training.

4. The LANL publications database contains classified documents.

5. Periodically review internal documents to ensure that only authorized DC/ROs have reviewed and marked these documents.

I would further add that this incident at Los Alamos was a mistake that failed to uphold the three pillars of information security- the CIA triad of Confidentiality, Integrity and Availability (seen in figure 1)- where confidentiality was not maintained to prevent unauthorized access, access was not guaranteed when necessary (need-to-know), and unauthorized alteration was not prevented.

From an organizational perspective, the absence of a mandatory dual-review system significantly increased the likelihood of erroneous declassification decisions. In several cases, classification judgments were delegated to personnel without adequate technical expertise or classification authority, violating fundamental principles of classified information governance. Critics have argued that the broader U.S. classification system suffers from chronic over-classification, which indirectly contributed to the Los Alamos failures. When excessive amounts of information are classified, personnel may become desensitized to classification markings, making it more difficult to distinguish genuinely critical information from material classified primarily out of institutional caution. This creates an environment where compliance becomes procedural rather than analytical, increasing the likelihood of mistakes.

Human factors also played a critical role, particularly cognitive overload and institutional pressure to process large volumes of documents within constrained timeframes, this created a prioritization bias towards efficiency over security assurance.

Hypothetical case

Within the three pillars of the CIA triad (Figure 1) discussed earlier, a hypothetical case will be presented to illustrate that subclassification also fails to uphold these pillars and can compromise the security of the CI.

Figure 1. C.I.A Triangle. Adapted from: Check Point Software Technologies. What is the CIA triad? Check Point Cyber Hub. Available online: https://www.checkpoint.com/pt/cyber-hub/cyber-security/what-is-it-security/what-is-the-cia-triad/ .

Figure 1. C.I.A Triangle. Adapted from: Check Point Software Technologies. What is the CIA triad? Check Point Cyber Hub. Available online: https://www.checkpoint.com/pt/cyber-hub/cyber-security/what-is-it-security/what-is-the-cia-triad/ .

In this scenario, the document was incorrectly classified due to negligence in the subclassification process by a mid-level information officer within a governmental or defense-related unit (e.g., a staff officer responsible for document handling in a security or intelligence directorate). In some cases, this role could also be performed by an administrative assistant with delegated classification authority or a project manager working within a sensitive program who lacks full familiarity with classification guidelines.

A person is an insider with regard to access to a particular resource X. By incorrectly classifying a report on military vulnerabilities as ‘Confidential’ rather than a higher level, the officer alters the organization’s access network structure.

This assessment error artificially reduces the perceived value of the document’s security classification; the practical result is that a wider class of users (those who should only have access to Class 3 areas or ‘Confidential’ information) now have legitimate access to critical secrets.

Thus, the classifier’s error allows individuals who should not have a ‘need to know’ to effectively become insiders for that specific information, increasing the likelihood of a leak or exploitation by adversaries.

Within this classification error, we observe not only human error but also shortcomings in training and risk assessment. Among human errors is the classification error, resulting in either a higher or lower classification than necessary. Training should be constantly updated, along with the training materials, so that every individual is fully aware of what they need to know. As for risk assessment, this is where the impact that under-classification or over-classification can cause is underestimated; consequently, an assessment becomes incorrect because the actual impact was misjudged, thereby increasing the probability of a threat and compromising risk mitigation, where strategic decisions may be made based on incorrect data and security measures may not be implemented in time.

Inappropriate under-classification of a document compromises the confidentiality, integrity and availability of the information and distorts the assessment process.

Let’s assume a document containing technical reports on security vulnerabilities at a military base. This document should have been classified as higher than confidential, but was classified as restricted. This not only affects the speed at which the information reaches those who need to know it quickly, but also increases the vulnerability regarding the ‘need-to-know’ principle, as unauthorized third parties may gain access to this information and disseminate it.

These errors occur due to a lack of training on the part of the person responsible for classification, inadequate assessment of the impact of disclosure, and administrative pressure to reduce the volume of classified information.

Comparison of Cases

In both cases, we observed errors relating to human factors, classification, declassification and training. We therefore consider that, in the Los Alamos case, there was an error in the declassification of documents that should have remained classified, whilst in the hypothetical case, critical documents were under-classified.

The nature of the information was significant in both cases: in the Los Alamos case, it concerned military nuclear technology, and in the hypothetical case, it concerned military security vulnerabilities.

The origins of the errors lay in inadequate classification review processes in the real historical case, whilst in the other case it was an incorrect assessment of the impact; both could obviously compromise information security and risk management.

Both illustrate that erroneous classification can lead to a breach of the CIA triad, significantly increasing the risk of exploitation by adversaries.

On the risk scale, we note that, in this historical case, the events took place during the Cold War period (1947–1991), when the adversaries, the US and the USSR, were engaged in a nuclear arms race, espionage, military technology development and the pursuit of global political influence; it was a period of great political, military and technological tension, so all documents disseminated and copied may have been shared with adversaries, potentially affecting global security as this occurred on an international strategic scale. In the second case, the risk scale indicates an increased risk of internal threats and makes it easier for an adversary to exploit known vulnerabilities, having an operational and tactical impact in this chaotic environment.

Dimension	Los Alamos Case	Hypothetical case
Type of failure;	Erroneous declassification;	Under-classification;
Main cause;	Operational pressure;	Incorrect risk assessment;
Human factor;	Unqualified reviewers;	Insufficient expertise;
Governance weakness;	Lack of dual review;	Weak classification oversight;
Security consequence;	Exposure of nuclear data;	Expanded insider access;
Risk level;	Strategic/global;	Operational/tactical;
Mitigation.	Audits + reclassification.	Training + access review.

Measures to Strengthen Information Classification

It is essential to ensure that only individuals with the appropriate authorizations carry out classification or declassification. Organizations must ensure that all staff are aware of and use only the official list of DC and RO, which must be continuously updated, whilst eliminating any unofficial lists.

To reduce over-classification (classifying information at a higher level than necessary), it is proposed that short electronic forms be used in which classifiers must justify their decisions by identifying the potential harm that disclosure of the information would cause.

Conducting periodic and random audits (for example, by the Office of the Inspector General) helps to detect abuses and correct erroneous decisions, introducing a culture of accountability into the process.

Regular reviews of internal documents should be carried out to ensure that classification marks have been assigned by authorized personnel and that the security level remains appropriate to the current context.

Lessons Learnt and Conclusion

This article contributes to the literature by framing classification error as a governance and organizational risk problem rather than merely an administrative or procedural failure.

The Los Alamos case demonstrated that attempting to declassify massive volumes of documents (e.g. 388,000 in 33 days) within a short timeframe inevitably leads to human error and technical failure. A primary failure occurs when declassification decisions are made by staff who are not specialists or technically competent in the subject matter in question. In the Los Alamos incident, the absence of a second reviewer allowed sensitive information on nuclear weapons to be exposed to the public.

Under-classification (assigning a lower classification level than necessary) can expose critical vulnerabilities, such as technical reports from military bases, to individuals without a ‘need-to-know’.

Over-classification leads to operational inefficiency, high financial costs (due to unnecessary storage and protection) and undermines democratic transparency.

Classification errors directly compromise the confidentiality (unauthorized access), integrity (unauthorized alterations) and availability of information.

Implementation of standards such as ISO 27001, which focuses on continuous improvement through the PDCA cycle (Plan, Do, Check, Act), and the NIST CSF, which provides a taxonomy for managing cybersecurity risks. Information must be treated as a strategic asset. Each information asset must have a formal ‘owner’ responsible for ensuring its security and integrity from the moment of identification.

Organizations must structure their premises into security zones (Class 1, 2 and 3), where access to and handling of IC are restricted by physical barriers and continuous monitoring, depending on the sensitivity of the information.

Training programs must be rigorous, including specific tests on authorization processes and removing options that allow users to ‘skip’ learning modules.

Mechanisms should be established whereby authorized information holders can challenge inappropriate classifications anonymously, promoting an organizational culture that values accuracy over secrecy by default.

The classification of information is not merely an administrative task, but a strategic pillar of national security and organizational integrity. For this system to be effective, there must be a careful balance between the protection of sensitive data and the principles of transparency and proportionality.

The historical case of Los Alamos demonstrated that technical failures and administrative pressure to declassify massive volumes of information lead to catastrophic errors. The lesson learnt is that classification and declassification must be the exclusive responsibility of specialized technical staff (Derivative Classifiers and Review Officers) who are properly trained and authorized by official lists.

Although the cases examined in this study are not limited to military conflict scenarios, the lessons identified are directly applicable to critical information systems used by naval and maritime organizations. In such environments, classification governance contributes not only to information protection but also to operational continuity, decision-making support and organizational resilience.

In short, efficient management of classified information requires organizations to abandon bureaucratic inertia and adopt a stance of continuous improvement and technical rigor, where ongoing training and active oversight ensure that genuine secrets remain protected without compromising operational efficiency.