[content_sesh]

I've held clearances before and that was very much not the attitude of the security folks I met. But they were big fans of reminding you what happens if they catch you doing an unauthorized disclosure.

I was very low on the totem pole, so I can't know for certain what leadership actually expects. But it doesn't jibe with my experience that there would be some kind of "leak budget" similar to Google SRE "error budget".

[krisoft]

This feels like you guys are talking by each other.

You are right. Security folks don't treat leaks lightly. Ever. This is part of how they maintain compliance with the rules.

But I don't think this is what the GP commenter talked about. You definitely design weapons, and doctrine and systems by assuming that it can leak to the enemy eventually. If your whole battle plan folds like wet tissue-paper just because the enemy got their hands on a single CAD file or manual then it wasn't a really good plan to begin with. Exhaust ports of doom are nice plot devices for movies, but in reality you try to avoid designed-in Achilles heels. And you do this because leaks happen.

Some information get leaked by carelessness, some by disgruntled employees, some are stolen by spies, some are picked up from a wreckage, some are stolen in transit, some are deduced from signal intelligence.

You can design mitigations against all of these. The scary security folks you mentioned are mitigation against the first two really. Their existence and behaviour doesn't have any bearing on what the leadership will expect.

[greedo]

Exactly. The USAF has been flying Soviet era fighters and helicopters for ages. And I bet the Russians have samples of M1s, M2s, etc. We know the Chinese got stealth technology from the crash of the Stealth Blackhawk that crashed during the Bin Laden mission in Pakistan.

While it's interesting from a opsec standpoint, there was no material loss of valuable information with the posting of this Challenger 2 data. The design and performance specs of a tank that has less than 300 units in use is a gnat on an elephant.

[mandevil]

In my experience, the US Army cared more about securing their stats on what a T-72 or T-90 could do than what a M1 could do. Which is frankly amusing given that the Russians know exactly- even better than the US- what those numbers are. Of course, the key is that they don't want the Russians to know how they know this, and are afraid that discussing it openly will reveal some of that.

In a similar vein, about 20 years ago the NSA declassified the existence of their program, during the Korean War, to intercept and decrypt Communist Ground Control Intercept messages in real time and then pass the information to American fighter sweeps (the fighter pilots were told it was radar guiding them). While the NSA was happy to talk about the results of this decrypting, they haven't (at least as of the last time I checked a few years ago) released any details on what kind of codes the North Koreans/Chinese/Russians used even though obviously all three countries know exactly what they used and how it works. The reason given to me was that revealing even just how the NSA described these codes from half a century ago would reveal too much of how the NSA thinks about cryptography.

[duxup]

I'm sure everyone involved certainly had the attitude that you don't dork up / release it.

I think just from a super high level intelligence standpoint ... you know it is going to happen.

[rblatz]

I agree, and if they don’t that feels like negligence on their part.