Transparency, Technology, and the Future of Information Security

 

Presented by ClearanceJobs & Carahsoft

As Michael Thomas, Director of the Information Security Oversight Office, explained at ClearanceJobs Connect 2025, his small office inside the National Archives manages one of government’s largest responsibilities: deciding what information must remain secret, and what should be shared.

“ISOO sits at the intersection of transparency and national security,” Thomas said. “We define the line between what must be protected and what’s ready to be released.”

He described the challenge as a “tightrope walk,” requiring constant adaptation to world events. “Yesterday something might have been too sensitive to release,” he said. “Today, because of changing circumstances, the public deserves to see it.”

Screenshot 2025-10-07 at 11.43.02 PMThomas recently released ISOO’s annual report to the President, detailing how agencies handle classified and controlled unclassified information (CUI). The findings highlight a pivotal moment: legacy systems and cultures are colliding with new technologies. “All of these legacy processes are being disrupted by AI and automation,” he said.

ISOO’s mission, he added, is to provide guidance on how to use those technologies responsibly. “We’re the keepers of the rules that govern how agencies classify and declassify information,” he said. “We must evolve those rules to match the tools.”

Thomas emphasized that automation can help oversight bodies like his own. “There’s no longer enough human capacity to process the volume of digital data government produces,” he said. “Automated tools can analyze, redact, and flag information faster—if done properly.”

He was quick to add that machines will never replace accountability. “AI should be a decision aid, not a decision maker,” he said. “The responsibility for judgment will always rest with humans.”

The evolution of the Controlled Unclassified Information Program, established under the Obama administration, illustrates that point. Thomas called CUI “a seamless framework” that unites multiple layers of security once fragmented across agencies. “Our adversaries target unclassified data as much as classified,” he said. “CUI ensures that everything sensitive is protected consistently.”

Looking forward, Thomas is optimistic. “We finally have the tools to solve problems that have existed for decades—over-classification, inconsistent standards, and information silos,” he said. “If we apply these technologies carefully, we can make government both more secure and more transparent.”