Unclassified but still worth protecting
An unusual news item in the Federal Times says that the US DoD is proposing to impose information security requirements on defense contractors regarding unclassified information, supplementing those for classified information. The article goes on about blurring the distinctions between classified and unclassified information, and claims the compliance costs across the industry will be enormous, but if so I'm puzzled at the implication that such information is not already being adequately protected by contractors. Surely any organization that handles classified military information is well aware of information security risks and controls, so I would be very surprised if unclassified information is as insecure as the journalist suggests.