Friday, October 7, 2011











White House Issues ‘WikiLeaks’ Order to Secure Classified Data

 

More than a year after thousands of classified and sensitive U.S. government documents were leaked to the secret-spilling site WikiLeaks, the White House has issued an executive order designed to improve the security of classified networks and prevent further leaks.
The so-called “WikiLeaks Order” (.pdf) was issued by President Obama on Friday and largely focuses on establishing committees, offices and task forces to work on implementing a balance between the needs of federal agencies to access classified data and the necessity of securing that data against improper usage and leaks.
To the latter end, the order requires federal agencies to have built-in auditing systems to monitor access to data. It also establishes an interagency Insider Threat Task Force, led by the attorney general and the director of national intelligence, to establish policies and evaluate the efforts by agencies to spot and deal with discontented personnel who may be at risk of leaking classified information. The order also calls for minimum standards to be developed for securing information and systems.
A steering committee will oversee the implementation of the orders and will be chaired by senior representatives of the Office of Management and Budget and the National Security Staff, but the secretary of defense and the director of the National Security Agency will be responsible for developing technical safeguards to protect classified information on networks.
The order comes after former Army intelligence analyst Bradley Manning allegedly siphoned entire databases from government networks containing more than a million documents related to the Iraq and Afghanistan wars, as well as U.S. State Department cables exposing diplomatic affairs around the world and videos showing attacks by U.S. military troops against civilian populations in Iraq and Afghanistan.
Manning had access to two classified networks from two separate secured laptops: SIPRNET, the Secret-level network used by the Department of Defense and the State Department, and the Joint Worldwide Intelligence Communications System, which serves both agencies at the Top Secret/Sensitive Compartmented Information level.
Although the networks were “air gapped” from unclassified networks (meaning they were not connected to the networks), the environment at the forward-operating base in Iraq where Manning was stationed made it easy to smuggle data out. Manning allegedly snuck out the data by copying it onto a re-writeable CD labeled with Lady Gaga music.
“I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,’ erase the music then write a compressed split file,” Manning allegedly wrote in chat logs to a former hacker. “No one suspected a thing and, odds are, they never will.”
“[I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history,” he added later. ”Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis … a perfect storm.”
Manning had exhibited behavioral problems at Ft. Drumm in New York prior to being sent to Iraq, and his supervisor there had even warned his superiors not to deploy Manning to Iraqremoved the bolt from his military weapon to disable it. Despite all of this, his access to classified networks remained intact, allowing him to access and download documents at will. after he threw chairs at colleagues and shouted at higher-ranking soldiers. Following his deployment to Iraq, the Army was so concerned about his mental stability that his superiors there
The government has already implemented a number of safeguards in an attempt to prevent other large-scale leaks from occurring, such as disconnecting the State Department cable database from SIPRnet, thus reducing the number of people who have access to the cables.
Under the new order, individual agencies will be responsible for finding a way to strike a balance between protecting sensitive data they have access to, while still ensuring that those who need data to do their jobs can access it as needed.






o
Share/Bookmark

No comments:

Post a Comment