White House Acts On WikiLeaks-Style Breaches

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.,

The US federal government has launched new systems to protect classified government documents

US President Obama has signed an executive order outlining data security measures and rules for government agencies to follow to prevent WikiLeaks-style breaches, the White House said on 7 October. The executive order defines basic security measures to protect data as well as mandates the creation of committees to oversee the effort.

Last November, WikiLeaks started posting hundreds of thousands of United States diplomatic cables online, severely embarrassing the United States government. Shortly after the leak, the government ordered agencies to restrict the use of “removable media” such as CDs and USB flash drives on classified systems.

‘Weakest link’

“We are only as strong as our weakest link and this is a shared risk with shared responsibility,” the White House said.

The orders reinforce the rule that employees can’t download private data to removable hard drives, require agencies to track what government employees are doing when accessing sensitive information, and define how information should be encrypted and secured.

The national security team at the White House formed a committee and spent the past seven months reviewing and defining guidelines that would reduce the risk of a future breach. The newly signed executive order would coordinate implementing broad security measures across all agencies of the federal government, including the Federal Bureau of Investigation, Central Intelligence Agency and the Department of Defense.

“The strategic imperative of our efforts has been to ensure that we provide adequate protections to our classified information while at the same time sharing the information with all who reasonably need it to do their jobs,” according to a White House fact sheet on the executive order.

The order included the creation of a senior steering committee that will oversee the safeguarding and sharing of information. While chaired by senior representatives of the Office of Management and Budget and the National Security Staff, the technical safeguards will be created by the secretary of defense and the director of the National Security Agency.

Dealing with risks

The intra-agency Insider Threat Task Force will establish policies and evaluate efforts to detect and deal with government employees and military personnel who may be at risk of leaking classified information. The attorney general and the director of national intelligence will lead the task force.

The executive order also required the steering committee to submit a report to the president within 90 days on how the new measures are working or failing at protecting classified data. The committee will also issue follow-up reports at least once a year to keep track of successes and failures.

US Army Sgt. Bradley Manning is suspected of copying secret documents from classified databases onto a CD masquerading as a Lady Gaga music CD. Security experts noted that a low-ranking intelligence analyst such as Manning should not have had access to these sensitive documents on the military’s classified network in the first place.

WikiLeaks initially posted the documents with potentially vulnerable names redacted, but dumped the full archive of 251,000 diplomatic cables online last month when reports emerged that the documents were available on file-sharing sites.