By Jim Kouri
Last Friday, without fanfare or ceremony, President Barack Obama release an executive order that he claims will strengthen the U.S. government’s information and computer security policies and practices to prevent breaches such as the 2010 WikiLeaks episode, according to Donna Miles of the American Forces Press Service.
The executive order was issued in the aftermath of an interagency committee review of existing policies and practices following WikiLeaks’ unlawful disclosure of classified information last summer, White House officials said.
The WikiLeaks.org group posted tens of thousands of documents, many of which detailed classified and sensitive field reports regarding U.S. and coalition military operations.
President Obama’s executive order cites efforts already taken to reduce the risk of future security breaches while providing a framework for enhancing national security through responsible sharing and safeguarding of classified information, according to Ms. Miles.
“The strategic imperative of our efforts has been to ensure that we provide adequate protections to our classified information while at the same time sharing the information with all who reasonably need it to do their jobs,” officials said.
The emphasis is on balancing the requirements of responsible information sharing with safeguarding imperatives, while ensuring consistency across government and respecting the American people’s privacy, civil rights and civil liberties, Miles noted.
The executive order assigns agencies the primary responsibility for sharing and safeguarding classified information, consistent with appropriate protections for privacy and civil liberties.
Federal agencies that use classified networks are required to:
- Designate a senior official to oversee the agency’s classified information sharing and safeguarding;
- Implement a program to detect and prevent insider threats; and
- Conduct self-assessments of policy and standard compliance.
The executive order establishes several new bodies to develop, oversee and enforce these new security reforms.
A senior information sharing and safeguarding steering committee formally established will coordinate interagency efforts and ensure that the federal departments and agencies are held accountable. In addition, a new classified information sharing and safeguarding office will provide a sustained, full-time focus on sharing and safeguarding classified national security information. The office also will help to ensure consistent policies and standards and strive to identify the next potential problem.
Meanwhile, senior representatives both at the Defense Department and National Security Agency will act together as the executive agent for safeguarding classified information on computer networks. As part of this joint mission, they will develop technical safeguarding polices and standards and assess compliance, noted Miles.
According to White House officials, the beleaguered Attorney General Eric H. Holder and Director of National Intelligence James R. Clapper will form a special task force to develop a program to detect and prevent insider threats and reduce potential vulnerabilities throughout the government that will integrate specialized abilities, tools and techniques to deter, detect and disrupt the insider threat, according to Miles.
White House officials claim that measures have already been taken within the Defense Department and other federal agencies to safeguard classified information and networks.
All have made significant progress in clarifying and standardizing polices, processes and technical controls regarding removable media, officials said, limiting the numbers of users with removable media permissions and strengthening accountability for violations.
In addition, owners and operators of classified systems continue to strengthen verification procedures to log on to classified systems and the tracking of what information users access, officials added, noting that more robust access control systems are being implemented to ensure individual users’ information access is commensurate with their assigned roles.
Meanwhile, high priority is being placed on enhancing the auditing capabilities across U.S. government classified networks. Planning is now under way to define policy and develop standards for collecting and sharing of audit and insider threat data, officials said.
Douglas B. Wilson, assistant secretary of defense for public affairs, noted this spring that the WikiLeaks episode underscores the need for laws and policies that address the unintended consequences of “technology at the intersection of national security.”
Even as social media revolutionizes information-sharing, the Defense Department’s communication strategy boils down to the responsibility of being transparent and timely without jeopardizing the safety and privacy of service members and their families, Wilson said.
“How do you deal with the press and public openly, credibly, in a timely manner and honestly?” Wilson asked. “How do you provide facts and the truth, by the same token understanding that we’re responsible for our men and women in uniform who are in harm’s way in many places? How do you make sure that there [are] not unintended consequences of information which can put them further in harm’s way and affect their safety and the privacy of their families?”
“Those are the issues that frame everything that we do,” Wilson said.