WikiLeaks was a different wake-up call
A big security breach requires a thoughtful response
Nobody expected that increasing information sharing across digital highways was going to be easy as far as security was concerned — not with the growing number and sophistication of the people trying to get inside U.S. government networks. But if those kinds of incursions were regular slaps across the face, the WikiLeaks affair was a hammer to the head.
The worst came in late 2010, with the dump by the WikiLeaks organization of some 250,000 State Department cables that were dissected and written about in major newspapers in Europe and the U.S. and freely disseminated over the Web.
The cables were allegedly provided to WikiLeaks by a soldier who had access to classified information carried over the Defense Department’s Secret IP Router Network.
It was a security breach of epic proportions, and it brought a halt, at least for a while, to the post-Sept. 11, 2001, campaign to increase information sharing. The aftershocks were felt far outside the U.S.
“This was as bad as it gets,” Undersecretary of State for Management Patrick Kennedy told the Washington Post at the time. “We had, over the course of many years, built up a huge amount of faith and trust. That’s ruptured now, all over the world.”
Lawmakers openly worried that the affair could drive government agencies back to the days before the terrorist attacks. Even months afterwards, Sen. Joseph Lieberman (I-Conn.), co-author of the 2004 Intelligence Reform and Terrorism Prevention Act that promoted better information sharing, said he feared it could become “a rallying cry for an overreaction for those who would take us back” to the days when information was considered the property of the agency that developed it and was not to be shared.
“Longer-lasting damage could occur if we allow a culture to re-emerge in which each intelligence entity views itself as a separate enterprise within the U.S. counterterrorism structure,” said Sen. Susan Collins (R-Maine), ranking member of the Senate Homeland Security and Governmental Affairs Committee, at a hearing on WikiLeaks in March 2011. “If those stovepipes reappear or worsen, we will certainly be in more danger.”
That didn’t happen. After the initial shock, agencies began to heal the damage that had been caused but were judicious in the actions they took. In some ways, the WikiLeaks affair brought a renewed focus on the insider threat, which had at one time been labeled the major threat to agency security but had seemed to fade from everyone’s attention as external threats grew in importance.
The State Department, for example, said it was continuing to use automated tools to detect anomalies in its classified network but was also looking to decentralize its distribution systems and consider other means, such as searchable databases that use metadata. Officials also admitted that they needed to do a better job of sorting out what they needed to share.
“Connecting systems and networks may provide the means to share information,” Kennedy told the Senate hearing in March, “but we must still manage and share this content in an effective and efficient way.”
WikiLeaks is definitely now part of the overall discussion about information sharing, said Dan Diiulio, director of engineering at General Dynamics Information Technology’s Navy and Air Force Systems Division, and it has put the spotlight back on the various levels of information that exist in organizations and what should be shared and what should not.
“That puts an emphasis on having security technology, such as data loss prevention and deep packet inspection, that allows [network] sessions to be broken down and inspected,” he said. “That’s all part of a threat management solution that allows for a lot more oversight of what’s actually transpiring during the session.”
The Obama administration has moved to put policies and structures in place that seek to reduce the insider threat as an impediment to information sharing. On Oct. 7, 2011, officials released Executive Order 13587, which describes structural reforms to “improve the security of classified networks and the responsible sharing and safeguarding of classified information.”
As part of those reforms, each government agency now must have a senior official in charge of overseeing information sharing. Agencies also have to implement a specific prevention program produced by a new Insider Threat Task Force. The group, co-led by the U.S. attorney general and the director of national intelligence, is charged with developing governmentwide policies and programs to counter insider threats.