WikiLeaks fallout: White House orders classified data security review
Agencies to do post-WikiLeaks assessment of security protocols
The White House has told federal agencies to immediately evaluate their security practices to see if they have adequate restrictions in place on employees’ access to classified data and their ability to copy classified documents onto mobile devices. The move comes after WikiLeaks' massive disclosure of classified diplomatic cables.
The White House will also conduct its own security review of agencies that handle classified information, wrote Jacob Lew, director of the Office of Management and Budget, in a memo dated Nov. 28.
WikiLeaks upends digital security assumptions
Could WikiLeaks set back information sharing?
OMB, the Information Security Oversight Office and the Office of the Director of National Intelligence “will stand up processes to evaluate, and to assist agencies in their review of, security practices with respect to the protection of classified information,” Lew wrote.
The memo reminds federal executives that unauthorized disclosure of classified information is a violation of law and compromises national security. Such violations are unacceptable and will not be tolerated, Lew wrote.
The memo tells each federal department or agency that handles classified information to establish a security assessment team composed of counterintelligence, security and information assurance experts. The teams will review the agencies' implementation of procedures for protection of classified information.
The reviews should include an assessment of system configurations to ensure that users do not have broader access than needed for their jobs, Lew wrote. They should also assess whether there are appropriate restrictions in place on the use of classified networks and the removal of data from those networks for storage on a mobile device.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.