WikiLeaks fallout: White House orders classified data security review

Agencies to do post-WikiLeaks assessment of security protocols

The White House has told federal agencies to immediately evaluate their security practices to see if they have adequate restrictions in place on employees’ access to classified data and their ability to copy classified documents onto mobile devices. The move comes after WikiLeaks' massive disclosure of classified diplomatic cables.

The White House will also conduct its own security review of agencies that handle classified information, wrote Jacob Lew, director of the Office of Management and Budget, in a memo dated Nov. 28.


Related stories:

WikiLeaks upends digital security assumptions

Could WikiLeaks set back information sharing?


OMB, the Information Security Oversight Office and the Office of the Director of National Intelligence “will stand up processes to evaluate, and to assist agencies in their review of, security practices with respect to the protection of classified information,” Lew wrote.

The memo reminds federal executives that unauthorized disclosure of classified information is a violation of law and compromises national security. Such violations are unacceptable and will not be tolerated, Lew wrote.

The memo tells each federal department or agency that handles classified information to establish a security assessment team composed of counterintelligence, security and information assurance experts. The teams will review the agencies' implementation of procedures for protection of classified information.

The reviews should include an assessment of system configurations to ensure that users do not have broader access than needed for their jobs, Lew wrote. They should also assess whether there are appropriate restrictions in place on the use of classified networks and the removal of data from those networks for storage on a mobile device.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Sun, Dec 5, 2010

Agreed with the comments regarding the overclassification of data. Another problem is the lack of accountability at the highest levels. Senior leaders who fail to allot sufficient resources to security management or who tolerate incompetence are not disciplined because their relationships shield them from the consequences of their inaction. Subordinates who fall prey to the culture of sloppiness which these leaders have permitted to flourish are often punished severely, but the policies or lack of enforcement of policies which permitted or encouraged this behavior are rarely reviewed. Subordinates who try to point out bad policies are often ignored or are derided for wanting to make everyone else's jobs harder. This needs to be taken much more seriously than it has been in the past, not just with classified documents, but also sensitive documents containing Personally Identifiable Information.

Thu, Dec 2, 2010 BobbyMc

The overuse of classification is a problem. Classification Authorities should re-address their directives to assure classification of only data needing protection. The reduction in data volume would benefit control capability.

Thu, Dec 2, 2010 Jeffrey A. Williams

I forgot to add in my earlier comments to this Memo that the negating of removable media will do absolutely nothing to prevent accessing sensitive information effectively and will potentially create a problem with the transport of such data in some circumstances much more difficult rendering some operations less effective accordingly.

Thu, Dec 2, 2010 Jeffrey A. Williams

I agree with Ken's comments. IAM and the STRONG encryption of data, which the USG doesn't seem to have now, both at rest and in transit is the keys to preventing these sorts of 'leaks' and/or 'Exposiers' in the future and should have already been in effect. Encryption Key managment is also an important element as well. What's been troubling me of late is the weak Encryption standard set by NIST. 256k just isn't strong enough to secure very sensitive data, nor prevent a hacker from cracking and than gaining access without detection.

Wed, Dec 1, 2010

It is a lot easier to secure a gallon jug than a swimming pool. A BIG part of the problem is that too much stuff gets classified by habit or because 'that's the way we've always done it', and so nobody takes the system seriously. Just because something is stamped Secret or TS or whatever, doesn't mean it actually should be. If only critical stuff was actually classified, the volume would be lower, and it would be easier to keep track of.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group