Advertisement

You will be redirected to the page you want to view in  seconds.

WikiLeaks fallout leads to an info-sharing clampdown

Dec. 5, 2010 - 05:23PM   |  
By SEAN REILLY   |   Comments
Ranking House Intelligence committee member Rep. Pete Hoekstra, R-Mich., speaks to the press after a closed briefing on the latest round of the WikiLeaks scandal.
Ranking House Intelligence committee member Rep. Pete Hoekstra, R-Mich., speaks to the press after a closed briefing on the latest round of the WikiLeaks scandal. (Chris Maddaloni / Staff)

The fallout is still settling from WikiLeaks' ongoing disclosure of thousands of diplomatic cables, but for government workers and contractors who handle classified information, a crackdown has already begun.

The State Department, for example, has limited access to its Net Centric Diplomacy database of classified and unclassified diplomatic reports. It also intends to deploy "an automated tool" to uncover anomalies in classified network activity, according to the White House.

Intelligence agencies are similarly stepping up tracking of computer use. Under what's known as "enhanced automated, on-line audit capability," for example, all intelligence community classified computer systems will be monitored to detect unusual behavior, the White House said.

At the Pentagon, which undertook two security reviews last summer following earlier WikiLeaks revelations, the creation of "Insider Threat Working Groups" are among the options being assessed and implemented.

How much further the clampdown will go likely hinges on the outcome of several governmentwide reviews announced last week. Already, however, worries are surfacing that action will spawn overreaction.

"My concern with the WikiLeaks situation is avoiding what I call ‘WikiMania,' " said Jay Bosanko, director of the National Archives' Information Security Oversight Office, which is working with agencies. "There is so much concern about the need to preclude this from ever happening again," he explained, "that we roll back important information-sharing initiatives or otherwise focus on trying to put the genie back in the bottle."

Bosanko's unease was echoed by a senior intelligence official.

"All the breakthroughs in information sharing since Sept. 11 — they could all be put in question," said the official, who requested anonymity. "It's devastating."

Although WikiLeaks had previously disclosed hundreds of thousands of Iraq and Afghanistan war records, the release of the State Department cables has prompted a much more aggressive public stance from the Obama administration. On Nov. 28, the Office of Management and Budget ordered departments and agencies to create security assessment teams to review procedures for handling classified information. Three days later, the White House named Russell Travers, a top National Counterterrorism Center official, to head "a comprehensive effort" to decide what structural reforms are needed. The President's Intelligence Advisory Board will also explore how the executive branch agencies share and safeguard classified information as a whole. No deadlines have been announced for completing any of the reviews.

WikiLeaks began posting the embassy messages on its website Nov. 28 and plans to continue releasing them in stages during the next few months. The approximately 251,300 cables run from 1966 to this February. More than 117,000 are labeled secret or confidential while the rest are unclassified, according to WikiLeaks. "This document release reveals the contradictions between the U.S.'s public persona and what it says behind closed doors," the organization said on its site.

Just the fraction disclosed so far has triggered a ruckus in the U.S., with some politicians calling for the prosecution of WikiLeaks' Australian founder, Julian Assange. Although no one has been explicitly charged with giving the cables to WikiLeaks, attention has centered on Army Pfc. Bradley Manning, whom the military charged in May with illegally accessing "more than 150,000 diplomatic cables" through the Secret Internet Protocol Router Network, or SIPRNet, according to the charge sheet. The sheet does not allege what Manning did with them.

SIPRNet is a system of interconnected computer networks that the Defense and State departments use for secure transmission of information up to the secret classification level. Manning, stationed in Iraq at the time, also had access to the Joint Worldwide Intelligence Communications System, used by both departments for top secret and SCI — sensitive compartmented information — communications.

Manning had no difficulty in evading lax security, according to a July article in Wired magazine that included excerpts from online chats between him and former computer hacker Adrian Lamo. At one point, Manning told Lamo that workplace use of removable media such as CDs and DVDs was widespread, making it easy to spirit away massive amounts of data. Asked how the server containing such data was insecure, Manning replied that people ‘"were working 14 hours a day" and ‘"stopped caring after three weeks."

"The culture fed opportunities . . .," he said. "I would come in with music on a CD-RW labeled with something like ‘Lady Gaga,' erase the music then write a compressed split file," he added.

"Weak servers, weak logging, weak physical security, weak counterintelligence, inattentive sig-nal analysis ... a perfect storm," he said.

Besides limiting access to Net Centric Diplomacy, the State Department has recently suspended SIPRNet access to two classified sites, ClassNet and SharePoint, according to the White House. In an apparent reference to those actions, State Department spokesman P.J. Crowley said last week that access to diplomatic cables has been narrowed across the government "for the time being." Amid a security review, the department has also reaffirmed a policy prohibiting deployment of computers with thumb drives or other removable devices that can be used for data storage.

At ClearanceJobs.com, Managing Director Evan Lesser said he expected the WikiLeaks breaches to also affect handling of security clearance applications.

Although clearance adjudicators already examine misuse of information technology, Lesser predicted that any previous infraction — such as downloading copyrighted material without authorization— could be "regarded much more closely than it has in the past."

Still to be seen is whether the WikiLeaks backlash means a lasting setback to the post-Sept. 11 push for greater information-sharing among agencies.

"I hope not," said Ellen McCarthy, president of the Intelligence and National Security Alliance, a nonprofit professional association. The benefits far outweigh the costs, McCarthy said, and systems used by companies such as Amazon and Google show that it is "absolutely possible" to monitor how information is being used without shutting it off. "What we really need is to be far more serious about operational security and counterespionage," she said.

In the military intelligence community, monitoring technology is not as widespread as it should be, said the senior intelligence official. "It's kind of like the banking system. If you went and withdrew $10,000, that would automatically draw an alert," the official said. "It's the same idea — 10 gigabytes of data in 12 hours — that ought to send a signal to a network administrator. We don't really do that."

To address the problem, the Defense Information Systems Agency has been rolling out a monitoring system called the Host-Based Security System, which McAfee, one of the project's contractors, describes as a combination of monitoring software and policy rules designed to spot suspicious behavior and alert authorities.

To Bosanko, the WikiLeaks breach represents not a safeguarding failure, but "a vile situation created by an individual who violated the trust that had been placed in him."

"Where we need to focus our efforts moving forward is using technology to equip us with the means to safeguard information better while we're sharing it," he said.

Steven Aftergood, a secrecy expert at the Federation of American Scientists, saw the flurry of White House reviews as partly driven by political considerations.

"The administration both wants to fix the problem and to be seen as fixing the problem," Aftergood said. "Some of the most important work may already be behind us," he added, because the two DoD reviews have already been completed, and most of their conclusions and recommendations implemented.

———

Ben Iannotta contributed to this report.

More In IT