Advertisement

You will be redirected to the page you want to view in  seconds.

Official: Alarm software installed, not activated pre-WikiLeaks

Dec. 20, 2010 - 12:43PM   |  
By BEN IANNOTTA   |   Comments
Because of the WikiLeaks incident, discussions are underway with Defense officials over turning on data loss-prevention software that had never before been activated.
Because of the WikiLeaks incident, discussions are underway with Defense officials over turning on data loss-prevention software that had never before been activated. (Nicholas Kamm /AFP via Getty Images)

The Pentagon started upgrading thousands of computers with data loss-prevention software in 2008 but chose not to turn on the software, which would be able to sound alarms in cases like the WikiLeaks incident, an industry official said.

The software was installed as part of a security upgrade whose main goal was to stop viruses from being introduced into networks via thumb drives. The Defense Information Systems Agency activated a portion of the software package that gives security officials the ability to remotely disable the USB ports on classified computers, but it did not activate the data loss-prevention portion.

Because of the WikiLeaks incident, discussions are underway with Defense officials over turning on the software, which is made by McAfee, the official said.

"The deployment of the software is complete, it's there. They just have to license it," the official said.

Army Pfc. Bradley Manning is suspected of downloading thousands of classified documents from the DISA-run Secure Internet Protocol Router Network (SIPRNet) and providing them to WikiLeaks. The industry official said he did not know whether the computer Manning allegedly used was equipped with the software. Analysts have been mystified about why such a large download was not stopped.

A DISA spokeswoman referred inquiries to U.S. Cyber Command. A spokesman there would not comment.

The loss-prevention and thumb-drive tools are elements of the Host Based Security System (HBSS), which is now installed on 60 percent of SIPRNet computers, according to the Defense Department. The HBSS software, produced by BAE Systems with McAfee as a subcontractor, links network security officials to classified desktop computers. HBSS has the "capability of monitoring unusual data access and usage," the department said in statement released on the day WikiLeaks began publishing thousands of State Department diplomatic cables.

DISA decided to upgrade HBSS in 2008 after a computer virus was introduced into a U.S. Central Command network via a flash drive. The HBSS software now includes a Device Control Management tool that allows security officials to remotely disable USB drives. It was part of a software suite, but the Defense Department did not license the loss-prevention part of that suite.

Licensing the tool would not by itself reduce the risk of another WikiLeaks, the industry official said. The Pentagon would have to digitize the classification and distribution restrictions on documents so the software could read them.

"There's not one screwdriver that's going to fix this problem," the official said.

Ben Iannotta is editor of C4ISR Journal.

More In Departments