Students of Fort Leavenworth's Command and General Staff College participate in joint operations with officers from the United Kingdom. These types of operations are common at the Combined Arms Center and are one of the many events that necessitated the need for a single system to enhance the professional development to IT professionals and created a system to identify and remediate any classified spillage. (Army)
For years, the Army Combined Arms Center at Fort Leavenworth, Kan., relied on system administrators to scan its networks and ensure secret data didn't seep onto unclassified networks.
The task was cumbersome, said Davin Knolton, the center's chief information officer. It took more than 48 hours and about a dozen administrators to locate the source of a leak and scrub the computer and any systems clean of classified information. Workers also had to determine whether a malicious attack caused the data leak.
"There was no automatic alert" when classified data was inappropriately shared, said Knolton, who oversees technology innovation and adoption. Rather, they would find out because employees would call them and report that they received classified emails they should not have received or found classified documents where they should not have been.
The inability to automate the classification process also bogged down efforts to quickly classify data and determine who needed access to it, he said.
"It usually hampers the mission when we try to protect all data," Knolton said.
Last year, Knolton and his team reached out to industry and other agencies, including the National Security Agency, for a solution that could speed up the dissemination of critical information — video, audio transcripts, mission reports and other information from theater — to those who needed it, while also protecting sensitive data.
They settled on commercial software called the Classified Spillage Solution, which has reduced the center's classified data leaks by 85 percent since January, Knolton said.
The application, available for use by the Army, is being used to filter data received and created by the Combined Arms Center. The center provides leadership development, professional and civilian education and training for the Army.
"It has opened more data to more people in the Army," said Knolton, who was honored last week by the information security organization ISC2 for his accomplishments.
Knolton was among several federal and government contractors recognized at the annual U.S. Government Information Security Leadership Awards gala for improving federal processes, policy, technology and community awareness.
"We have hundreds of thousands of documents," and the need to share information is critical, Knolton said of the Combined Arms Center. The Classified Spillage Solution scans data and separates classified and unclassified information based on keywords. If a person tries to upload a secret document, the solution can identify the person using his Common Access Card information, determine his location, and prevent that person from uploading secret data. Systems administrators are also alerted.
But it's not enough to have the latest software without the training component, Knolton said.
"Senior leaders have to have confidence in the ability of their IT guys to secure the network but also help enable the network to help the commander do his mission," Knolton said.
Knolton and his team have spent the past five years identifying individuals for development and training, and building an adequate budget to support them. Once, more than 300 people at the Combined Arms Center had "elevated" or administrative privileges that enabled them to make changes to the networks, computers and other devices. They could make the network secure or put it at risk, he said.
Today, fewer than 100 have such privileges, and they receive more rigorous training to better defend the network.
"Now I need fewer people to do this, and my money is being better spent," Knolton said.
The key is finding a balance between the basic tasks technology can accomplish, such as ensuring that software patches are updated, and using humans for tasks they are inherently skilled at — for example, spotting anomalies on the network, said Tony Sager, chief operating officer for the Information Assurance directorate at NSA.
"We cannot train everybody to be an expert in security," Sager said. "It is too hard and too big" of a task.
He suggested agencies offer training in parallel with technology. This allows them to target training for cyber workers based on their jobs and invest in technology that allows them to do their jobs more efficiently.
"We are not going to train our way to greatness," Sager said. "Technology can deal with 99 percent of the cyber problems."