22 July 2012

DoD Firing Up Initiatives on Unauthorized Disclosures of Classified Information

What's funny about the Statement from George Little on Defense Initiatives to Limit Unauthorized Disclosures of Classified Information is that they are initiatives to "limit" - not "prevent" or "eliminate".

Department of Defense Fact Sheet
Recent Actions to Counter Unauthorized Disclosures of Classified Information

The Department of Defense has taken a comprehensive approach to reducing unauthorized disclosures of classified information. The department is continuously improving its security posture and overall capability to prevent unauthorized disclosures. Today, Secretary Panetta directed:

- A new “top down” approach to improve reporting leaks of classified information. The Undersecretary of Defense for Intelligence, in consultation with the Assistant Secretary of Defense for Public Affairs, will monitor all major, national media reporting for unauthorized disclosures of defense department classified information. The Undersecretary of Defense for Intelligence will ensure that the appropriate component of the department has been tasked with investigating leaks and that the required legal referrals to the Department of Justice and Congressional notifications are made.

In addition, over the past months, the following actions have been taken to help safeguard classified information:

- Improved personnel training on how to handle and protect classified information. The department has updated its information assurance and information security training courses that all personnel are required to take each year. The department has developed training designed to help individuals know what to do if they suspect a threat from an insider or observe security incidents such as leaks of classified information.

- Clarification of Information Security Policy. The department published the 5200.1M Information Security Program Manual which contains clearer instructions as to what constitutes an unauthorized disclosure, reporting requirements, the conduct of preliminary inquiries and other investigations, as well as roles and responsibilities across the department.

- Automated Security Incident Reporting System. The department has put into effect for the first time an online reporting system for significant security incidents for use across the department. This capability went into full operation in December of 2011 and is currently under evaluation for improvements in data management and tracking of investigations and other associated actions.

- Lockdown of removable storage device use on the Defense Secure Network (SIPRNET). The department has deployed a host-based security system (HBSS) tool to virtually monitor every defense department computer. HBSS prevents the downloading of information onto removable storage like DVDs, CDs, and memory sticks, with very limited exceptions. The tool also sends an alarm any time someone tries to write classified information to such removable storage. For authorized exceptions, the tool audits any downloads of information.

- Improved monitoring of DoD networks. The department issued a cyber identity credential (Public Key Infrastructure certificate) to every person operating on the department unclassified network. That process is underway for the classified network as well. Department personnel are working with other federal departments and agencies to help them issue the same cyber identity credential to all employees who need to access any of the government’s secret networks.

- Improving the auditing of information accesses so as to spot anomalous behavior. Department information officers are assessing the use of HBSS and other tools to collect and centralize data about information accesses to more quickly improve detection of malicious insiders.

- Stepping up internal oversight and assessment programs. The department has established the first Defense Security Oversight and Assessment Program (DSOAP) to conduct on-site interviews and staff assistance visits to determine and proliferate best practices as well as assess security policy affects on components. The effort identifies policy changes and gaps and provides data to the Defense Security Enterprise to effect policy remedies.

- An “Enterprise Approach” to managing Defense Department security. In response to findings of the DoD IG and issues raised during the WikiLeaks investigation, the department is publishing the DoD Directive 5200.LL, Managing the Defense Security Enterprise. This issuance stands up an executive level governance structure aimed at creating strategic management of department investments in security resources. It is the first body to bring the functions of security, counterintelligence, and information assurance together for decision-making and proponency of the security mission and for its workforce.

- Comprehensive Insider Threat Program. The department has now initiated a comprehensive DoD Insider Threat Program which includes elements from Physical Security, Cyber Security, Counterintelligence, Antiterrorism, and Force Protection. A forthcoming DoD directive (2000.rr) will codify this approach to address aspects of the insider threat.

- Unauthorized Disclosure Working Group (UDWG) and Unauthorized Disclosure Action Plan. The Under Secretary of Defense for Intelligence has commissioned the UDWG in April 2012 to develop a strategy and plan of action and milestones aimed at improving our ability to prevent accidental and deter intentional public disclosure of classified national security information. The group has its plan in draft and is in the process of overseeing its execution.

By: Brant

No comments: