U.S. Department of DefenseFrom: Whitman, Bryan Mr OSD PA
Office of the Assistant Secretary of Defense (Public Affairs)
November 28, 2010
Sent: Sunday, November 28, 2010 02:43 PM
To: Whitman, Bryan Mr OSD PA
As you may be aware, several news organizations are about to publish stories on hundreds of thousands of stolen classified State Department documents provided to them by Wilileaks. As we have in the past, we condemn this reckless disclosure of classified information illegally obtained.
We also want to provide you with context and details regarding ongoing efforts to prevent further compromise of sensitive data.
The 9/11 attacks and their aftermath revealed gaps in intra-governmental information sharing. Departments and agencies have taken significant steps to reduce those obstacles, and the work that has been done to date has resulted in considerable improvement in information-sharing and increased cooperation across government operations.
However, as we have now seen with the theft of huge amounts of classified data and the Wikileaks compromises, these efforts to give diplomatic, military, law enforcement and intelligence specialists quicker and easier access to greater amounts of data have had unintended consequences – making our sensitive data more vulnerable to compromise.
That said, the Department has undertaken a series of actions to prevent such incidents from occurring in the future.
On August 12, 2010, Defense Secretary Robert Gates commissioned two reviews to determine what policy, procedural and/or technological shortfalls contributed to the unauthorized disclosure to the Wikileaks website.
As a result of these two reviews, a number of findings and recommendations are in the process of being reviewed and implemented, including the following:
Directing actions to include disabling all write capability to removable media on DoD classified computers, as a temporary technical solution to mitigate the future risks of personnel moving classified data to unclassified systems.
Directing DoD organizations to have limited number of systems authorized to move data from classified to unclassified systems (similar to a KIOSK concept, where it is necessary to meet at a central, supervised location to conduct this activity).
- Directing DoD organizations to implement two-person handling rules for moving data from classified to unclassified systems to ensure proper oversight and reduce chances of unauthorized release of classified material.Developing procedures to monitor and detect suspicious, unusual or anomalous user behavior (similar to procedures now being used by credit card companies to detect and monitor fraud).
- 60% of DoD’s SIPR-net is now equipped with HBSS (Host-Based Security System) – an automated way of controlling the computer system with a capability of monitoring unusual data access or usage. DoD is accelerating HBSS deployment to its SIPR-net systems.Conducting security oversight inspections in forward-deployed areas.
Undertaking vulnerability assessments of DoD networks.
Improving awareness and compliance with information protection procedures. For example, CENTCOM has:
- Increased “insider threat” training focusing on awareness of associated activity.Bottom line: It is now much more difficult for a determined actor to get access to and move information outside of authorized channels.
- Initiated multi-discipline training between traditional security, law enforcement and information assurance at all echelons.
- Established "Insider Threat Working Groups" to address the WIkileaks incident and prevent reoccurrence.
- Informed all personnel of restrictions on downloading to government systems and cautioned regarding personal IT systems.
(you may use this on the record attributed to me)