DOD Take Steps to Secure Classified Data

WASHINGTON, March 11, 2011 — The Defense Depart­ment has tak­en steps to pre­vent anoth­er mas­sive leak of its clas­si­fied infor­ma­tion, a senior offi­cial told a Sen­ate com­mit­tee yes­ter­day.
Thou­sands of clas­si­fied mil­i­tary doc­u­ments were leaked and dis­trib­uted into the Internet’s pub­lic forum last sum­mer, prompt­ing an imme­di­ate inves­ti­ga­tion from the top down.

Offi­cials since have sin­gled out the weak­est link in the department’s secu­ri­ty chain, and began a checks-and-bal­ances sys­tem to stem the flood of the crit­i­cal defense data, Tere­sa M. Takai, chief infor­ma­tion offi­cer and act­ing assis­tant sec­re­tary of defense for net­works and infor­ma­tion inte­gra­tion, told the Sen­ate Home­land Secu­ri­ty and Gov­ern­ment Affairs Com­mit­tee yesterday. 

“The depart­ment imme­di­ate­ly began work­ing to address the find­ings and improve its over­all secu­ri­ty pos­ture to mit­i­gate the pos­si­bil­i­ty of anoth­er sim­i­lar type of dis­clo­sure,” she said. 

Takai told Sen­ate mem­bers that Defense Sec­re­tary Robert M. Gates imme­di­ate­ly called for two inter­nal stud­ies to review the department’s infor­ma­tion secu­ri­ty pol­i­cy and to unveil how clas­si­fied infor­ma­tion is han­dled in for­ward-deployed areas. The results showed that for­ward-deployed units had an “over-reliance” on using remov­able elec­tron­ic stor­age media, Takai said. 

Respon­si­bil­i­ties need­ed to be bet­ter defined to detect and han­dle insid­er threats, she said, and meth­ods to mon­i­tor user behav­ior on clas­si­fied com­put­er net­works were lim­it­ed. To get con­trol of the vul­ner­a­bil­i­ties, the depart­ment has dis­abled the abil­i­ty to copy data from near­ly 90 per­cent of its clas­si­fied com­put­ers, Takai said. The rest of the clas­si­fied com­put­ers were left intact to write remov­able media for oper­a­tional rea­sons, she explained, but only under strict controls. 

Takai told the com­mit­tee that more work is com­ing to pre­vent stolen data, and a project is under way with the Office of the Nation­al Coun­ter­in­tel­li­gence Exec­u­tive to add an infor­ma­tion tech­nol­o­gy insid­er detec­tion capa­bil­i­ty and insid­er threat program. 

The Defense Depart­ment is work­ing on a Web-enabled infor­ma­tion secu­ri­ty train­ing to accom­pa­ny the department’s manda­to­ry annu­al infor­ma­tion assur­ance train­ing, she said, and plans also exist for an over­sight pro­gram for inspec­tions in for­ward-deployed areas. 

“We will strive to imple­ment the mech­a­nisms nec­es­sary to pro­tect the intel­li­gence infor­ma­tion with­out revert­ing back to pre‑9/11 stovepipes,” Takai said. 

“The depart­ment con­tin­ues to work toward a resilient infor­ma­tion-shar­ing envi­ron­ment,” she added, “that is secured through both tech­no­log­i­cal solu­tions and com­pre­hen­sive policies.” 

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →