DOD Take Steps to Secure Classified Data

WASHINGTON, March 11, 2011 — The Defense Depart­ment has tak­en steps to pre­vent anoth­er mas­sive leak of its clas­si­fied infor­ma­tion, a senior offi­cial told a Sen­ate com­mit­tee yes­ter­day.
Thou­sands of clas­si­fied mil­i­tary doc­u­ments were leaked and dis­trib­uted into the Internet’s pub­lic forum last sum­mer, prompt­ing an imme­di­ate inves­ti­ga­tion from the top down.

Offi­cials since have sin­gled out the weak­est link in the department’s secu­ri­ty chain, and began a checks-and-bal­ances sys­tem to stem the flood of the crit­i­cal defense data, Tere­sa M. Takai, chief infor­ma­tion offi­cer and act­ing assis­tant sec­re­tary of defense for net­works and infor­ma­tion inte­gra­tion, told the Sen­ate Home­land Secu­ri­ty and Gov­ern­ment Affairs Com­mit­tee yesterday. 

“The depart­ment imme­di­ate­ly began work­ing to address the find­ings and improve its over­all secu­ri­ty pos­ture to mit­i­gate the pos­si­bil­i­ty of anoth­er sim­i­lar type of dis­clo­sure,” she said. 

Takai told Sen­ate mem­bers that Defense Sec­re­tary Robert M. Gates imme­di­ate­ly called for two inter­nal stud­ies to review the department’s infor­ma­tion secu­ri­ty pol­i­cy and to unveil how clas­si­fied infor­ma­tion is han­dled in for­ward-deployed areas. The results showed that for­ward-deployed units had an “over-reliance” on using remov­able elec­tron­ic stor­age media, Takai said. 

Respon­si­bil­i­ties need­ed to be bet­ter defined to detect and han­dle insid­er threats, she said, and meth­ods to mon­i­tor user behav­ior on clas­si­fied com­put­er net­works were lim­it­ed. To get con­trol of the vul­ner­a­bil­i­ties, the depart­ment has dis­abled the abil­i­ty to copy data from near­ly 90 per­cent of its clas­si­fied com­put­ers, Takai said. The rest of the clas­si­fied com­put­ers were left intact to write remov­able media for oper­a­tional rea­sons, she explained, but only under strict controls. 

Takai told the com­mit­tee that more work is com­ing to pre­vent stolen data, and a project is under way with the Office of the Nation­al Coun­ter­in­tel­li­gence Exec­u­tive to add an infor­ma­tion tech­nol­o­gy insid­er detec­tion capa­bil­i­ty and insid­er threat program. 

The Defense Depart­ment is work­ing on a Web-enabled infor­ma­tion secu­ri­ty train­ing to accom­pa­ny the department’s manda­to­ry annu­al infor­ma­tion assur­ance train­ing, she said, and plans also exist for an over­sight pro­gram for inspec­tions in for­ward-deployed areas. 

“We will strive to imple­ment the mech­a­nisms nec­es­sary to pro­tect the intel­li­gence infor­ma­tion with­out revert­ing back to pre‑9/11 stovepipes,” Takai said. 

“The depart­ment con­tin­ues to work toward a resilient infor­ma­tion-shar­ing envi­ron­ment,” she added, “that is secured through both tech­no­log­i­cal solu­tions and com­pre­hen­sive policies.” 

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter