President Barack Obama issued an executive order today that strengthens the government’s information and computer security policies and practices to prevent breaches such as the 2010 WikiLeaks episode.
The order follows an interagency committee review of existing policies and practices following WikiLeaks’ unlawful disclosure of classified information last summer, White House officials said.
The WikiLeaks.org group posted more than 90,000 documents, many of which detailed classified and sensitive field reports regarding military operations.
Obama’s executive order cites efforts already taken to reduce the risk of future security breaches while providing a framework for enhancing national security through responsible sharing and safeguarding of classified information.
“The strategic imperative of our efforts has been to ensure that we provide adequate protections to our classified information while at the same time sharing the information with all who reasonably need it to do their jobs,” officials said.
The emphasis, they explained, is on balancing the requirements of responsible information sharing with safeguarding imperatives, while ensuring consistency across government and respecting the American people’s privacy, civil rights and civil liberties.
The executive order assigns agencies the primary responsibility for sharing and safeguarding classified information, consistent with appropriate protections for privacy and civil liberties.
Federal agencies that use classified networks are required to:
- Designate a senior official to oversee the agency’s classified information sharing and safeguarding;
- Implement a program to detect and prevent insider threats; and
- Conduct self-assessments of policy and standard compliance.
The executive order establishes several new bodies to develop, oversee and enforce these new security reforms.
A senior information sharing and safeguarding steering committee formally established today will coordinate interagency efforts and ensure that the federal departments and agencies are held accountable. In addition, a new classified information sharing and safeguarding office will provide a sustained, full-time focus on sharing and safeguarding classified national security information. The office also will help to ensure consistent policies and standards and strive to identify the next potential problem.
Meanwhile, senior representatives both at the Defense Department and National Security Agency will act together as the executive agent for safeguarding classified information on computer networks. As part of this joint mission, they will develop technical safeguarding polices and standards and assess compliance.
Also, Attorney General Eric H. Holder Jr. and Director of National Intelligence James R. Clapper Jr. are forming a task force to develop a program to detect and prevent insider threats and reduce potential vulnerabilities throughout the government that will integrate specialized abilities, tools and techniques to deter, detect and disrupt the insider threat, officials said.
White House officials noted measures already taken within the Defense Department and other federal agencies to safeguard classified information and networks.
All have made significant progress in clarifying and standardizing polices, processes and technical controls regarding removable media, officials said, limiting the numbers of users with removable media permissions and strengthening accountability for violations.
In addition, owners and operators of classified systems continue to strengthen verification procedures to log on to classified systems and the tracking of what information users access, officials added, noting that more robust access control systems are being implemented to ensure individual users’ information access is commensurate with their assigned roles.
Meanwhile, high priority is being placed on enhancing the auditing capabilities across U.S. government classified networks. Planning is now under way to define policy and develop standards for collecting and sharing of audit and insider threat data, officials said.
Douglas B. Wilson, assistant secretary of defense for public affairs, noted this spring that the WikiLeaks episode underscores the need for laws and policies that address the unintended consequences of “technology at the intersection of national security.”
“Classified information is classified information, and releasing that information is illegal,” Wilson said during an April 17 interview with Vago Muradian on “This Week in Defense News.”
“But I think that we have a lot to do in government to understand that we need to be focusing much more on policy and much more on the laws that we need to think about to address what have been very unintended consequences of technological advance,” he said.
Even as social media revolutionizes information-sharing, the Defense Department’s communication strategy boils down to the responsibility of being transparent and timely without jeopardizing the safety and privacy of service members and their families, Wilson said.
“How do you deal with the press and public openly, credibly, in a timely manner and honestly?” Wilson asked. “How do you provide facts and the truth, by the same token understanding that we’re responsible for our men and women in uniform who are in harm’s way in many places? How do you make sure that there [are] not unintended consequences of information which can put them further in harm’s way and affect their safety and the privacy of their families?
“Those are the issues that frame everything that we do,” Wilson said.