|
|
|
|
|
On August 12, 2010, immediately following the first release of documents, the Secretary of Defense commissioned two internal DoD studies. The first study, led by the Under Secretary of Defense for Intelligence (USD(I)), directed a review of DoD information security policy. The second study, led by the Joint Staff, focused on procedures for handling classified information in forward deployed areas. The Secretary also tasked the Director of the Defense Intelligence Agency to stand up an Information Review Task Force to assess, in concert with interagency participants, the substance of the data disclosed.
Results of the two studies revealed a number of findings, including the following:
Forward deployed units maintained an over-reliance on removable electronic storage media.
Roles and responsibilities for detecting and dealing with an insider threat must be better defined.
Processes for reporting security incidents need improvement.
Limited capability currently exists to detect and monitor anomalous behavior on classified computer networks.
Once the studies were concluded and the results reported to the Secretary, the Department began working to address the findings and improve its overall security posture to mitigate the possibility of another similar type of disclosure. Some of this work was already planned or underway. For other findings, like the issue of removable media, new initiatives had to be immediately implemented. |
| |
Name(s:) |
Teresa Takai, Thomas Ferguson |
| |
Title: |
Chief Information Officer and Acting Assistant Secretary of Defense for Networks and Information Integration, Principal Deputy Under Secretary of Defense for Intelligence |
| |
Agency(ies): |
Department of Defense |
|
Url: |
Url Link
|
|
|
DEPARTMENT OF DEFENSE (DoD) INITIATIVES
On August 12, 2010, Defense Secretary Robert Gates commissioned two reviews to determine what policy, procedural and/or technological shortfalls contributed to the unauthorized disclosure to the Wikileaks website. He specifically directed an assessment to determine if the DoD had appropriately balanced restrictions associated with information security and the need to provide our front-line personnel with the information needed to accomplish their assigned missions.
As a result of these two reviews, a number of findings and recommendations are in the process of being assessed and implemented, including the following:
--Disabling and controlling use of removable storage media on DoD classified networks to prevent download from classified networks.
--Developing procedures to monitor and detect suspicious, unusual or anomalous user behavior (similar to procedures now being implemented by credit card companies to detect and monitor fraud).
--Conducting security oversight inspections in all Combatant Commands.
--Undertaking vulnerability assessments of DoD networks.
--Improving awareness and compliance with information protection procedures. Specific examples being undertaken at the Combatant Command level include:
--Increased 'insider threat' training focusing on awareness of associated activity.
--Multi-discipline training between traditional security, law enforcement and information assurance at all echelons.
--The establishment of 'Insider Threat Working Groups' to address the Wikileaks incident and prevent reoccurrence.
--Component-determined restricted access to the Wikileaks site to prevent further dissemination or downloading of classified information to unclassified DoD networks.
--Restating of policy to all personnel regarding restrictions on downloading to government systems and cautionary advice regarding personal IT systems.
Individual DoD components are taking additional action as relevant and appropriate, ranging from random physical inspections to enabling new security features on networks. Leadership reinforcement of workforce responsibilities and new initiatives to safeguard information are key components of DoD's mitigation efforts. Department-wide, the Pentagon is accelerating its publication of policy issuances related to the information security program as well as focusing increased attention on detecting potential insider threats. |
| |
Agency(ies): |
White House |
|
Url: |
Url Link
|
|
Archive: |
Archive Link
http://archive.is/WJ4io |
|
Title: |
Ms. Teresa Takai, Chief Information Officer and Acting Assistant Secretary of Defense for Networks and Information Integration and Mr. Thomas Ferguson, Principal Deputy Under Secretary of Defense for Intelligence |
|
Authoring or Creator Agency: |
Department of Defense |
|
|
Title: |
FACT SHEET: U.S. Government Mitigation Efforts in Light of the Recent Unlawful Disclosure of Classified Information |
|
Authoring or Creator Agency: |
Office of the Press Secretary, White House |
|
|
|
Archive Link |
|
