White House order tackles insider threat post-WikiLeaksexecutive order to implement structural changes within government in an effort to better safeguard classified information and networks from insider threats and reduce the risk of future breaches.
The order follows a seven-month, government-wide review of policies and procedures surrounding the handling of classified information, prompted by the leak of classified U.S. documents by whistleblower site WikiLeaks.
The order states that individual government agencies “bear the primary responsibility” for ensuring that classified information is safeguarded and shared appropriately. Agencies that use classified networks must implement an insider threat detection and prevention program, designate a senior official to oversee information-sharing protections and perform self-assessments of compliance with standards.
Senior representatives within the Department of Defense and the National Security Agency will be responsible for developing technical policies and standards to protect classified information within national security systems, and will also conduct assessments of agency compliance.
Rich Mogull, founder of Securosis, a security advisory firm, told SCMagazineUS.com in an email Friday that the executive order “appears to carefully balance the needs of continued information sharing with that of increased security.”
The WikiLeaks exposures were essentially the result of one agency, the Department of Defense, leaking data shared by another agency, the Department of State, he said.
“The normal reaction is to return to pre-9-11 silos, but assuming agencies are following these orders, they will maintain cooperation while still addressing insider threats,” Mogull said.
The White House also highlighted several steps already underway across the federal government to better protect classified information following the initial WikiLeaks exposures last November. Specifically, departments and agencies have taken efforts to strengthen online identity management, limited the number of users with removable media permissions, and begun implementing better access control systems.
“These are tough problems, and implementation is everything, but on paper it's the right direction,” Mogull said.
In addition to these immediate actions, the executive directive also creates a task force to develop a government-wide program to detect and prevent insider threats, and reduce vulnerabilities through which secret data can be compromised.
Moreover, a new government committee, called the Senior Information Sharing and Safeguarding Steering Committee, will be responsible for submitting a report within 90 days, and then at least annually thereafter, documenting government successes and failures in protecting classified information.
Finally, a new office, called the Classified Information Sharing and Safeguarding Office, will provide full-time support for the protection of classified data, and will advise and consult the new steering committee, insider threat task force and other agencies and departments.