Breach, TDR

WikiLeaks-prompted assessments due this month

January 6, 2011
Federal departments and agencies that handle classified data are required by Jan. 28 to complete an assessment of the safety measures they have in place to protect national security information, an effort prompted by the release of confidential U.S. documents by whistleblower site WikiLeaks.

The Office of Management and Budget in late November directed departments and agencies to establish assessment teams, made up of counterintelligence, security and information assurance experts, to review their procedures for safeguarding classified national security information.

Agencies now have three more weeks to complete those assessments, according to a memo sent Monday by OMB director Jacob Lew to the heads of executive departments and agencies.

Agency assessment teams will receive assistance from the Information Security Oversight Office and the Office of the Director of National Intelligence. These offices will also evaluate agency compliance and conduct periodic on-site reviews.

Agencies were directed to assess what they have done or plan to do to address any vulnerabilities or weaknesses in their systems.

Assessments also should include any plans for changes and upgrades to all current and new classified networks, systems, application, databases, websites and online collaboration environments, according to the memo. In addition, agencies must assess their security, counterintelligence and information assurance policies, as well as regulatory documents that they have developed.

“The recent irresponsible disclosure by WikiLeaks has resulted in significant damage to our national security,” Lew wrote in a November memo to agencies and departments. “Any failure by agencies to safeguard classified information pursuant to relevant laws … is unacceptable and will not be tolerated.”

Meanwhile, the WikiLeaks exposure also has prompted a review of security procedures at the U.S. State Department.

prestitial ad