Incident Response, Network Security, TDR

WikiLeaks prompts U.S. government to assess security

Story updated on Tuesday, Dec. 7 at 3:49 p.m. EST

The federal government is moving quickly to deploy new security measures in light of the leak of classified U.S. documents by whistleblower site WikiLeaks.

The White House announced Wednesday that Secretary of State Hillary Clinton has called for a review of security procedures at the State Department, from which the hundreds of thousands of secret cables were leaked. So far, WikiLeaks has only published 960.

"This review has already reaffirmed the department's policy of deploying 'thin client' (stripped-down) computer units without removable media options and limiting the ability to download material from classified terminals to only approved and controlled circumstances," the White House release said. "The department will also deploy an automated tool that will continuously monitor the classified network to detect anomalies that would not be readily apparent. This capability will be backed up by a professional staff who will promptly analyze these anomalies to ensure that they do not represent threats to the system."

The agency also may mandate additional training for end-users, beyond the annual requirement.

The Department of Defense (DoD), meanwhile, continues its security assessment following the July release of 90,000 war documents concerning Afghanistan.

Defense Secretary Robert Gates, on Aug. 12, authorized two reviews examining how the disclosure happened.

The agency is working toward managing the use of removable storage devices on classified networks, deploying procedures to track suspicious user behavior, conducting vulnerability assessments and increasing user training.

In addition, National Security Adviser Tom Donilon has appointed Russell Travers to act as the senior adviser for information access and security policy.

He will be charged with advising the President Obama's national security staff on suggestions to protect confidential information. Also, he will facilitate conversations among government departments regarding technology and policy changes that may be needed.

Experts predict similar security assessments are coming within the private sector, particularly upon news by WikiLeaks founder Julian Assange that the organization is sitting on a trove of private documents belonging to a major U.S. bank that will expose major corruption.

Rich Mogull, founder of Securosis, a security advisory firm, predicts that a number of organizations likely will panic as a result of the leaks, which in some cases may lead to positive changes.

He likened the WikiLeaks insider exposure to the problem of the advanced persistent threat. In that case, external attackers, using sophisticated malware, seek access to internal documents of similar size.

Technologies offering user and file activity monitoring may be best equipped to handle the leakage threat, Mogull told on Wednesday.

" [But] you can never stop this stuff completely," he said. "People need access to information to do their jobs. There's a lot of ways for them to get that information out. If someone is really determined to get that stuff out the door, they will."

The White House maintained in its release that restricting access of data must be balanced with the need to share information.

Mogull offered up another example of why eliminating risk is not easy.

"Let's not underestimate the sheer volume of traffic and people [U.S. government has] to deal with," he said, adding that pundits who condemn the government for its apparent lack of suitable controls "don't understand working on networks of that scale."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.