Pentagon revamps security in wake of Wikileaks
port use to CD/DVD drives by Central Command (CENTCOM). Drives are disabled as a default, requiring an exception signed by a senior commander or supervisor (O-6 or GS-15).
Asides from undertaking vulnerability assessments and improving awareness and compliance with information protection procedures, CENTCOM has also increased “insider threat” training focusing on awareness of associated activity, initiated multi-discipline training between traditional security, law enforcement, and information assurance at all echelons, established Insider Threat Working Groups to address the Wikileaks incident and prevent reoccurrences, restricted access to the Wikileaks site to prevent further dissemination, and informed all personnel of restrictions on downloading to
government systems.
Lt. Col. OSD PA, April D. Cunningham told the NewsWire, “Our focus is on monitoring the way our information is accessed and on controlling the use of external media through a suite of security capabilities that DoD has already fielded on our unclassified networks and is rapidly fielding on the Secret
Internet Protocol Router Network (SIPR).”
DoD organizations were directed to limit number of systems authorized to move data from classified to unclassified systems (similar to a KIOSK concept, where it is necessary to meet at a central, supervised location to conduct this activity). There are also two-person handling rules for moving data from classified to unclassified systems to ensure proper oversight and reduce chances of unauthorized release of classified material. Procedures to monitor and detect suspicious, unusual, or anomalous user behavior (similar to procedures now being implemented by credit card companies to detect and monitor fraud) have also been developed. Sixty percent of DoD’s SIPR-net is now equipped with HBSS (Host-Based Security System) — an automated way of controlling the computer system with, a capability of monitoring unusual data access or usage. DoD is accelerating HBSS deployment to its SIPR-net systems.
When asked why news outlets such as the U.K.’s Guardian have persisted in labeling Bradley Manning, former U.S. intelligence analyst, as the “suspected” leaker of diplomatic cables, Major Perrine responded: “PFC Bradley Manning is considered a person of interest regarding the leaked diplomatic cables. He is in pre-trial confinement for charges stemming from previously leaked documents. He was charged on July 5 with four specifications under Article 92 of the Uniform Code of Military Justice for violating Army Regulation 25-2 (Information Assurance Policy), and eight specifications under Article 134 for violating federal statutes related to the receipt of classified information (18 U.S.C. 793) and wrongful access of a government computer (18 U.S.C. 1030).”