WikiLeaks episode demonstrates insider security threat

monitor unusual data access or usage. The department also claims to be accelerating HBSS deployment to the rest of its SIPRNet systems.

Scientific American notes that the Defense Department’s HBSS includes a firewall, a network intrusion prevention system, antivirus software, and other security components designed to monitor, detect and counter known cyber threats to the department’s information technology systems. The HBSS is also said to have a device control module designed to restrict system access to peripheral devices such as thumb drives, compact discs and other removable storage.

U.S. Army Private First Class Bradley Manning was arrested in May on suspicion that he sent to WikiLeaks a video depicting a U.S. military helicopter killing a group of people in Iraq (including two journalists). Manning, in custody at the Quantico Marine base in Virginia, is now also suspected to be the source of the embassy cables that WikiLeaks has been publishing over the past several days. Manning, an intelligence analyst once stationed at Forward Operating Base Hammer near Baghdad, had clearance to access SIPRNet and reportedly removed the documents by compressing them and copying them to CDs.

Despite speculation that Manning is responsible for the leaks, there has been no official explanation of how the official documents were accessed and released. Until it becomes clear how this was done, any claim that HBSS would have prevented or limited access to sensitive material or could identify the culprit is premature, says Amit Yoran, former director of the U.S. Computer Emergency Readiness Team (US-CERT) and National Cyber Security Division of DHS. “I’m unconvinced at this point that HBSS answers the mail on that question,” he adds.

To prevent authorized insiders such as Manning from stealing information, many classified networks have historically relied on strong access controls and encryption, says Yoran, currently a member of President Obama’s CSIS Commission on Cyber Security and CEO of network security firm NetWitness Corp. These networks typically can be accessed via a computer terminal located within a secure facility and only by workers who have gone through an extensive background investigation and clearance process.

“However, once you have access to these classified systems and are inside their tough perimeter, they have historically been very trusting,” Yoran says. “And when you have a trusted insider who is interested in causing harm or inappropriately accessing and divulging information, that sort of architecture with strong perimeters is quite flawed.”

Government, and for that matter corporate (reports have WikiLeaks supposedly targeting banks next), reliance on digital environments makes it easier for insiders to inflict the kind of damage that the State and Defense departments are dealing with now. “You don’t have to carry reams of paper and boxes outside a facility,” Yoran says (a reference to former RAND analyst Daniel Ellsberg’s efforts to publish the Pentagon Papers). “There is a need to revamp how we do security in the digital age and to be able to provide the same level of assurance and even higher levels of assurance with digital information as has been provided in the analog world.”