The WikiLeaks CIA release: When will we learn?

a fair and aboveboard player on the international stage. It also also reduces American officials’ credibility when they object to other countries’ electronic activities.

Leaks like this reveal America’s methods to the world, providing plenty of direction for adversaries who want to replicate what government agents do – or even potentially launch attacks that appear to come from American agencies to conceal their own involvement or deflect attribution.

But perhaps the most disturbing message the WikiLeaks disclosure represents is in the leak itself: It’s another high-profile, high-volume breach of information from a major U.S. government agency – and at least the third significant one from the secretive intelligence community.

Perhaps the largest U.S. government data loss incident was the 2014 Office of Personnel Management breach that affected more than 20 million current and former federal workers and their families (including this article’s authors). But the United States has never truly secured its digital data against cyberattackers. In the 1990s there was Moonlight Maze; in the 2000s there was Titan Rain. And that’s just for starters.

Our government needs to focus more on the mundane tasks of cyberdefense. Keeping others out of key systems is crucial to American national security, and to the proper function of our government, military and civilian systems.

Achieving this is no easy task. In the wake of this latest WikiLeaks release, it’s certain that the CIA and other agencies will further step up their insider-threat protections and other defenses. But part of the problem is the amount of data the country is trying to keep secret in the first place.

We recommend the federal government review its classification policies to determine, frankly, if too much information is needlessly declared secret. Reportedly, as many as 4.2 million people – federal employees and contractors – have security clearances. If so many people need or are given access to handle classified material, is there just too much of it to begin with? In any case, the information our government declares secret is available to a very large group of people.

If the United States is going to be successful at securing its crucial government information, it must do a better job managing the volume of information generated and controlling access to it, both authorized and otherwise. Granted, neither is an easy task. However, absent fundamental changes that fix the proverbial cult of classification, there likely will be many more WikiLeaks-type disclosures in the future.

Richard Forno is Senior Lecturer, Cybersecurity & Internet Researcher, University of Maryland, Baltimore County. Anupam Joshi is Oros Family Professor and Chair, Department of Computer Science & Electrical Engineering, University of Maryland, Baltimore County. This article is published courtesy of The Conversation (under Creative Commons-Attribution / No derivative).