Obama Establishes Insider Threat Task ForcePresidential Order Aims to Stop WikiLeaks-Style Disclosures
The presidential order comes more than 10 months after Army Pfc. Bradley Manning allegedly downloaded onto a disk a quarter-million sensitive and classified diplomatic cables and leaked the unredacted government reports to WikiLeaks, a group dedicated to publishing government secrets (see WikiLeaks: Stronger Access Management Needed).
The White House, in a statement accompanying the executive order, said its strategic importance is to ensure the government provides adequate protections to its classified information while at the same time sharing the information with all who reasonably need it to do their jobs.
Karen Evans, who served as the top IT executive in the Bush White House, said the executive order acknowledges a shift of thinking by the administration toward more risk-based and defense-in-depth approaches to securing data and data access from an antiquated model of perimeter security.
Besides establishing the Insider Threat Task Force, which will develop a government-wide program for insider threat detection and prevention, the executive order provides for:
- Agencies to bear the primary responsibility for sharing and safeguarding classified information, consistent with appropriate protections for privacy and civil liberties. Federal agencies that use classified networks will designate a senior official to oversee secured, classified information sharing; implement an insider threat detection and prevention program; and perform self assessments of compliance with policy and standards.
- A senior information sharing and safeguarding steering committee to have overall responsibility for fully coordinating interagency efforts and ensure that agencies are held accountable for implementing information sharing and safeguarding policy and standards.
- Establishing a classified Information Sharing and Safeguarding Office within the White House Office of Program Manager for the Information Sharing Environment to provide sustained, full-time focus on sharing and safeguarding of classified national security information. The office also will consult partners to ensure the consistency of policies and standards and seek to identify the next potential problem.
- Designating senior representatives of the Department of Defense and the National Security Agency to act jointly as the executive agent for safeguarding classified information on computer networks to develop technical safeguarding policies and standards and conduct assessments of compliance.
Eugene Spafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security, said the president's action was long overdue. "Why haven't they been doing this already?" asked Spafford, who has testified before Congress on IT security matters. "This is at least 10 years too late, if not 20."
Surviving Cyberwar author Richard Stiennon, a former Gartner IT security analyst, praised the executive order but sees it as long overdue and believes it should be followed by setting penalties for those who fail to prevent disclosures. "This is a first step in establishing responsibility; the next step is to establish those negative repercussions," he said .
And, Hord Tipton, the former CIO at the Interior Department, wasn't impressed with the executive order. "This is one of the most bureaucratic documents I have ever seen," said Tipton, executive director of (ISC)2, an IT security certification organization. "I have a problem understanding how more senior officials and steering committees writing more policies are going to solve anything? I didn't see anything emphasizing compliance on the policies that were violated that led to the problems. If they can't compel compliance with the existing policies, what makes anyone think the new ones will have any additional teeth?"
The White House emphasized that in the months leading to the executive order, the administration hasn't been idle. The Senior Information Sharing and Safeguarding Steering Committee formally established by the executive order began meeting informally in June to track steps taken across the government. Among other steps that government has taken to shore up protection of classified information, according to the statement:
- Limiting the numbers of users with removable media permissions and strengthened accountability for violations.
- Accelerating efforts to strengthen the online verification of individuals logging on to classified systems, and to be able to track what information is being accessed by these individuals by owners and operators of classified systems.
- Seeking leaders from various agencies to populate the Insider Threat Task Force, which will integrate specialized abilities, tools and techniques to more effectively deter, detect, and disrupt the insider threat.
- Implementing more robust access control systems by agencies to enforce role-based access privileges that serve to ensure that an individual user's information access is commensurate with his/her assigned role.
- Enhancing auditing capabilities across the government classified networks, with plans underway to define the policy and develop standards for the collection and sharing of audit and insider threat data.
According to the White House, the principles guiding the review of the new order included reinforcing the importance of responsible information sharing and not undoing all of the significant and important progress made in interagency information sharing since the 9/11 attacks.
In addition, the administration said it sought to ensure that policies, processes, technical security solutions, oversight and organizational cultures evolve to match its information sharing and safeguarding requirements. The administration, in developing the executive order, also said it sought to respect privacy and civil rights and emphasize that effective and consistent guidance and implementation must be coordinated across the entire government. "We are only as strong as our weakest link and this is a shared risk with shared responsibility," the White House statement said.