DOD’s New Anti-Leak Plan: Turn Michael Vickers into a Blogger
DOD just rolled out its new plan to combat national security leaks. (h/t Jason Leopold) At its core is a “top-down” approach: to have the Under Secretary for Defense of Intelligence, Mike Vickers, to review all major reporting to look for leaks.
To ensure greater accountability and tracking of unauthorized disclosures, Secretary Panetta is directing a new “top down” approach as well. The Undersecretary of Defense for Intelligence, in consultation with the Assistant Secretary for Public Affairs, will monitor all major, national level media reporting for unauthorized disclosures of defense department classified information.
One one level this seems like a good idea. I mean, I’m a blogger, and I usually have a better idea of who’s leaking than the people overseeing Executive Branch agencies. But hey, I don’t want to shortchange journalists; Walter Pincus performs a nice bit of leak debunkery with this piece, for example.
But there does seem to be one problem with the plan to have Mike Vickers watch for any security breaches. Doesn’t he have a day job? Isn’t he supposed to be watching the Taliban and China and cyberattacks? Have we gotten so paranoid that one of our top intelligence people is going to spend his time watching journalists than watching our military enemies?
On another issue, though, DOD is to be congratulated. Today’s release also revealed that, within the last few months, it has put in place the no-brainer security fixes that it promised in response to the WikiLeaks breach.
Lockdown of removable storage device use on the Defense Secure Network (SIPRNET). The department has deployed a host-based security system (HBSS) tool to virtually monitor every defense department computer. HBSS prevents the downloading of information onto removable storage like DVDs, CDs, and memory sticks, with very limited exceptions. The tool also sends an alarm any time someone tries to write classified information to such removable storage. For authorized exceptions, the tool audits any downloads of information.
Improved monitoring of DoD networks. The department issued a cyber identity credential (Public Key Infrastructure certificate) to every person operating on the department unclassified network. That process is underway for the classified network as well. Department personnel are working with other federal departments and agencies to help them issue the same cyber identity credential to all employees who need to access any of the government’s secret networks.
Improving the auditing of information accesses so as to spot anomalous behavior. Department information officers are assessing the use of HBSS and other tools to collect and centralize data about information accesses to more quickly improve detection of malicious insiders.
Though of course, DOD promised to impose some controls on removable media in 2008, when someone introduced malware into DOD’s networks via a thumb drive. So after 4 years, DOD should be congratulated for finally closing the Lady Gaga security hole.
On leaks, I suspect it is high level people most of the time and that won’t stop. Besides, when low level people do it, don’t they get prosecuted?
Marcy, have you seen this treasure trove…?
Intelligence: Declassified Documents Provide New Detail on Confronting the Terrorist Threat – from al-Qaeda to Skinheads
These materials are reproduced from http://www.nsarchive.org with the permission of the National Security Archive
National Security Archive Electronic Briefing Book No. 386 Posted – July 19, 2012
Edited by Jeffrey T. Richelson
@CTuttle some of that material was released years ago, notably the FBI report on the Phoenix Memo and the bureau’s role in interrogations.
Oh, lookee here, Bandar Bush is back!
Improved monitoring of DoD networks?
Does this include logging of the data queries made by each user so that a compendium of evidence can be used to track inappropriate use? Like say queries against bloggers and suspected whistleblowers and personal vendettas?
The brave info warriors of the Military Industrial Complex already monitor every national security reporter, and every website not controlled by neo-cons. They read every article, they get every bit of personal information they can, and they use it. They follow every reporter closely. The Collateral Murder video, released by Wikileaks, suggests they even assassinate reporters, if convenient for the Assassins of the Pentagon.
As for Sirpnet, it is a delusion to think it can ever be “secure”. Sirpnet has millions of users, including non-Americans. Any computer network, using Microsoft products, or even open source, cannot guarantee that classified information is protected. The whole point of a computer network is openness and freedom of information.
spiffing up dod intelligence security in time for the bradley manning show trial.
By all means. Let’s formalize a practice that any competent War Department and its related agencies would already be engaged in: combing the official press – MSM, bloggers, alternative media – for items that comment on its toing and froing. Not only might such a War Department conclude that news stories contain information that must have leaked from its innards, it might well persuade the media to ask it before publishing “contentious” stories, to report true whistleblowers, to not publish their allegations of crime, corruption and official wrongdoing, and to continue reporting official leakers anonymous claims to be promoting truth, justice and the American way.