The ongoing WikiLeaks exposé not only circulated hundreds of thousands of secretive government documents, it has also swiftly prompted changes to the system designed to share access to them. On Tuesday, the U.S. State Department cut off a military computer network's access to its files, dramatically curtailing data sharing intended to help thwart future disasters like the September 11 terrorist attacks.
In response to the leaks, the State Department announced it would cut access to its database of embassy cables via the U.S. Defense Department's Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s to globally transmit material up to and including "secret," the government's second-highest level of classified information. "Top secret" information may be shared electronically via the Joint Worldwide Intelligence Communications System (JWICS), another group of interconnected computer networks used by Defense and State to securely transmit classified information.
"We have temporarily severed the connection between this database and one classified network," department spokesman Philip Crowley said Tuesday during a press briefing. "Steps are being made to correct weaknesses in the system that have become evident because of this leak." Whereas diplomats and other officials generally have had access to State Department cables, Crowley added that the department has "temporarily narrowed" access to these documents.
After the September 11 attacks, SIPRNet was expanded to help U.S. agencies share classified information more easily, with virtually all embassies and consulates on the system. A 1993 GAO report estimated more than 3 million U.S. military and civilian personnel had the clearance to access SIPRNet, although it remains unclear as to how many people now actually have roles that allow them to do so. The hope was to spur communication of the kind of vital clues that might have prevented that catastrophe. These links, ironically, probably helped WikiLeaks's informant get access to confidential diplomatic messages.
The Defense Department claims to be enhancing its security in the wake of the WikiLeaks fiasco, implementing two-person handling rules for moving data from classified to unclassified systems and establishing "insider threat" working groups to prevent further leaks. The Pentagon says it is using the methods credit card companies use to detect suspicious or anomalous behavior and that 60 percent of its SIPRNet is now equipped with a host-based security system (HBSS) that can monitor unusual data access or usage. The department also claims to be accelerating HBSS deployment to the rest of its SIPRNet systems.
The Defense Department's HBSS includes a firewall, a network intrusion prevention system, antivirus software and other security components designed to monitor, detect and counter known cyber threats to the department's information technology systems. The HBSS is also said to have a device control module designed to restrict system access to peripheral devices such as thumb drives, compact discs and other removable storage.
U.S. Army Private First Class Bradley Manning was arrested in May on suspicion that he sent to WikiLeaks a video depicting a U.S. military helicopter killing a group of people in Iraq (including two journalists). Manning, in custody at the Quantico Marine base in Virginia, is now also suspected to be the source of the embassy cables that WikiLeaks has been publishing over the past several days. Manning, an intelligence analyst once stationed at Forward Operating Base Hammer near Baghdad, had clearance to access SIPRNet and reportedly removed the documents by compressing them and copying them to CDs.
Despite speculation that Manning is responsible for the leaks, there has been no official explanation of how the official documents were accessed and released. Until it becomes clear how this was done, any claim that HBSS would have prevented or limited access to sensitive material or could identify the culprit is premature, says Amit Yoran, former director of the U.S. Computer Emergency Readiness Team (US-CERT) and National Cyber Security Division of the Department of Homeland Security. "I'm unconvinced at this point that HBSS answers the mail on that question," he adds.
To prevent authorized insiders such as Manning from stealing information, many classified networks have historically relied on strong access controls and encryption, says Yoran, currently a member of President Obama's CSIS Commission on Cyber Security and CEO of network security firm NetWitness Corp. These networks typically can be accessed via a computer terminal located within a secure facility and only by workers who have gone through an extensive background investigation and clearance process.
"However, once you have access to these classified systems and are inside their tough perimeter, they have historically been very trusting," Yoran says. "And when you have a trusted insider who is interested in causing harm or inappropriately accessing and divulging information, that sort of architecture with strong perimeters is quite flawed."
Government, and for that matter corporate (reports have WikiLeaks supposedly targeting banks next), reliance on digital environments makes it easier for insiders to inflict the kind of damage that the State and Defense departments are dealing with now. "You don't have to carry reams of paper and boxes outside a facility," Yoran says (a reference to former RAND analyst Daniel Ellsberg's efforts to publish the Pentagon Papers). "There is a need to revamp how we do security in the digital age and to be able to provide the same level of assurance and even higher levels of assurance with digital information as has been provided in the analog world."